8.8
CVE-2025-30891 - WordPress WpTravelly Plugin <= 1.8.7 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magepeopleteam WpTravelly tour-booking-manager allows PHP Local File Inclusion.This issue affects WpTravelly: from n/a through <= 1.8.7.
7.5
CVE-2025-30890 - WordPress Login Widget for Ultimate Member plugin <= 1.1.2 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SuitePlugins Login Widget for Ultimate Member login-widget-for-ultimate-member allows PHP Local File Inclusion.This issue affects Login Widget for Ultimate Member: from n/a throuβ¦
4.3
CVE-2025-30888 - WordPress Custom Fields Account Registration For Woocommerce Plugin <= 1.1 - Cross Site Request Forβ¦
Cross-Site Request Forgery (CSRF) vulnerability in silverplugins217 Custom Fields Account Registration For Woocommerce custom-fields-account-registration-for-woocommerce allows Cross Site Request Forgery.This issue affects Custom Fields Account Registration For Woocommerce: from n/a through <= 1.1.
5.3
CVE-2025-30887 - WordPress WpEvently Plugin <= 4.2.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in magepeopleteam WpEvently mage-eventpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpEvently: from n/a through <= 4.2.9.
4.7
CVE-2025-30885 - WordPress Bit Form plugin <= 2.18.0 - Open Redirection vulnerability
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Bit Apps Bit Form bit-form allows Phishing.This issue affects Bit Form: from n/a through <= 2.18.0.
4.7
CVE-2025-30884 - WordPress Bit Integrations plugin <= 2.4.10 - Open Redirection vulnerability
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Bit Apps Bit Integrations bit-integrations allows Phishing.This issue affects Bit Integrations: from n/a through <= 2.4.10.
4.3
CVE-2025-30883 - WordPress Trust.Reviews plugin <= 2.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in richplugins Trust.Reviews fb-reviews-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trust.Reviews: from n/a through <= 2.3.
4.3
CVE-2025-30881 - WordPress Big Store theme <= 2.0.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in themehunk Big Store big-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Big Store: from n/a through <= 2.0.8.
7.6
CVE-2025-30879 - WordPress MC Woocommerce Wishlist plugin <= 1.8.9 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Moreconvert Team MC Woocommerce Wishlist smart-wishlist-for-more-convert allows SQL Injection.This issue affects MC Woocommerce Wishlist: from n/a through <= 1.8.9.
2.7
CVE-2025-30877 - WordPress Quiz Cat plugin <= 3.0.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in fatcatapps Quiz Cat quiz-cat allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz Cat: from n/a through <= 3.0.8.