7.1
CVE-2025-39567 - WordPress Web Directory Free plugin <= 1.7.8 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shamalli Web Directory Free web-directory-free allows Reflected XSS.This issue affects Web Directory Free: from n/a through <= 1.7.8.
7.5
CVE-2025-39568 - WordPress StoreContrl Woocommerce plugin <= 4.1.3 - Arbitrary File Download Vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Arture B.V. StoreContrl Woocommerce storecontrl-wp-connection allows Path Traversal.This issue affects StoreContrl Woocommerce: from n/a through <= 4.1.3.
8.5
CVE-2025-39569 - WordPress Taskbuilder plugin <= 4.0.1 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in taskbuilder Taskbuilder taskbuilder allows Blind SQL Injection.This issue affects Taskbuilder: from n/a through <= 4.0.1.
5.8
CVE-2025-39580 - WordPress Dashi plugin <= 3.1.8 - Broken Access Control Vulnerability
Missing Authorization vulnerability in jidaikobo Dashi dashi allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Dashi: from n/a through <= 3.1.8.
7.1
CVE-2025-39583 - WordPress BERTHA AI plugin <= 1.12.10.2 - Arbitrary Content Deletion Vulnerability
Missing Authorization vulnerability in Bertha AI โ Andrew Palmer BERTHA AI bertha-ai-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BERTHA AI: from n/a through <= 1.12.10.2.
8.5
CVE-2025-39586 - WordPress ProfileGrid plugin <= 5.9.4.8 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows SQL Injection.This issue affects ProfileGrid : from n/a through <= 5.9.4.8.
9.3
CVE-2025-39587 - WordPress Cost Calculator Builder plugin <= 3.2.65 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stylemix Cost Calculator Builder cost-calculator-builder allows SQL Injection.This issue affects Cost Calculator Builder: from n/a through <= 3.2.65.
9.8
CVE-2025-39588 - WordPress Ultimate Store Kit Elementor Addons plugin <= 2.4.0 - Deserialization of untrusted data Vโฆ
Deserialization of Untrusted Data vulnerability in bdthemes Ultimate Store Kit Elementor Addons ultimate-store-kit allows Object Injection.This issue affects Ultimate Store Kit Elementor Addons: from n/a through <= 2.4.0.
7.1
CVE-2025-39594 - WordPress Arigato Autoresponder and Newsletter plugin <= 2.7.2.4 - Reflected Cross Site Scripting (โฆ
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bob Arigato Autoresponder and Newsletter bft-autoresponder allows Reflected XSS.This issue affects Arigato Autoresponder and Newsletter: from n/a through <= 2.7.2.4.
9.3
CVE-2025-39595 - WordPress Quentn WP plugin <= 1.2.8 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Quentn.com GmbH Quentn WP quentn-wp allows SQL Injection.This issue affects Quentn WP: from n/a through <= 1.2.8.