8.8
CVE-2025-47649 - WordPress Open Close WooCommerce Store plugin <= 4.9.9 - Local File Inclusion vulnerability
Path Traversal: '.../...//' vulnerability in StackWC Open Close WooCommerce Store woc-open-close allows PHP Local File Inclusion.This issue affects Open Close WooCommerce Store: from n/a through <= 4.9.9.
7.1
CVE-2025-47648 - WordPress Pays β WooCommerce Payment Gateway plugin <= 2.6 - Cross Site Request Forgery (CSRF) Vulnβ¦
Cross-Site Request Forgery (CSRF) vulnerability in axima Pays β WooCommerce Payment Gateway axima-payment-gateway allows Stored XSS.This issue affects Pays β WooCommerce Payment Gateway: from n/a through <= 2.6.
4.3
CVE-2025-47647 - WordPress Sidebar Manager Light plugin <= 1.18 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Sidebar Manager Light sidebar-manager-light allows Cross Site Request Forgery.This issue affects Sidebar Manager Light: from n/a through <= 1.18.
4.7
CVE-2025-47644 - WordPress Integrations of Zoho CRM with Elementor form plugin <= 1.0.8 - Open Redirection Vulnerabiβ¦
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in formsintegrations Integrations of Zoho CRM with Elementor form integrations-of-zoho-crm-with-elementor-form allows Phishing.This issue affects Integrations of Zoho CRM with Elementor form: from n/a through <= 1.0.8.
7.6
CVE-2025-47643 - WordPress ELEX Product Feed for WooCommerce <= 3.1.2 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ELEXtensions ELEX Product Feed for WooCommerce allows SQL Injection. This issue affects ELEX Product Feed for WooCommerce: from n/a through 3.1.2.
7.1
CVE-2025-47639 - WordPress Supertext Translation and Proofreading plugin <= 4.26 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Supertext Supertext Translation and Proofreading polylang-supertext allows Stored XSS.This issue affects Supertext Translation and Proofreading: from n/a through <= 4.26.
5.9
CVE-2025-47638 - WordPress WP Discord Invite plugin <= 2.5.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sarvesh M Rao WP Discord Invite wp-discord-invite allows Stored XSS.This issue affects WP Discord Invite: from n/a through <= 2.5.3.
7.5
CVE-2025-47636 - WordPress List category posts plugin <= 0.91.0 - Local File Inclusion Vulnerability
Path Traversal: '.../...//' vulnerability in Fernando Briano List category posts list-category-posts allows PHP Local File Inclusion.This issue affects List category posts: from n/a through <= 0.91.0.
5.5
CVE-2025-47635 - WordPress WebinarPress plugin <= 1.33.28 - Server Side Request Forgery (SSRF) Vulnerability
Server-Side Request Forgery (SSRF) vulnerability in WPWebinarSystem WebinarPress wp-webinarsystem allows Server Side Request Forgery.This issue affects WebinarPress: from n/a through <= 1.33.28.
4.3
CVE-2025-47633 - WordPress Awin β Advertiser Tracking for WooCommerce plugin <= 2.0.0 - CSRF to Product Feed Regenerβ¦
Cross-Site Request Forgery (CSRF) vulnerability in Awin Awin β Advertiser Tracking for WooCommerce awin-advertiser-tracking allows Cross Site Request Forgery.This issue affects Awin β Advertiser Tracking for WooCommerce: from n/a through <= 2.0.0.