0.0
CVE-2025-39543 - WordPress Royal Elementor Addons plugin <= 1.3.977 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Stored XSS.This issue affects Royal Elementor Addons: from n/a through <= 1.3.977.
0.0
CVE-2025-39544 - WordPress WP Tools plugin <= 5.18 - CSRF to Arbitrary File Deletion vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in sminozzi WP Tools wptools allows Path Traversal.This issue affects WP Tools: from n/a through <= 5.18.
0.0
CVE-2025-39545 - WordPress REST API Authentication plugin <= 3.6.3 - Settings Change Vulnerability
Missing Authorization vulnerability in miniOrange WordPress REST API Authentication wp-rest-api-authentication allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress REST API Authentication: from n/a through <= 3.6.3.
0.0
CVE-2025-39546 - WordPress ElementsReady Addons for Elementor plugin <= 6.6.2 - Cross Site Request Forgery (CSRF) Vuβ¦
Cross-Site Request Forgery (CSRF) vulnerability in quomodosoft ElementsReady Addons for Elementor element-ready-lite allows Cross Site Request Forgery.This issue affects ElementsReady Addons for Elementor: from n/a through <= 6.6.2.
0.0
CVE-2025-39547 - WordPress Internal Link Optimiser plugin <= 5.1.3 - CSRF to XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Toast Plugins Internal Link Optimiser internal-link-finder allows Stored XSS.This issue affects Internal Link Optimiser: from n/a through <= 5.1.3.
0.0
CVE-2025-39548 - WordPress Right Click Disable OR Ban plugin <= 1.1.17 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Right Click Disable OR Ban right-click-disable-or-ban allows Stored XSS.This issue affects Right Click Disable OR Ban: from n/a through <= 1.1.17.
0.0
CVE-2025-39549 - WordPress Most And Least Read Posts Widget plugin <= 2.5.20 - Cross Site Scripting (XSS) Vulnerabilβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in whiletrue Most And Least Read Posts Widget most-and-least-read-posts-widget allows Stored XSS.This issue affects Most And Least Read Posts Widget: from n/a through <= 2.5.20.
0.0
CVE-2025-39552 - WordPress Zephyr Project Manager plugin <= 3.3.200 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Dylan James Zephyr Project Manager zephyr-project-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zephyr Project Manager: from n/a through <= 3.3.200.
0.0
CVE-2025-39555 - WordPress Church Admin plugin <= 5.0.23 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in andy_moyle Church Admin church-admin allows Stored XSS.This issue affects Church Admin: from n/a through <= 5.0.23.
0.0
CVE-2025-39556 - WordPress Mediavine Control Panel plugin <= 2.10.6 - Sensitive Data Exposure vulnerability
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in mediavine Mediavine Control Panel mediavine-control-panel allows Retrieve Embedded Sensitive Data.This issue affects Mediavine Control Panel: from n/a through <= 2.10.6.