6.5
CVE-2025-49244 - WordPress Shortcodes Ultimate plugin <= 7.3.5 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vova Shortcodes Ultimate shortcodes-ultimate allows Stored XSS.This issue affects Shortcodes Ultimate: from n/a through <= 7.3.5.
6.5
CVE-2025-49243 - WordPress ShiftNav β Responsive Mobile Menu plugin <= 1.8 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sevenspark ShiftNav β Responsive Mobile Menu shiftnav-responsive-mobile-menu allows Stored XSS.This issue affects ShiftNav β Responsive Mobile Menu: from n/a through <= 1.8.
6.5
CVE-2025-49242 - WordPress Bellows Accordion Menu plugin <= 1.4.3 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sevenspark Bellows Accordion Menu bellows-accordion-menu allows Stored XSS.This issue affects Bellows Accordion Menu: from n/a through <= 1.4.3.
5.3
CVE-2025-49241 - WordPress oik plugin <= 4.15.1 - Broken Access Control Vulnerability
Missing Authorization vulnerability in bobbingwide oik oik allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects oik: from n/a through <= 4.15.1.
4.3
CVE-2025-49240 - WordPress DocsPress plugin <= 2.5.2 - Broken Access Control Vulnerability
Missing Authorization vulnerability in nK DocsPress docspress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DocsPress: from n/a through <= 2.5.2.
5.4
CVE-2025-49239 - WordPress Print Invoice & Delivery Notes for WooCommerce plugin <= 5.5.0 - Cross Site Request Forgeβ¦
Cross-Site Request Forgery (CSRF) vulnerability in tychesoftwares Print Invoice & Delivery Notes for WooCommerce woocommerce-delivery-notes allows Cross Site Request Forgery.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through <= 5.5.0.
4.3
CVE-2025-49238 - WordPress Everest Backup plugin <= 2.3.3 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in everestthemes Everest Backup everest-backup allows Cross Site Request Forgery.This issue affects Everest Backup: from n/a through <= 2.3.3.
7.4
CVE-2025-49237 - WordPress POEditor plugin <= 0.9.10 - CSRF to Arbitrary File Deletion vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in POEditor POEditor poeditor allows Path Traversal.This issue affects POEditor: from n/a through <= 0.9.10.
5.3
CVE-2025-49236 - WordPress Raychat plugin <= 2.1.0 - Broken Access Control Vulnerability
Missing Authorization vulnerability in raychat Raychat raychat allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Raychat: from n/a through <= 2.1.0.
6.5
CVE-2025-49235 - WordPress RTMKit Addons for Elementor plugin <= 1.6.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rometheme RTMKit rometheme-for-elementor allows Stored XSS.This issue affects RTMKit: from n/a through <= 1.6.0.