8.1
CVE-2025-54031 - WordPress Support Board <= 3.8.0 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Schiocco Support Board allows PHP Local File Inclusion. This issue affects Support Board: from n/a through 3.8.0.
7.1
CVE-2025-54032 - WordPress Real Estate Manager Pro Plugin <= 12.7.3 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebCodingPlace Real Estate Manager Pro allows Reflected XSS. This issue affects Real Estate Manager Pro: from n/a through 12.7.3.
7.5
CVE-2025-54034 - WordPress Newsletters <= 4.10 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Tribulant Software Newsletters allows PHP Local File Inclusion. This issue affects Newsletters: from n/a through 4.10.
6.5
CVE-2025-54040 - WordPress Webba Booking <= 5.1.20 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Webba Appointment Booking Webba Booking allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Webba Booking: from n/a through 5.1.20.
7.1
CVE-2025-54044 - WordPress Elite Video Player <= 10.0.5 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in _CreativeMedia_ Elite Video Player allows Reflected XSS. This issue affects Elite Video Player: from n/a through 10.0.5.
6.5
CVE-2025-54046 - WordPress Cost Calculator Plugin <= 7.4 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuanticaLabs Cost Calculator allows Stored XSS. This issue affects Cost Calculator: from n/a through 7.4.
9.3
CVE-2025-54048 - WordPress Custom API for WP <= 4.2.2 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in miniOrange Custom API for WP allows SQL Injection. This issue affects Custom API for WP: from n/a through 4.2.2.
9.9
CVE-2025-54049 - WordPress Custom API for WP <= 4.2.2 - Privilege Escalation Vulnerability
Incorrect Privilege Assignment vulnerability in miniOrange Custom API for WP allows Privilege Escalation. This issue affects Custom API for WP: from n/a through 4.2.2.
7.5
CVE-2025-54052 - WordPress Realtyna Organic IDX plugin <= 5.0.0 - Local File Inclusion Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Realtyna Realtyna Organic IDX plugin allows PHP Local File Inclusion. This issue affects Realtyna Organic IDX plugin: from n/a through 5.0.0.
6.6
CVE-2025-54053 - WordPress Groundhogg <= 4.2.2 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in Adrian Tobey Groundhogg allows Object Injection. This issue affects Groundhogg: from n/a through 4.2.2.