0.0
CVE-2025-39548 - WordPress Right Click Disable OR Ban plugin <= 1.1.17 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Right Click Disable OR Ban right-click-disable-or-ban allows Stored XSS.This issue affects Right Click Disable OR Ban: from n/a through <= 1.1.17.
0.0
CVE-2025-39549 - WordPress Most And Least Read Posts Widget plugin <= 2.5.20 - Cross Site Scripting (XSS) Vulnerabilβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in whiletrue Most And Least Read Posts Widget most-and-least-read-posts-widget allows Stored XSS.This issue affects Most And Least Read Posts Widget: from n/a through <= 2.5.20.
0.0
CVE-2025-39552 - WordPress Zephyr Project Manager plugin <= 3.3.200 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Dylan James Zephyr Project Manager zephyr-project-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zephyr Project Manager: from n/a through <= 3.3.200.
0.0
CVE-2025-39555 - WordPress Church Admin plugin <= 5.0.23 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in andy_moyle Church Admin church-admin allows Stored XSS.This issue affects Church Admin: from n/a through <= 5.0.23.
0.0
CVE-2025-39556 - WordPress Mediavine Control Panel plugin <= 2.10.6 - Sensitive Data Exposure vulnerability
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in mediavine Mediavine Control Panel mediavine-control-panel allows Retrieve Embedded Sensitive Data.This issue affects Mediavine Control Panel: from n/a through <= 2.10.6.
0.0
CVE-2025-39557 - WordPress Kadence WooCommerce Email Designer plugin <= 1.5.14 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in StellarWP Kadence WooCommerce Email Designer kadence-woocommerce-email-designer allows Upload a Web Shell to a Web Server.This issue affects Kadence WooCommerce Email Designer: from n/a through <= 1.5.14.
0.0
CVE-2025-39560 - WordPress Live Forms plugin <= 4.8.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in Shahjada Live Forms liveforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live Forms: from n/a through <= 4.8.4.
0.0
CVE-2025-39563 - WordPress Conditional Payments for WooCommerce plugin <= 3.3.0 - Cross Site Request Forgery (CSRF) β¦
Cross-Site Request Forgery (CSRF) vulnerability in WP Trio Conditional Payments for WooCommerce conditional-payments-for-woocommerce allows Cross Site Request Forgery.This issue affects Conditional Payments for WooCommerce: from n/a through <= 3.3.0.
0.0
CVE-2025-39564 - WordPress Conditional Shipping for WooCommerce plugin <= 3.4.0 - Cross Site Request Forgery (CSRF) β¦
Cross-Site Request Forgery (CSRF) vulnerability in WP Trio Conditional Shipping for WooCommerce conditional-shipping-for-woocommerce allows Cross Site Request Forgery.This issue affects Conditional Shipping for WooCommerce: from n/a through <= 3.4.0.
7.2
CVE-2025-39565 - WordPress MelaPress Login Security plugin <= 2.1.0 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in Melapress MelaPress Login Security melapress-login-security allows Object Injection.This issue affects MelaPress Login Security: from n/a through <= 2.1.0.