8.1
CVE-2025-47672 - WordPress miniOrange Discord Integration plugin <= 2.2.2 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in miniOrange miniOrange Discord Integration miniorange-discord-integration allows PHP Local File Inclusion.This issue affects miniOrange Discord Integration: from n/a through <= 2.β¦
7.1
CVE-2025-47673 - WordPress Arconix Shortcodes plugin <= 2.1.16 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tychesoftwares Arconix Shortcodes arconix-shortcodes allows Reflected XSS.This issue affects Arconix Shortcodes: from n/a through <= 2.1.16.
7.1
CVE-2025-47678 - WordPress FunnelCockpit plugin <= 1.4.3 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FunnelCockpit FunnelCockpit funnelcockpit allows Reflected XSS.This issue affects FunnelCockpit: from n/a through <= 1.4.3.
7.1
CVE-2025-47680 - WordPress xili-tidy-tags plugin <= 1.12.06 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michel - xiligroup dev xili-tidy-tags xili-tidy-tags allows Reflected XSS.This issue affects xili-tidy-tags: from n/a through <= 1.12.06.
10
CVE-2025-47687 - WordPress StoreKeeper for WooCommerce plugin <= 14.4.4 - Arbitrary File Upload Vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in StoreKeeper B.V. StoreKeeper for WooCommerce storekeeper-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects StoreKeeper for WooCommerce: from n/a through <= 14.4.4.
8.8
CVE-2025-47690 - WordPress Lead Form Data Collection to CRM plugin <= 3.1 - Arbitrary Option Update to Privilege Escβ¦
Missing Authorization vulnerability in Smackcoders Inc., Lead Form Data Collection to CRM wp-leads-builder-any-crm allows Privilege Escalation.This issue affects Lead Form Data Collection to CRM: from n/a through <= 3.1.
7.1
CVE-2025-48241 - WordPress Verge3D plugin <= 4.9.3 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Soft8Soft LLC Verge3D verge3d allows Reflected XSS.This issue affects Verge3D: from n/a through <= 4.9.3.
7.1
CVE-2025-48245 - WordPress Quick Contact Form plugin <= 8.2.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saad Iqbal Quick Contact Form quick-contact-form allows Reflected XSS.This issue affects Quick Contact Form: from n/a through <= 8.2.1.
6.5
CVE-2025-48271 - WordPress Leadinfo plugin <= 1.1 - Settings Change Vulnerability
Missing Authorization vulnerability in Leadinfo Leadinfo leadinfo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Leadinfo: from n/a through <= 1.1.
7.5
CVE-2025-48273 - WordPress WP Job Portal plugin <= 2.3.2 - Arbitrary File Download Vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpjobportal WP Job Portal wp-job-portal allows Path Traversal.This issue affects WP Job Portal: from n/a through <= 2.3.2.