9.3
CVE-2025-24667 - WordPress Small Package Quotes Plugin <= 5.2.17 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in enituretechnology Small Package Quotes β Worldwide Express Edition small-package-quotes-wwe-edition allows SQL Injection.This issue affects Small Package Quotes β Worldwide Express Edition: from n/β¦
9.3
CVE-2025-24665 - WordPress Small Package Quotes Plugin <= 2.4.8 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in enituretechnology Small Package Quotes β Unishippers Edition small-package-quotes-unishippers-edition allows SQL Injection.This issue affects Small Package Quotes β Unishippers Edition: from n/a thβ¦
5.3
CVE-2025-24662 - WordPress LearnDash LMS Plugin <= 4.20.0.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in LearnDash LearnDash LMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LearnDash LMS: from n/a through 4.20.0.1.
4.3
CVE-2025-24653 - WordPress Admin and Site Enhancements (ASE) Pro Plugin <= 7.6.1.1 - Broken Access Control vulnerabiβ¦
Missing Authorization vulnerability in NotFound Admin and Site Enhancements (ASE) Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Admin and Site Enhancements (ASE) Pro: from n/a through 7.6.1.1.
0.0
CVE-2025-24628 - WordPress reCaptcha by BestWebSoft Plugin <= 1.78 - Captcha Bypass vulnerability
Authentication Bypass by Spoofing vulnerability in bestwebsoft Google Captcha google-captcha allows Identity Spoofing.This issue affects Google Captcha: from n/a through <= 1.78.
7.1
CVE-2025-24626 - WordPress Music Store β WordPress eCommerce Plugin <= 1.1.19 - Reflected Cross Site Scripting (XSS)β¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople Music Store music-store allows Reflected XSS.This issue affects Music Store: from n/a through <= 1.1.19.
0.0
CVE-2025-24606 - WordPress Client Invoicing by Sprout Invoices β Easy Estimates and Invoices for WordPress plugin <=β¦
Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.1.
4.3
CVE-2025-24603 - WordPress Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerβ¦
Missing Authorization vulnerability in Dmitry V. (CEO of "UKR Solution") Print Barcode Labels for your WooCommerce products/orders a4-barcode-generator.This issue affects Print Barcode Labels for your WooCommerce products/orders: from n/a through <= 3.4.10.
5.3
CVE-2025-24600 - WordPress RSVPMaker plugin <= 11.4.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in davidfcarr RSVPMarker rsvpmaker.This issue affects RSVPMarker : from n/a through <= 11.4.5.
7.1
CVE-2025-24593 - WordPress Edwiser Bridge plugin <= 3.0.8 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WisdmLabs Edwiser Bridge edwiser-bridge allows Reflected XSS.This issue affects Edwiser Bridge: from n/a through <= 3.0.8.