6.5
CVE-2025-22670 - WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.7.2 - CSRF to Settings Change vulnerabiβ¦
Missing Authorization vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through <= 1.7.2.
4.3
CVE-2025-22671 - WordPress Disable Elementor Editor Translation plugin <= 1.0.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in Leap13 Disable Elementor Editor Translation disable-elementor-editor-translation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Disable Elementor Editor Translation: from n/a through <= 1.0.2.
4.3
CVE-2025-22673 - WordPress EAN Barcode Generator <= 5.3.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in WPFactory EAN for WooCommerce ean-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EAN for WooCommerce: from n/a through <= 5.3.5.
4.9
CVE-2025-22672 - WordPress Video & Photo Gallery for Ultimate Member plugin <= 1.1.2 - Server Side Request Forgery (β¦
Server-Side Request Forgery (SSRF) vulnerability in SuitePlugins Video & Photo Gallery for Ultimate Member gallery-for-ultimate-member allows Server Side Request Forgery.This issue affects Video & Photo Gallery for Ultimate Member: from n/a through <= 1.1.2.
5.4
CVE-2025-22770 - WordPress Envo Multipurpose theme <= 1.1.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in EnvoThemes Envo Multipurpose allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Envo Multipurpose: from n/a through 1.1.6.
7.1
CVE-2025-25086 - WordPress Secret Meta plugin <= 1.2.1 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in WPDeveloper Secret Meta facebook-secret-meta allows Reflected XSS.This issue affects Secret Meta: from n/a through <= 1.2.1.
5.3
CVE-2025-27793 - Vega vulnerable to Cross-site Scripting via RegExp.prototype[@@replace]
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega prior to version 5.32.0, corresponding to vega-functions prior to version 5.17.0, users running Vega/Vega-lite JSON definitions could run unexpected JavaScript code wheβ¦
6.5
CVE-2025-22816 - WordPress Power Mag theme <= 1.1.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codetrendy Power Mag power-mag allows DOM-Based XSS.This issue affects Power Mag: from n/a through <= 1.1.5.
7.1
CVE-2025-25100 - WordPress Cazamba plugin <= 1.2 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in victoracano Cazamba cazamba allows Reflected XSS.This issue affects Cazamba: from n/a through <= 1.2.
4.4
CVE-2025-2867 - Improper Control of Generation of Code ('Code Injection') in GitLab
An issue has been discovered in the GitLab Duo with Amazon Q affecting all versions from 17.8 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. A specifically crafted issue could manipulate AI-assisted development features to potentially expose sensitive project data to unauthorized userβ¦