5.3
CVE-2025-31066 - WordPress Acerola theme <= 1.6.5 - Broken Access Control Vulnerability
Missing Authorization vulnerability in themeton Acerola acerola allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Acerola: from n/a through <= 1.6.5.
4.3
CVE-2025-31068 - WordPress Seven Stars <= 1.4.4 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in themeton Seven Stars allows Cross Site Request Forgery. This issue affects Seven Stars: from n/a through 1.4.4.
5.3
CVE-2025-31071 - WordPress HotStar β Multi-Purpose Business Theme <= 1.4 - Broken Access Control Vulnerability
Missing Authorization vulnerability in themeton HotStar β Multi-Purpose Business Theme allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HotStar β Multi-Purpose Business Theme: from n/a through 1.4.
5.3
CVE-2025-31630 - WordPress The Business <= 1.6.1 - Broken Access Control Vulnerability
Missing Authorization vulnerability in themeton The Business allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects The Business: from n/a through 1.6.1.
8.5
CVE-2025-31637 - WordPress SHOUT plugin <= 3.5.3 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup SHOUT lbg-audio8-html5-radio_ads allows SQL Injection.This issue affects SHOUT: from n/a through <= 3.5.3.
4.3
CVE-2025-31639 - WordPress Spare <= 1.7 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in themeton Spare allows Cross Site Request Forgery. This issue affects Spare: from n/a through 1.7.
8.5
CVE-2025-31640 - WordPress Magic Responsive Slider and Carousel WordPress plugin < 1.6 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Magic Responsive Slider and Carousel WordPress magic-carousel allows SQL Injection.This issue affects Magic Responsive Slider and Carousel WordPress: from n/a through < 1.6.
8.5
CVE-2025-31641 - WordPress UberSlider plugin <= 2.3 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup UberSlider uber-classic allows SQL Injection.This issue affects UberSlider: from n/a through < 2.6.
5.4
CVE-2025-31915 - WordPress Pixel Form BuilderPlugin & Autoresponder plugin <= 1.0.3 - Cross Site Request Forgery (CSβ¦
Cross-Site Request Forgery (CSRF) vulnerability in kamleshyadav Pixel WordPress Form BuilderPlugin & Autoresponder pixel-formbuilder allows Cross Site Request Forgery.This issue affects Pixel WordPress Form BuilderPlugin & Autoresponder: from n/a through <= 1.0.3.
4.3
CVE-2025-31921 - WordPress WP Ultimate Tours Builder plugin <= 1.055 - Cross Site Request Forgery (CSRF) Vulnerabiliβ¦
Cross-Site Request Forgery (CSRF) vulnerability in loopus WP Ultimate Tours Builder WP_UltimateToursBuilder allows Cross Site Request Forgery.This issue affects WP Ultimate Tours Builder: from n/a through <= 1.055.