8.8
CVE-2025-30846 - WordPress Restaurant Menu by MotoPress plugin <= 2.4.4 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jetmonsters Restaurant Menu by MotoPress mp-restaurant-menu allows PHP Local File Inclusion.This issue affects Restaurant Menu by MotoPress: from n/a through <= 2.4.4.
7.5
CVE-2025-30845 - WordPress The Pack Elementor addons plugin <= 2.1.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in webangon The Pack Elementor addons the-pack-addon allows PHP Local File Inclusion.This issue affects The Pack Elementor addons: from n/a through <= 2.1.1.
7.6
CVE-2025-30843 - WordPress bizcalendar-web plugin <= 1.1.0.34 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in setriosoft bizcalendar-web bizcalendar-web allows SQL Injection.This issue affects bizcalendar-web: from n/a through <= 1.1.0.34.
4.3
CVE-2025-30842 - WordPress Christmas Panda plugin <= 1.0.4 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in pixolette Christmas Panda christmas-panda allows Cross Site Request Forgery.This issue affects Christmas Panda: from n/a through <= 1.0.4.
5.3
CVE-2025-30839 - WordPress Taxi Booking Manager for WooCommerce plugin <= 1.2.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in magepeopleteam Taxi Booking Manager for WooCommerce ecab-taxi-booking-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Taxi Booking Manager for WooCommerce: from n/a through <= 1.2.1.
6.5
CVE-2025-30838 - WordPress Cozy Blocks plugin <= 2.1.6 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CozyThemes Cozy Blocks cozy-addons allows Stored XSS.This issue affects Cozy Blocks: from n/a through <= 2.1.6.
6.5
CVE-2025-30836 - WordPress LatePoint plugin <= 5.1.6 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LatePoint LatePoint latepoint allows Stored XSS.This issue affects LatePoint: from n/a through <= 5.1.6.
4.3
CVE-2025-30833 - WordPress Verge3D Publishing and E-Commerce Plugin <= 4.8.2 - Cross Site Request Forgery (CSRF) vulโฆ
Cross-Site Request Forgery (CSRF) vulnerability in Soft8Soft LLC Verge3D verge3d allows Cross Site Request Forgery.This issue affects Verge3D: from n/a through <= 4.8.2.
6.5
CVE-2025-30832 - WordPress Themify Event Post Plugin <= 1.3.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Event Post themify-event-post allows DOM-Based XSS.This issue affects Themify Event Post: from n/a through <= 1.3.2.
7.5
CVE-2025-30831 - WordPress Themify Event Post Plugin <= 1.3.2 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themifyme Themify Event Post themify-event-post allows PHP Local File Inclusion.This issue affects Themify Event Post: from n/a through <= 1.3.2.