5.4
CVE-2025-31859 - WordPress Feedbucket β Website Feedback Tool Plugin <= 1.0.6 - Cross Site Request Forgery (CSRF) vuβ¦
Cross-Site Request Forgery (CSRF) vulnerability in Feedbucket Feedbucket β Website Feedback Tool feedbucket allows Cross Site Request Forgery.This issue affects Feedbucket β Website Feedback Tool: from n/a through <= 1.0.6.
6.5
CVE-2025-31857 - WordPress Directorist AddonsKit for Elementor plugin <= 1.1.6 - Cross Site Scripting (XSS) vulnerabβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpWax Directorist AddonsKit for Elementor addonskit-for-elementor allows Stored XSS.This issue affects Directorist AddonsKit for Elementor: from n/a through <= 1.1.6.
4.3
CVE-2025-31856 - WordPress Export All Post Meta Plugin <= 1.2.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in brainvireinfo Export All Post Meta export-all-post-meta allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Export All Post Meta: from n/a through <= 1.2.1.
6.5
CVE-2025-31855 - WordPress SMM API plugin <= 6.0.31 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in softnwords SMM API smm-api allows Stored XSS.This issue affects SMM API: from n/a through <= 6.0.31.
4.3
CVE-2025-31854 - WordPress Simple Sticky Add To Cart For WooCommerce plugin <= 1.4.9 - Broken Access Control vulneraβ¦
Missing Authorization vulnerability in Sharaz Shahid Simple Sticky Add To Cart For WooCommerce sticky-add-to-cart-woo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Sticky Add To Cart For WooCommerce: from n/a through <= 1.4.9.
5.9
CVE-2025-31853 - WordPress Smartarget Popup Plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Erez Hadas-Sonnenschein Smartarget Popup smartarget-popup allows Stored XSS.This issue affects Smartarget Popup: from n/a through <= 1.5.
4.3
CVE-2025-31852 - WordPress Bulk Product Sync plugin <= 8.6 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in N-Media Bulk Product Sync sync-wc-google allows Cross Site Request Forgery.This issue affects Bulk Product Sync: from n/a through <= 8.6.
6.5
CVE-2025-31851 - WordPress Beds24 Online Booking plugin <= 2.0.27 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in markkinchin Beds24 Online Booking beds24-online-booking allows Stored XSS.This issue affects Beds24 Online Booking: from n/a through <= 2.0.27.
6.5
CVE-2025-31850 - WordPress PDF Generator Addon for Elementor Page Builder plugin <= 2.1.0 - Cross Site Scripting (XSβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RedefiningTheWeb PDF Generator Addon for Elementor Page Builder pdf-generator-addon-for-elementor-page-builder allows Stored XSS.This issue affects PDF Generator Addon for Elementor Page Builder: fβ¦
6.5
CVE-2025-31849 - WordPress Nemesis All-in-One plugin <= 1.1.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fbtemplates Nemesis All-in-One nemesis-all-in-one allows Stored XSS.This issue affects Nemesis All-in-One: from n/a through <= 1.1.3.