6.9
CVE-2025-4941 - PHPGurukul Credit Card Application Management System index.php sql injection
A vulnerability, which was classified as critical, was found in PHPGurukul Credit Card Application Management System 1.0. Affected is an unknown function of the file /admin/index.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. Theβ¦
5.3
CVE-2025-39394 - WordPress AnalyticsWP plugin <= 2.1.2 - Sensitive Data Exposure vulnerability
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Solid Plugins AnalyticsWP allows Retrieve Embedded Sensitive Data.This issue affects AnalyticsWP: from n/a through 2.1.2.
5.4
CVE-2025-26920 - WordPress Customify theme <= 0.4.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in pressmaximum Customify customify-theme allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Customify: from n/a through <= 0.4.8.
5.3
CVE-2025-26867 - WordPress Bulk theme <= 1.0.11 - Broken Access Control vulnerability
Missing Authorization vulnerability in Themes4WP Bulk allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bulk: from n/a through 1.0.11.
5.3
CVE-2025-39388 - WordPress AnalyticsWP plugin <= 2.0.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Solid Plugins AnalyticsWP allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects AnalyticsWP: from n/a through 2.0.0.
4.3
CVE-2025-39376 - WordPress Car Park Booking System for WordPress plugin <= 2.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in QuanticaLabs Car Park Booking System for WordPress car-park-booking-system-for-wordpress.This issue affects Car Park Booking System for WordPress: from n/a through <= 2.6.
4.3
CVE-2025-39375 - WordPress Easy Child Theme Creator plugin <= 1.3.1 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Ashok G Easy Child Theme Creator easy-child-theme-creator allows Cross Site Request Forgery.This issue affects Easy Child Theme Creator: from n/a through <= 1.3.1.
7.1
CVE-2025-39374 - WordPress Best Posts Summary plugin <= 1.0 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in aseem1234 Best Posts Summary best-posts-summary allows Stored XSS.This issue affects Best Posts Summary: from n/a through <= 1.0.
5.3
CVE-2025-39373 - WordPress JNews Theme <= 11.6.16 - Broken Access Control Vulnerability
Missing Authorization vulnerability in jegtheme JNews jnews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JNews: from n/a through <= 11.6.16.
4.3
CVE-2025-39371 - WordPress Author Box Plugin With Different Description plugin <= 1.3.5 - Cross Site Request Forgeryβ¦
Cross-Site Request Forgery (CSRF) vulnerability in Sanjeev Mohindra Author Box Plugin With Different Description author-box-with-different-description allows Cross Site Request Forgery.This issue affects Author Box Plugin With Different Description: from n/a through <= 1.3.5.