6.5
CVE-2025-31869 - WordPress Black Widgets For Elementor plugin <= 1.3.9 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Modernaweb Studio Black Widgets For Elementor black-widgets allows Stored XSS.This issue affects Black Widgets For Elementor: from n/a through <= 1.3.9.
5.3
CVE-2025-31868 - WordPress JS Job Manager plugin <= 2.0.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in JoomSky JS Job Manager js-jobs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Job Manager: from n/a through <= 2.0.2.
5.4
CVE-2025-31867 - WordPress JS Job Manager Plugin <= 2.0.2 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in JoomSky JS Job Manager js-jobs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Job Manager: from n/a through <= 2.0.2.
4.3
CVE-2025-31866 - WordPress ShipDepot for WooCommerce plugin <= 1.2.19 - Broken Access Control vulnerability
Missing Authorization vulnerability in Ship Depot ShipDepot for WooCommerce ship-depot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShipDepot for WooCommerce: from n/a through <= 1.2.19.
4.3
CVE-2025-31865 - WordPress CartBoss plugin <= 4.1.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in CartBoss CartBoss cartboss allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CartBoss: from n/a through <= 4.1.2.
5.9
CVE-2025-31864 - WordPress Beam me up Scotty β Back to Top Button plugin <= 1.0.23 - Cross Site Scripting (XSS) vulnβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Out the Box Beam me up Scotty beam-me-up-scotty allows Stored XSS.This issue affects Beam me up Scotty: from n/a through <= 1.0.23.
5.3
CVE-2025-31863 - WordPress Agency Toolkit plugin <= 1.0.24 - Broken Access Control vulnerability
Missing Authorization vulnerability in inspry Agency Toolkit agency-toolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Agency Toolkit: from n/a through <= 1.0.24.
5.3
CVE-2025-31862 - WordPress Job Board Manager Plugin <= 2.1.61 - Broken Access Control vulnerability
Missing Authorization vulnerability in PickPlugins Job Board Manager job-board-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Job Board Manager: from n/a through <= 2.1.61.
6.5
CVE-2025-31861 - WordPress Perfect Font Awesome Integration Plugin <= 2.3 - Stored Cross Site Scripting (XSS) vulnerβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPOrbit Support Perfect Font Awesome Integration perfect-font-awesome-integration allows Stored XSS.This issue affects Perfect Font Awesome Integration: from n/a through <= 2.3.
6.5
CVE-2025-31860 - WordPress WP AdCenter plugin <= 2.5.8 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPeka WP AdCenter wpadcenter allows Stored XSS.This issue affects WP AdCenter: from n/a through <= 2.5.8.