7.6
CVE-2025-39370 - WordPress iCafe Library plugin <= 1.8.3 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in cnilsson iCafe Library icafe-library allows SQL Injection.This issue affects iCafe Library: from n/a through <= 1.8.3.
6.5
CVE-2025-39369 - WordPress Posts for Page plugin <= 2.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sihibbs Posts for Page posts-for-page allows DOM-Based XSS.This issue affects Posts for Page: from n/a through <= 2.1.
5.3
CVE-2025-39368 - WordPress Rootspersona plugin <= 3.7.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in ed4becky Rootspersona rootspersona allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rootspersona: from n/a through <= 3.7.5.
6.9
CVE-2025-4940 - 1000 Projects Daily College Class Work Report Book admin_info.php sql injection
A vulnerability, which was classified as critical, has been found in 1000 Projects Daily College Class Work Report Book 1.0. This issue affects some unknown processing of the file /admin_info.php. The manipulation of the argument batch leads to sql injection. The attack may be initiated remotely. Tβ¦
5.3
CVE-2025-39353 - WordPress Grand Restaurant WordPress theme <= 7.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grand Restaurant: from n/a through <= 7.0.
4.3
CVE-2025-39351 - WordPress Grand Restaurant WordPress theme <= 7.0 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Cross Site Request Forgery.This issue affects Grand Restaurant: from n/a through <= 7.0.
7.5
CVE-2025-39364 - WordPress Product Category Slider for WooCommerce plugin <= 4.3.4 - Local File Inclusion vulnerabilβ¦
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PluginEver Product Category Slider for WooCommerce woo-category-slider-by-pluginever allows PHP Local File Inclusion.This issue affects Product Category Slider for WooCommerce: fβ¦
8.8
CVE-2025-47576 - WordPress Bimber - Viral Magazine WordPress Theme theme <= 9.2.5 - Local File Inclusion vulnerabiliβ¦
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Bringthepixel Bimber - Viral Magazine WordPress Theme.This issue affects Bimber - Viral Magazine WordPress Theme: from n/a through 9.2.5.
5.4
CVE-2025-47583 - WordPress Salon booking system plugin <= 10.16 - CSRF to Arbitrary Content Deletion vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Dimitri Grassi Salon booking system salon-booking-system allows Cross Site Request Forgery.This issue affects Salon booking system: from n/a through <= 10.16.
6.5
CVE-2025-32920 - WordPress TI WooCommerce Wishlist plugin <= 2.10.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in templateinvaders TI WooCommerce Wishlist ti-woocommerce-wishlist allows Stored XSS.This issue affects TI WooCommerce Wishlist: from n/a through <= 2.10.0.