0.0
CVE-2025-30905 - WordPress Secure Copy Content Protection and Content Locking plugin <= 4.4.3 - Cross Site Scriptingβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Secure Copy Content Protection and Content Locking secure-copy-content-protection allows Stored XSS.This issue affects Secure Copy Content Protection and Content Locking: from n/a through <β¦
0.0
CVE-2025-30892 - WordPress WpTravelly Plugin <= 1.8.7 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in magepeopleteam WpTravelly tour-booking-manager allows Object Injection.This issue affects WpTravelly: from n/a through <= 1.8.7.
0.0
CVE-2025-30853 - WordPress ShortPixel Adaptive Images plugin <= 3.10.0 - Broken Authentication vulnerability
Missing Authorization vulnerability in ShortPixel ShortPixel Adaptive Images shortpixel-adaptive-images allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShortPixel Adaptive Images: from n/a through <= 3.10.0.
0.0
CVE-2025-30852 - WordPress Oracle Cards Lite plugin <= 1.2.1 - Reflected Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in emotionalonlinestorytelling Oracle Cards Lite oracle-cards allows Reflected XSS.This issue affects Oracle Cards Lite: from n/a through <= 1.2.1.
6.1
CVE-2025-30844 - WordPress Watu Quiz plugin <= 3.4.2 - Reflected Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bob Watu Quiz watu allows Reflected XSS.This issue affects Watu Quiz: from n/a through <= 3.4.2.
0.0
CVE-2025-30841 - WordPress Countdown & Clock plugin <=2.8.8 - Remote Code Execution (RCE) vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in adamskaat Countdown & Clock countdown-builder allows Remote Code Inclusion.This issue affects Countdown & Clock: from n/a through <= 2.8.8.
0.0
CVE-2025-30825 - WordPress WPC Smart Linked Products plugin <= 1.3.5 - Privilege Escalation vulnerability
Missing Authorization vulnerability in WPClever WPC Smart Linked Products - Upsells & Cross-sells for WooCommerce wpc-smart-linked-products allows Privilege Escalation.This issue affects WPC Smart Linked Products - Upsells & Cross-sells for WooCommerce: from n/a through <= 1.3.5.
0.0
CVE-2025-30807 - WordPress Next-Cart Store to WooCommerce Migration plugin <= 3.9.4 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Martin Nguyen Next-Cart Store to WooCommerce Migration nextcart-woocommerce-migration allows SQL Injection.This issue affects Next-Cart Store to WooCommerce Migration: from n/a through <= 3.9.4.
0.0
CVE-2025-30778 - WordPress VForm plugin <= 3.1.9 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vikas Ratudi VPSUForm v-form allows Reflected XSS.This issue affects VPSUForm: from n/a through <= 3.1.9.
0.0
CVE-2025-30580 - WordPress DigiWidgets Image Editor plugin <= 1.10 - Remote Code Execution (RCE) Vulnerability
Improper Control of Generation of Code ('Code Injection') vulnerability in kellydiek DigiWidgets Image Editor digiwidgets-image-editor allows Remote Code Inclusion.This issue affects DigiWidgets Image Editor: from n/a through <= 1.10.