7.5
CVE-2025-54021 - WordPress Simple File List <= 6.1.14 - Arbitrary File Download Vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Mitchell Bennis Simple File List allows Path Traversal. This issue affects Simple File List: from n/a through 6.1.14.
6.5
CVE-2025-54025 - WordPress Coupon Affiliates Plugin <= 6.4.0 - Settings Change Vulnerability
Missing Authorization vulnerability in Elliot Sowersby / RelyWP Coupon Affiliates allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Coupon Affiliates: from n/a through 6.4.0.
7.1
CVE-2025-54027 - WordPress Support Board <= 3.8.0 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Schiocco Support Board allows Reflected XSS. This issue affects Support Board: from n/a through 3.8.0.
7.5
CVE-2025-54028 - WordPress CF7 WOW Styler Plugin <= 1.7.2 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Saleswonder Team Tobias CF7 WOW Styler allows PHP Local File Inclusion. This issue affects CF7 WOW Styler: from n/a through 1.7.2.
8.1
CVE-2025-54031 - WordPress Support Board <= 3.8.0 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Schiocco Support Board allows PHP Local File Inclusion. This issue affects Support Board: from n/a through 3.8.0.
7.1
CVE-2025-54032 - WordPress Real Estate Manager Pro Plugin <= 12.7.3 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebCodingPlace Real Estate Manager Pro allows Reflected XSS. This issue affects Real Estate Manager Pro: from n/a through 12.7.3.
7.5
CVE-2025-54034 - WordPress Newsletters <= 4.10 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Tribulant Software Newsletters allows PHP Local File Inclusion. This issue affects Newsletters: from n/a through 4.10.
6.5
CVE-2025-54040 - WordPress Webba Booking <= 5.1.20 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Webba Appointment Booking Webba Booking allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Webba Booking: from n/a through 5.1.20.
7.1
CVE-2025-54044 - WordPress Elite Video Player <= 10.0.5 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in _CreativeMedia_ Elite Video Player allows Reflected XSS. This issue affects Elite Video Player: from n/a through 10.0.5.
6.5
CVE-2025-54046 - WordPress Cost Calculator Plugin <= 7.4 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuanticaLabs Cost Calculator allows Stored XSS. This issue affects Cost Calculator: from n/a through 7.4.