7.1
CVE-2025-30837 - WordPress WooCommerce Fattureincloud plugin <= 2.6.7 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cristiano Zanca WooCommerce Fattureincloud woo-fattureincloud allows Reflected XSS.This issue affects WooCommerce Fattureincloud: from n/a through <= 2.6.7.
7.5
CVE-2025-30834 - WordPress Bit Assist plugin <= 1.5.4 - Path Traversal vulnerability
Path Traversal: '.../...//' vulnerability in Bit Apps Bit Assist bit-assist allows Path Traversal.This issue affects Bit Assist: from n/a through <= 1.5.4.
7.1
CVE-2025-30827 - WordPress WP2LEADS plugin <= 3.4.5 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saleswonder Team: Tobias WP2LEADS wp2leads allows Reflected XSS.This issue affects WP2LEADS: from n/a through <= 3.4.5.
7.1
CVE-2025-30808 - WordPress About Author plugin <= 1.6.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Weblizar - WordPress Themes & Plugin About Author about-author allows Reflected XSS.This issue affects About Author: from n/a through <= 1.6.2.
4.3
CVE-2025-30802 - WordPress Our Team Members plugin <= 2.2 - Sensitive Data Exposure vulnerability
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPBean Our Team Members our-team-members.This issue affects Our Team Members: from n/a through <= 2.2.
7.1
CVE-2025-30798 - WordPress Better WishList API plugin <= 1.1.4 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rickonline_nl Better WishList API better-wlm-api allows Reflected XSS.This issue affects Better WishList API: from n/a through <= 1.1.4.
7.5
CVE-2025-30797 - WordPress Greek Multi Tool โ Fix peralinks, accents, auto create menus and more plugin <= 2.3.1 - Bโฆ
Missing Authorization vulnerability in bigdrop.gr Greek Multi Tool โ Fix peralinks, accents, auto create menus and more greek-multi-tool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Greek Multi Tool โ Fix peralinks, accents, auto create menus and more: โฆ
7.1
CVE-2025-30796 - WordPress The Ultimate WordPress Toolkit โ WP Extended plugin <= 3.0.14 - Cross Site Scripting (XSSโฆ
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Extended The Ultimate WordPress Toolkit โ WP Extended wpextended allows Reflected XSS.This issue affects The Ultimate WordPress Toolkit โ WP Extended: from n/a through <= 3.0.14.
7.1
CVE-2025-30794 - WordPress Event Tickets plugin <= 5.20.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StellarWP Event Tickets event-tickets allows Reflected XSS.This issue affects Event Tickets: from n/a through <= 5.20.0.
7.5
CVE-2025-30793 - WordPress Houzez Property Feed plugin <= 2.5.4 - Arbitrary File Download Vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Property Hive Houzez Property Feed houzez-property-feed allows Path Traversal.This issue affects Houzez Property Feed: from n/a through <= 2.5.4.