5.4
CVE-2025-31826 - WordPress Ni WooCommerce Cost Of Goods plugin <= 3.2.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in Anzar Ahmed Ni WooCommerce Cost Of Goods ni-woocommerce-cost-of-goods allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ni WooCommerce Cost Of Goods: from n/a through <= 3.2.8.
5.4
CVE-2025-31824 - WordPress WP Optin Wheel Plugin <= 1.4.7 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery (SSRF) vulnerability in Wombat Plugins WP Optin Wheel wp-optin-wheel allows Server Side Request Forgery.This issue affects WP Optin Wheel: from n/a through <= 1.4.7.
6.5
CVE-2025-31823 - WordPress WPoperation Elementor Addons plugin 1.1.9 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpoperations WPoperation Elementor Addons wpop-elementor-addons allows Stored XSS.This issue affects WPoperation Elementor Addons: from n/a through <= 1.1.9.
5.3
CVE-2025-31822 - WordPress WordPress Simple HTML Sitemap plugin <= 3.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in Ashish Ajani WP Simple HTML Sitemap wp-simple-html-sitemap allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Simple HTML Sitemap: from n/a through <= 3.5.
4.7
CVE-2025-31821 - WordPress Integration of Zoho CRM and Contact Form 7 plugin <= 1.0.6 - Open Redirection Vulnerabiliβ¦
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in formsintegrations Integration of Zoho CRM and Contact Form 7 allows Phishing. This issue affects Integration of Zoho CRM and Contact Form 7: from n/a through 1.0.6.
4.3
CVE-2025-31820 - WordPress Automatic Featured Images from Videos plugin <= 1.2.4 - Broken Access Control vulnerabiliβ¦
Missing Authorization vulnerability in webdevstudios Automatic Featured Images from Videos automatic-featured-images-from-videos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automatic Featured Images from Videos: from n/a through <= 1.2.4.
6.5
CVE-2025-31818 - WordPress ContentBot AI Writer plugin <= 1.2.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ContentBot.ai ContentBot AI Writer content-bot allows Stored XSS.This issue affects ContentBot AI Writer: from n/a through <= 1.2.4.
6.5
CVE-2025-31817 - WordPress BlockWheels plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPWheels BlockWheels blockwheels allows DOM-Based XSS.This issue affects BlockWheels: from n/a through <= 1.0.2.
5.4
CVE-2025-31816 - WordPress Mobile App Canvas Plugin <= 3.8.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in pietro Mobile App Canvas mobile-app allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mobile App Canvas: from n/a through <= 3.8.2.
6.5
CVE-2025-31815 - WordPress Design Blocks plugin <= 1.2.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in devscred Design Blocks exclusive-blocks allows Stored XSS.This issue affects Design Blocks: from n/a through <= 1.2.5.