5.4
CVE-2025-31791 - WordPress Pin Generator Plugin <= 2.0.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Oliver Boyers Pin Generator pin-generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pin Generator: from n/a through <= 2.0.0.
6.5
CVE-2025-31790 - WordPress Posten plugin <= 0.0.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Binsaifullah Posten posten-post-blocks allows DOM-Based XSS.This issue affects Posten: from n/a through <= 0.0.1.
5.3
CVE-2025-31788 - WordPress AIO Performance Profiler, Monitor, Optimize, Compress & Debug plugin <= 1.3 - Sensitive Dβ¦
Insertion of Sensitive Information into Log File vulnerability in Smackcoders Inc., AIO Performance Profiler, Monitor, Optimize, Compress & Debug all-in-one-performance-accelerator allows Retrieve Embedded Sensitive Data.This issue affects AIO Performance Profiler, Monitor, Optimize, Compress & Debβ¦
4.3
CVE-2025-31787 - WordPress Cue by AudioTheme.com plugin <= 2.4.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in AudioTheme Cue cue allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cue: from n/a through <= 2.4.4.
5.3
CVE-2025-31786 - WordPress Simple Icons plugin <= 2.8.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in Travis Simple Icons simple-icons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Icons: from n/a through <= 2.8.4.
5.4
CVE-2025-31785 - WordPress Clearbit Reveal plugin <= 1.0.6 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Clearbit Clearbit Reveal clearbit allows Cross Site Request Forgery.This issue affects Clearbit Reveal: from n/a through <= 1.0.6.
4.3
CVE-2025-31784 - WordPress Embed Extended β Embed Maps, Videos, Websites, Source Codes, and more Plugin <= 1.4.0 - Cβ¦
Cross-Site Request Forgery (CSRF) vulnerability in Rudy Susanto Embed Extended embed-extended allows Cross Site Request Forgery.This issue affects Embed Extended: from n/a through <= 1.4.0.
6.5
CVE-2025-31783 - WordPress Leartes TRY Exchange Rates Plugin <= 2.1 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leartes.NET Leartes TRY Exchange Rates leartes-try-exchange-rates allows Stored XSS.This issue affects Leartes TRY Exchange Rates: from n/a through <= 2.1.
5.4
CVE-2025-31782 - WordPress mb.YTPlayer plugin <= 3.3.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in pupunzi mb.YTPlayer wpmbytplayer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects mb.YTPlayer: from n/a through <= 3.3.8.
4.3
CVE-2025-31781 - WordPress Gift Cards for WooCommerce plugin <= 1.5.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in ahmadshyk Gift Cards for WooCommerce woo-giftcards allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gift Cards for WooCommerce: from n/a through <= 1.5.8.