7.1
CVE-2025-31573 - WordPress PeproDev CF7 Database plugin <= 2.0.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pepro Dev. Group PeproDev CF7 Database pepro-cf7-database allows Stored XSS.This issue affects PeproDev CF7 Database: from n/a through <= 2.0.0.
0.0
CVE-2025-31558 - WordPress TailPress plugin <= 0.4.4 - Sensitive Data Exposure vulnerability
Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Greg TailPress tailpress allows Retrieve Embedded Sensitive Data.This issue affects TailPress: from n/a through <= 0.4.4.
5.9
CVE-2025-31554 - WordPress Docxpresso plugin <= 2.6 - Arbitrary File Download vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in docxpresso Docxpresso docxpresso allows Absolute Path Traversal.This issue affects Docxpresso: from n/a through <= 2.6.
6.5
CVE-2025-31541 - WordPress TuriTop Booking System plugin <= 1.0.10 - Broken Access Control vulnerability
Missing Authorization vulnerability in TuriTop TuriTop Booking System turitop-booking-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TuriTop Booking System: from n/a through <= 1.0.10.
7.1
CVE-2025-31536 - WordPress CF7 Spreadsheets plugin <= 2.3.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in moshensky CF7 Spreadsheets cf7-spreadsheets allows Reflected XSS.This issue affects CF7 Spreadsheets: from n/a through <= 2.3.2.
7.1
CVE-2025-31468 - WordPress WP_Identicon plugin <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in scottsm WP_Identicon wp-identicon allows Reflected XSS.This issue affects WP_Identicon: from n/a through <= 2.0.
7.1
CVE-2025-31467 - WordPress Flickr Photostream plugin <= 3.1.8 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in miro.mannino Flickr Photostream flickr-photostream allows Reflected XSS.This issue affects Flickr Photostream: from n/a through <= 3.1.8.
7.1
CVE-2025-31442 - WordPress Search engine keywords highlighter plugin <= 0.1.3 - Reflected Cross Site Scripting (XSS)β¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e1tekoap42 Search engine keywords highlighter keywords-highlight-tool allows Reflected XSS.This issue affects Search engine keywords highlighter: from n/a through <= 0.1.3.
7.1
CVE-2025-31436 - WordPress Blubrry PowerPress Podcasting plugin MultiSite add-on plugin <= 0.1.1 - Reflected Cross Sβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Angelo Mandato Blubrry PowerPress Podcasting plugin MultiSite add-on powerpress-multisite allows Reflected XSS.This issue affects Blubrry PowerPress Podcasting plugin MultiSite add-on: from n/a thrβ¦
7.5
CVE-2025-31098 - WordPress DeBounce Email Validator plugin <= 5.7 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in debounce DeBounce Email Validator debounce-io-email-validator allows PHP Local File Inclusion.This issue affects DeBounce Email Validator: from n/a through <= 5.7.