8.8
CVE-2025-49382 - WordPress JobZilla - Job Board WordPress Theme Theme <= 2.0 - Cross Site Request Forgery (CSRF) Vulโฆ
Cross-Site Request Forgery (CSRF) vulnerability in DexignZone JobZilla - Job Board WordPress Theme allows Privilege Escalation. This issue affects JobZilla - Job Board WordPress Theme: from n/a through 2.0.
6.5
CVE-2025-49389 - WordPress Notice Bar Plugin <= 3.1.3 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WEN Solutions Notice Bar allows Stored XSS. This issue affects Notice Bar: from n/a through 3.1.3.
4.3
CVE-2025-49391 - WordPress Sign-up Sheets Plugin <= 2.3.3 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Fetch Designs Sign-up Sheets allows Cross Site Request Forgery. This issue affects Sign-up Sheets: from n/a through 2.3.3.
5.9
CVE-2025-49392 - WordPress Themify Audio Dock Plugin <= 2.0.5 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Audio Dock allows Stored XSS. This issue affects Themify Audio Dock: from n/a through 2.0.5.
6.5
CVE-2025-49395 - WordPress Themify Icons Plugin <= 2.0.3 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Icons allows Stored XSS. This issue affects Themify Icons: from n/a through 2.0.3.
4.3
CVE-2025-49396 - WordPress Themify Builder Plugin <= 7.6.7 - Broken Access Control Vulnerability
Missing Authorization vulnerability in themifyme Themify Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Themify Builder: from n/a through 7.6.7.
6.5
CVE-2025-49397 - WordPress Colorbox Lightbox Plugin <= 1.1.5 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Colorbox Lightbox allows Stored XSS. This issue affects Colorbox Lightbox: from n/a through 1.1.5.
8.8
CVE-2025-49399 - WordPress NEX-Forms Plugin <= 9.1.3 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms allows Cross Site Request Forgery. This issue affects NEX-Forms: from n/a through 9.1.3.
6.5
CVE-2025-49400 - WordPress WP Visitor Statistics (Real Time Traffic) Plugin <= 8.2 - Cross Site Scripting (XSS) Vulnโฆ
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in osama.esh WP Visitor Statistics (Real Time Traffic) allows Stored XSS. This issue affects WP Visitor Statistics (Real Time Traffic): from n/a through 8.2.
5.3
CVE-2025-49406 - WordPress Houzez Theme <= 4.1.1 - Broken Access Control Vulnerability
Missing Authorization vulnerability in favethemes Houzez allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Houzez: from n/a through 4.1.1.