5.3
CVE-2025-31630 - WordPress The Business theme <= 1.6.1 - Broken Access Control Vulnerability
Missing Authorization vulnerability in themeton The Business nrgbusiness allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Business: from n/a through <= 1.6.1.
8.5
CVE-2025-31637 - WordPress SHOUT plugin <= 3.5.3 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup SHOUT lbg-audio8-html5-radio_ads allows SQL Injection.This issue affects SHOUT: from n/a through <= 3.5.3.
4.3
CVE-2025-31639 - WordPress Spare theme <= 1.7 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in themeton Spare spare allows Cross Site Request Forgery.This issue affects Spare: from n/a through <= 1.7.
8.5
CVE-2025-31640 - WordPress Magic Responsive Slider and Carousel WordPress plugin < 1.6 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Magic Responsive Slider and Carousel WordPress magic-carousel allows SQL Injection.This issue affects Magic Responsive Slider and Carousel WordPress: from n/a through < 1.6.
8.5
CVE-2025-31641 - WordPress UberSlider plugin <= 2.3 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup UberSlider uber-classic allows SQL Injection.This issue affects UberSlider: from n/a through < 2.6.
5.4
CVE-2025-31915 - WordPress Pixel Form BuilderPlugin & Autoresponder plugin <= 1.0.3 - Cross Site Request Forgery (CSβ¦
Cross-Site Request Forgery (CSRF) vulnerability in kamleshyadav Pixel WordPress Form BuilderPlugin & Autoresponder pixel-formbuilder allows Cross Site Request Forgery.This issue affects Pixel WordPress Form BuilderPlugin & Autoresponder: from n/a through <= 1.0.3.
4.3
CVE-2025-31921 - WordPress WP Ultimate Tours Builder plugin <= 1.055 - Cross Site Request Forgery (CSRF) Vulnerabiliβ¦
Cross-Site Request Forgery (CSRF) vulnerability in loopus WP Ultimate Tours Builder WP_UltimateToursBuilder allows Cross Site Request Forgery.This issue affects WP Ultimate Tours Builder: from n/a through <= 1.055.
7.1
CVE-2025-31922 - WordPress CSS3 Accordions for WordPress plugin <= 3.0 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in QuanticaLabs CSS3 Accordions for WordPress css3_accordions allows Stored XSS.This issue affects CSS3 Accordions for WordPress: from n/a through <= 3.0.
5.4
CVE-2025-31923 - WordPress CSS3 Accordions for WordPress plugin <= 3.0 - Broken Access Control Vulnerability
Missing Authorization vulnerability in QuanticaLabs CSS3 Accordions for WordPress css3_accordions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CSS3 Accordions for WordPress: from n/a through <= 3.0.
8.5
CVE-2025-31926 - WordPress Sticky Radio Player plugin <= 3.4 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Sticky Radio Player lbg-audio5-html5-shoutcast_sticky allows SQL Injection.This issue affects Sticky Radio Player: from n/a through <= 3.4.