7.1
CVE-2025-22628 - WordPress Filled In Plugin <= 1.9.2 - CSRF to Stored XSS vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FolioVision Filled In filled-in allows Stored XSS.This issue affects Filled In: from n/a through <= 1.9.2.
5.3
CVE-2025-22629 - WordPress iNET Webkit Plugin <= 1.2.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in iNET iNET Webkit inet-webkit allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects iNET Webkit: from n/a through <= 1.2.2.
5.4
CVE-2025-22634 - WordPress Easy Booked Plugin <= 2.4.5 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in MD Abu Jubayer Hossain Easy Booked β Appointment Booking and Scheduling Management System for WordPress easy-booked allows Cross Site Request Forgery.This issue affects Easy Booked β Appointment Booking and Scheduling Management System for WordPresβ¦
4.3
CVE-2025-22637 - WordPress Print PDF Generator and Publisher plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) vulβ¦
Cross-Site Request Forgery (CSRF) vulnerability in verkkovaraani Print PDF Generator and Publisher nopeamedia allows Cross Site Request Forgery.This issue affects Print PDF Generator and Publisher: from n/a through <= 1.2.0.
6.5
CVE-2025-22638 - WordPress Product Table For WooCommerce Plugin <= 1.2.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in acowebs Product Table For WooCommerce product-table-for-woocommerce allows Stored XSS.This issue affects Product Table For WooCommerce: from n/a through <= 1.2.3.
5.9
CVE-2025-22640 - WordPress Paytm Payment Donation Plugin <= 2.3.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in integrationdevpaytm Paytm Payment Donation paytm-donation allows Stored XSS.This issue affects Paytm Payment Donation: from n/a through <= 2.3.3.
6.5
CVE-2025-22644 - WordPress Vayu Blocks β Gutenberg Blocks plugin <= 1.4.7 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeHunk Vayu Blocks β Gutenberg Blocks for WordPress & WooCommerce vayu-blocks allows Stored XSS.This issue affects Vayu Blocks β Gutenberg Blocks for WordPress & WooCommerce: from n/a through <=β¦
6.5
CVE-2025-22646 - WordPress aThemes Addons for Elementor plugin <= 1.0.8 - Stored Cross Site Scripting (XSS) vulnerabβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syed Balkhi aThemes Addons for Elementor athemes-addons-for-elementor-lite allows Stored XSS.This issue affects aThemes Addons for Elementor: from n/a through <= 1.0.8.
4.3
CVE-2025-22647 - WordPress AIO Performance Profiler plugin <= 1.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in Smackcoders Inc., AIO Performance Profiler, Monitor, Optimize, Compress & Debug all-in-one-performance-accelerator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AIO Performance Profiler, Monitor, Optimize, Compress β¦
7.2
CVE-2025-30067 - Apache Kylin: The remote code execution via jdbc url
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Kylin. If an attacker gets access to Kylin's system or project admin permission, the JDBC connection configuration maybe altered to execute arbitrary code from the remote. You are fine as long as the Kylin's system aβ¦