6.5
CVE-2025-26922 - WordPress AuraMart theme <= 2.0.7 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in techthemes AuraMart auramart allows Stored XSS.This issue affects AuraMart: from n/a through <= 2.0.7.
6.5
CVE-2025-26923 - WordPress Event post plugin <= 5.9.8 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bastien Ho Event post event-post allows Stored XSS.This issue affects Event post: from n/a through <= 5.9.8.
5.9
CVE-2025-26929 - WordPress Accounting for WooCommerce plugin <= 1.6.8 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bastien Ho Accounting for WooCommerce accounting-for-woocommerce allows Stored XSS.This issue affects Accounting for WooCommerce: from n/a through <= 1.6.8.
9.3
CVE-2025-26941 - WordPress Church Admin plugin <= 5.0.18 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in andy_moyle Church Admin church-admin allows SQL Injection.This issue affects Church Admin: from n/a through <= 5.0.18.
8.1
CVE-2025-26986 - WordPress Pearl Theme < 3.4.8 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Pearl - Corporate Business pearl allows PHP Local File Inclusion.This issue affects Pearl - Corporate Business: from n/a through < 3.4.8.
7.1
CVE-2025-27014 - WordPress Hostiko Theme < 30.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designingmedia Hostiko hostiko allows Reflected XSS.This issue affects Hostiko: from n/a through < 30.1.
7.5
CVE-2025-27015 - WordPress Hostiko Theme < 30.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in designingmedia Hostiko hostiko allows PHP Local File Inclusion.This issue affects Hostiko: from n/a through < 30.1.
9.3
CVE-2025-30524 - WordPress Product Catalog plugin <= 1.0.4 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in origincode Product Catalog displayproduct allows SQL Injection.This issue affects Product Catalog: from n/a through <= 1.0.4.
9.3
CVE-2025-28942 - WordPress Trust Payments Gateway for WooCommerce plugin <= 1.1.4 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Trust Payments Trust Payments Gateway for WooCommerce trust-payments-hosted-payment-pages-integration allows SQL Injection.This issue affects Trust Payments Gateway for WooCommerce: from n/a througβ¦
8.5
CVE-2025-28939 - WordPress WP Google Calendar Manager plugin <= 2.1 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in EuroCizia WP Google Calendar Manager wp-gcalendar allows Blind SQL Injection.This issue affects WP Google Calendar Manager: from n/a through <= 2.1.