5.3
CVE-2025-48282 - WordPress Majestic Support plugin <= 1.1.0 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Majestic Support Majestic Support majestic-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Majestic Support: from n/a through <= 1.1.0.
7.6
CVE-2025-48280 - WordPress AutomatorWP plugin <= 5.2.1.3 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ruben Garcia AutomatorWP automatorwp allows Blind SQL Injection.This issue affects AutomatorWP: from n/a through <= 5.2.1.3.
8.5
CVE-2025-48278 - WordPress RSVPMarker plugin <= 11.5.6 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in davidfcarr RSVPMarker rsvpmaker allows SQL Injection.This issue affects RSVPMarker : from n/a through <= 11.5.6.
5.9
CVE-2025-48277 - WordPress Cost Calculator Builder plugin <= 3.2.74 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stylemix Cost Calculator Builder cost-calculator-builder allows Stored XSS.This issue affects Cost Calculator Builder: from n/a through <= 3.2.74.
6.5
CVE-2025-48276 - WordPress Visual Composer Website Builder plugin <= 45.11.0 - Cross Site Scripting (XSS) Vulnerabilβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visual Composer Visual Composer Website Builder visualcomposer allows Stored XSS.This issue affects Visual Composer Website Builder: from n/a through <= 45.11.0.
5.3
CVE-2025-48272 - WordPress WP Job Portal plugin <= 2.3.2 - Insecure Direct Object References (IDOR) Vulnerability
Missing Authorization vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Portal: from n/a through <= 2.3.2.
6.5
CVE-2025-48270 - WordPress SKT Blocks plugin <= 2.2 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Blocks skt-blocks allows DOM-Based XSS.This issue affects SKT Blocks: from n/a through <= 2.2.
6.5
CVE-2025-48269 - WordPress WPAdverts plugin <= 2.2.3 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Greg Winiarski WPAdverts wpadverts allows DOM-Based XSS.This issue affects WPAdverts: from n/a through <= 2.2.3.
4.3
CVE-2025-48268 - WordPress Bot for Telegram on WooCommerce plugin <= 1.2.6 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Guru Team Bot for Telegram on WooCommerce bot-for-telegram-on-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bot for Telegram on WooCommerce: from n/a through <= 1.2.6.
6.5
CVE-2025-48266 - WordPress Active Products Tables for WooCommerce plugin <= 1.0.6.8 - Cross Site Scripting (XSS) Vulβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows Stored XSS.This issue affects Active Products Tables for WooCommerce: from n/a through <= 1.0.6.8.