4.3
CVE-2025-30923 - WordPress Gift Message for WooCommerce plugin <= 1.7.8 - Cross Site Request Forgery (CSRF) vulnerabβ¦
Cross-Site Request Forgery (CSRF) vulnerability in powerfulwp Gift Message for WooCommerce gift-message-for-woocommerce allows Cross Site Request Forgery.This issue affects Gift Message for WooCommerce: from n/a through <= 1.7.8.
6.5
CVE-2025-30922 - WordPress Simplebooklet PDF Viewer and Embedder plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in simplebooklet Simplebooklet PDF Viewer and Embedder simplebooklet allows Stored XSS.This issue affects Simplebooklet PDF Viewer and Embedder: from n/a through <= 1.1.1.
7.6
CVE-2025-30921 - WordPress Newsletters plugin <= 4.9.9.7 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tribulant Software Newsletters newsletters-lite allows SQL Injection.This issue affects Newsletters: from n/a through <= 4.9.9.7.
6.5
CVE-2025-30920 - WordPress WP Posts Carousel plugin <= 1.3.7 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in teastudio.pl WP Posts Carousel wp-posts-carousel allows Stored XSS.This issue affects WP Posts Carousel: from n/a through <= 1.3.7.
7.1
CVE-2025-30919 - WordPress Store Locator Widget plugin <= 2025r2 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Store Locator Widgets Store Locator Widget store-locator-widget allows Stored XSS.This issue affects Store Locator Widget: from n/a through <= 2025r2.
6.5
CVE-2025-30918 - WordPress Structured Content plugin <= 1.6.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gordon BΓΆhme Structured Content structured-content allows Stored XSS.This issue affects Structured Content: from n/a through <= 1.6.3.
4.4
CVE-2025-30914 - WordPress Metform Elementor Contact Form Builder plugin <= 3.9.7 - Server Side Request Forgery (SSRβ¦
Server-Side Request Forgery (SSRF) vulnerability in Roxnor Metform metform allows Server Side Request Forgery.This issue affects Metform: from n/a through <= 3.9.2.
5.4
CVE-2025-30912 - WordPress Float menu plugin <= 6.1.2 - Cross Site Request Forgery (CSRF) to Settings Change vulneraβ¦
Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Float menu float-menu allows Cross Site Request Forgery.This issue affects Float menu: from n/a through <= 6.1.2.
4.3
CVE-2025-30909 - WordPress Conversios.io plugin <= 7.2.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in Conversios Conversios.io enhanced-e-commerce-for-woocommerce-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Conversios.io: from n/a through <= 7.2.3.
6.5
CVE-2025-30907 - WordPress SecuPress Free plugin <= 2.2.5.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SecuPress SecuPress Free secupress allows DOM-Based XSS.This issue affects SecuPress Free: from n/a through <= 2.2.5.3.