7.1
CVE-2025-31078 - WordPress Small Package Quotes – Worldwide Express Edition plugin <= 5.2.18 - Reflected Cross Site …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in enituretechnology Small Package Quotes – Worldwide Express Edition small-package-quotes-wwe-edition allows Reflected XSS.This issue affects Small Package Quotes – Worldwide Express Edition: from n/…
7.1
CVE-2025-30913 - WordPress Access Areas Plugin <= 1.5.19 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in podpirate Access Areas wp-access-areas allows Reflected XSS.This issue affects Access Areas: from n/a through <= 1.5.19.
7.1
CVE-2025-30906 - WordPress Plugin Oficial – Getnet para WooCommerce plugin <= 1.7.3 - Reflected Cross Site Scripting…
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lisandragetnet Plugin Oficial – Getnet para WooCommerce wc-checkout-getnet allows Reflected XSS.This issue affects Plugin Oficial – Getnet para WooCommerce: from n/a through <= 1.7.3.
7.1
CVE-2025-30905 - WordPress Secure Copy Content Protection and Content Locking plugin <= 4.4.3 - Cross Site Scripting…
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Secure Copy Content Protection and Content Locking secure-copy-content-protection allows Stored XSS.This issue affects Secure Copy Content Protection and Content Locking: from n/a through <…
8.8
CVE-2025-30892 - WordPress WpTravelly Plugin <= 1.8.7 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in magepeopleteam WpTravelly tour-booking-manager allows Object Injection.This issue affects WpTravelly: from n/a through <= 1.8.7.
5.4
CVE-2025-30853 - WordPress ShortPixel Adaptive Images plugin <= 3.10.0 - Broken Authentication vulnerability
Missing Authorization vulnerability in ShortPixel ShortPixel Adaptive Images shortpixel-adaptive-images allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShortPixel Adaptive Images: from n/a through <= 3.10.0.
7.1
CVE-2025-30852 - WordPress Oracle Cards Lite plugin <= 1.2.1 - Reflected Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in emotionalonlinestorytelling Oracle Cards Lite oracle-cards allows Reflected XSS.This issue affects Oracle Cards Lite: from n/a through <= 1.2.1.
7.1
CVE-2025-30844 - WordPress Watu Quiz plugin <= 3.4.2 - Reflected Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bob Watu Quiz watu allows Reflected XSS.This issue affects Watu Quiz: from n/a through <= 3.4.2.
0.0
CVE-2025-30841 - WordPress Countdown & Clock plugin <=2.8.8 - Remote Code Execution (RCE) vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in adamskaat Countdown & Clock countdown-builder allows Remote Code Inclusion.This issue affects Countdown & Clock: from n/a through <= 2.8.8.
8.8
CVE-2025-30825 - WordPress WPC Smart Linked Products plugin <= 1.3.5 - Privilege Escalation vulnerability
Missing Authorization vulnerability in WPClever WPC Smart Linked Products - Upsells & Cross-sells for WooCommerce wpc-smart-linked-products allows Privilege Escalation.This issue affects WPC Smart Linked Products - Upsells & Cross-sells for WooCommerce: from n/a through <= 1.3.5.