6.5
CVE-2025-31758 - WordPress Free Woocommerce Product Table View plugin <= 1.78 - Arbitrary Content Deletion vulnerabiβ¦
Missing Authorization vulnerability in BinaryCarpenter Free Woocommerce Product Table View free-product-table-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Free Woocommerce Product Table View: from n/a through <= 1.78.
6.4
CVE-2025-31746 - WordPress Clients plugin <= 1.1.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in Think201 Clients clients allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clients: from n/a through <= 1.1.4.
6.4
CVE-2025-31739 - WordPress Minimalistic Event Manager plugin <= 1.1.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Manuel Schmalstieg Minimalistic Event Manager minimalistic-event-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Minimalistic Event Manager: from n/a through <= 1.1.1.
6.5
CVE-2025-31736 - WordPress Rich Text Editor Plugin <= 1.0.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in richtexteditor Rich Text Editor richtexteditor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rich Text Editor: from n/a through <= 1.0.1.
6.5
CVE-2025-31729 - WordPress WooTumblog plugin <= 2.1.4 - Content Injection vulnerability
Missing Authorization vulnerability in jeffikus WooTumblog woo-tumblog allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooTumblog: from n/a through <= 2.1.4.
7.1
CVE-2025-31626 - WordPress Support Helpdesk Ticket System Lite plugin <= 4.5.2 - Reflected Cross Site Scripting (XSSβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in M. Ali Saleem Support Helpdesk Ticket System Lite ticket-help-desk-system-lite allows Reflected XSS.This issue affects Support Helpdesk Ticket System Lite: from n/a through <= 4.5.2.
6.5
CVE-2025-31622 - WordPress Advanced Typekit plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Utkarsh Kukreti Advanced Typekit advanced-typekit allows Stored XSS.This issue affects Advanced Typekit: from n/a through <= 1.0.1.
7.1
CVE-2025-31582 - WordPress Contact Form vCard Generator plugin <= 2.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ashish Ajani Contact Form vCard Generator contact-form-vcard-generator allows Stored XSS.This issue affects Contact Form vCard Generator: from n/a through <= 2.4.
6.5
CVE-2025-31581 - WordPress WP Video Playlist plugin <= 1.1.2 - Settings Change vulnerability
Missing Authorization vulnerability in Sandeep Kumar WP Video Playlist wp-video-playlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Video Playlist: from n/a through <= 1.1.2.
7.1
CVE-2025-31573 - WordPress PeproDev CF7 Database plugin <= 2.0.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pepro Dev. Group PeproDev CF7 Database pepro-cf7-database allows Stored XSS.This issue affects PeproDev CF7 Database: from n/a through <= 2.0.0.