5.9
CVE-2025-30904 - WordPress Chartify plugin <= 3.1.7 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Chartify chart-builder allows Stored XSS.This issue affects Chartify: from n/a through <= 3.1.7.
6.5
CVE-2025-30903 - WordPress SyntaxHighlighter Evolved plugin <= 3.7.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alex Mills SyntaxHighlighter Evolved syntaxhighlighter allows DOM-Based XSS.This issue affects SyntaxHighlighter Evolved: from n/a through <= 3.7.1.
6.5
CVE-2025-30900 - WordPress Zoho Billing – Embed Payment Form plugin <= 4.0 - Stored Cross Site Scripting (XSS) vulne…
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zoho Subscriptions Zoho Billing – Embed Payment Form allows Stored XSS. This issue affects Zoho Billing – Embed Payment Form: from n/a through 4.0.
5.9
CVE-2025-30899 - WordPress User Registration plugin <= 4.0.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Registration user-registration allows Stored XSS.This issue affects User Registration: from n/a through <= 4.0.3.
6.5
CVE-2025-30898 - WordPress افزونه حمل و نقل ووکامرس (پست پیشتاز و سفارشی، پیک موتوری) plugin <= 4.2.3 - Cross Site S…
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mahdi Yousefi [MahdiY] افزونه حمل و نقل ووکامرس (پست پیشتاز و سفارشی، پیک موتوری) persian-woocommerce-shipping allows Stored XSS.This issue affects افزونه حمل و نقل ووکامرس (پست پیشتاز و سفارشی، پی…
4.3
CVE-2025-30897 - WordPress Analytify plugin <= 5.5.1 - Settings Change vulnerability
Missing Authorization vulnerability in Adnan Analytify wp-analytify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Analytify: from n/a through <= 5.5.1.
5.4
CVE-2025-30896 - WordPress WP ERP plugin <= 1.13.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in weDevs WP ERP erp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP ERP: from n/a through <= 1.13.4.
7.5
CVE-2025-30895 - WordPress WpEvently Plugin <= 4.2.9 - PHP Object Injection vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in magepeopleteam WpEvently mage-eventpress allows PHP Local File Inclusion.This issue affects WpEvently: from n/a through <= 4.2.9.
4.3
CVE-2025-30894 - WordPress WP Fast Total Search plugin <= 1.79.262 - Broken Access Control vulnerability
Missing Authorization vulnerability in Epsiloncool WP Fast Total Search fulltext-search allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Fast Total Search: from n/a through <= 1.79.262.
6.5
CVE-2025-30893 - WordPress LeadConnector plugin <= 3.0.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LeadConnector LeadConnector leadconnector allows DOM-Based XSS.This issue affects LeadConnector: from n/a through <= 3.0.2.