7.1
CVE-2025-23574 - WordPress CubePM plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jonathan Lau CubePM cubepm allows Reflected XSS.This issue affects CubePM: from n/a through <= 1.0.
7.1
CVE-2025-23531 - WordPress RSVPMaker Volunteer Roles plugin <= 1.5.1 - Reflected Cross Site Scripting (XSS) vulnerabβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in davidfcarr RSVPMaker Volunteer Roles rsvpmaker-volunteer-roles allows Reflected XSS.This issue affects RSVPMaker Volunteer Roles: from n/a through <= 1.5.1.
6.5
CVE-2025-23529 - WordPress Minterpress plugin <= 1.0.5 - Arbitrary Content Deletion vulnerability
Missing Authorization vulnerability in blokhauswp Minterpress minterpress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Minterpress: from n/a through <= 1.0.5.
7.1
CVE-2025-22513 - WordPress Simple Locator Plugin <= 2.0.4 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kyle Phillips Simple Locator simple-locator allows Reflected XSS.This issue affects Simple Locator: from n/a through <= 2.0.4.
4.3
CVE-2025-24754 - WordPress Houzez theme <= 3.4.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in favethemes Houzez houzez.This issue affects Houzez: from n/a through <= 3.4.0.
8.1
CVE-2025-24685 - WordPress Morkva UA Shipping plugin <= 1.0.18 - Local File Inclusion vulnerability
Path Traversal: '.../...//' vulnerability in Ihor Kit Morkva UA Shipping morkva-ua-shipping allows PHP Local File Inclusion.This issue affects Morkva UA Shipping: from n/a through <= 1.0.18.
9.3
CVE-2025-24664 - WordPress LTL Freight Quotes Plugin <= 5.0.20 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in enituretechnology LTL Freight Quotes β Worldwide Express Edition ltl-freight-quotes-worldwide-express-edition allows SQL Injection.This issue affects LTL Freight Quotes β Worldwide Express Edition:β¦
9.3
CVE-2025-24612 - WordPress Shipping for Nova Poshta plugin <= 1.19.6 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ihor Kit Shipping for Nova Poshta nova-poshta-ttn allows SQL Injection.This issue affects Shipping for Nova Poshta: from n/a through <= 1.19.6.
9.8
CVE-2025-24601 - WordPress FundPress plugin <= 2.0.6 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in ThimPress FundPress fundpress allows Object Injection.This issue affects FundPress: from n/a through <= 2.0.6.
4.3
CVE-2025-24584 - WordPress Ultimate Store Kit Elementor Addons plugin <= 2.3.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in bdthemes Ultimate Store Kit Elementor Addons ultimate-store-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Store Kit Elementor Addons: from n/a through <= 2.3.0.