7.1
CVE-2025-47463 - WordPress Stock Locations for WooCommerce plugin <= 2.8.6 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Fahad Mahmood Stock Locations for WooCommerce stock-locations-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stock Locations for WooCommerce: from n/a through <= 2.8.6.
7.1
CVE-2025-47477 - WordPress Backup and Staging by WP Time Capsule plugin <= 1.22.23 - Reflected Cross Site Scripting β¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in revmakx Backup and Staging by WP Time Capsule wp-time-capsule allows Reflected XSS.This issue affects Backup and Staging by WP Time Capsule: from n/a through <= 1.22.23.
7.1
CVE-2025-47487 - WordPress MC Woocommerce Wishlist plugin <= 1.9.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Moreconvert Team MC Woocommerce Wishlist smart-wishlist-for-more-convert allows Reflected XSS.This issue affects MC Woocommerce Wishlist: from n/a through <= 1.9.1.
6.8
CVE-2025-47511 - WordPress Welcart e-Commerce plugin <= 2.11.13 - Arbitrary File Deletion Vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in info@welcart Welcart e-Commerce usc-e-shop allows Path Traversal.This issue affects Welcart e-Commerce: from n/a through <= 2.11.13.
7.1
CVE-2025-47527 - WordPress Icegram Collect β Easy Form, Lead Collection and Subscription plugin <= 1.3.18 - Broken Aβ¦
Missing Authorization vulnerability in Icegram Icegram Collect icegram-rainmaker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Icegram Collect: from n/a through <= 1.3.18.
8.8
CVE-2025-47561 - WordPress MapSVG plugin < 8.6.13 - Privilege Escalation Vulnerability
Incorrect Privilege Assignment vulnerability in RomanCode MapSVG mapsvg allows Privilege Escalation.This issue affects MapSVG: from n/a through < 8.6.13.
6.5
CVE-2025-47598 - WordPress History Log by click5 plugin <= 1.0.13 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in click5 History Log by click5 history-log-by-click5 allows Stored XSS.This issue affects History Log by click5: from n/a through <= 1.0.13.
9.3
CVE-2025-47608 - WordPress Recover abandoned cart for WooCommerce plugin <= 2.5 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in sonalsinha21 Recover abandoned cart for WooCommerce recover-wc-abandoned-cart allows SQL Injection.This issue affects Recover abandoned cart for WooCommerce: from n/a through <= 2.5.
8.5
CVE-2025-47651 - WordPress Infility Global plugin <= 2.15.06 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infility Infility Global infility-global allows SQL Injection.This issue affects Infility Global: from n/a through <= 2.15.06.
9.3
CVE-2025-48122 - WordPress Spreadsheet Price Changer for WooCommerce and WP E-commerce β Light plugin <= 2.4.37 - SQβ¦
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce β Light excel-like-price-change-for-woocommerce-and-wp-e-commerce-light allows SQL Injection.This issue affects Spreadβ¦