7.6
CVE-2025-24587 - WordPress Email Subscription Popup plugin <= 1.2.23 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nks Email Subscription Popup email-subscribe allows Blind SQL Injection.This issue affects Email Subscription Popup: from n/a through <= 1.2.23.
2.8
CVE-2024-35122 - IBM i denial of service
IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to a file level local denial of service caused by an insufficient authority requirement. A local non-privileged user can configure a referential constraint with the privileges of a user socially engineered to access the target file.
4.3
CVE-2025-24736 - WordPress Post Duplicator plugin <= 2.35 - Broken Access Control vulnerability
Missing Authorization vulnerability in metaphorcreations Post Duplicator post-duplicator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Duplicator: from n/a through <= 2.35.
6.5
CVE-2025-24746 - WordPress Popup Maker plugin <= 1.20.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Daniel Iser Popup Maker popup-maker allows Stored XSS.This issue affects Popup Maker: from n/a through <= 1.20.2.
6.5
CVE-2025-24755 - WordPress PDF Invoice Builder for WooCommerce plugin <= 4.6.0 - Cross Site Scripting (XSS) vulnerabβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in add-ons.org PDF Invoice Builder for WooCommerce pdf-for-woocommerce allows Stored XSS.This issue affects PDF Invoice Builder for WooCommerce: from n/a through <= 4.6.0.
4.3
CVE-2025-24753 - WordPress Kadence Blocks plugin <= 3.3.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in StellarWP Gutenberg Blocks by Kadence Blocks kadence-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenberg Blocks by Kadence Blocks: from n/a through <= 3.3.1.
4.3
CVE-2025-24751 - WordPress CoBlocks plugin <= 3.1.13 - Broken Access Control vulnerability
Missing Authorization vulnerability in GoDaddy CoBlocks coblocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CoBlocks: from n/a through <= 3.1.13.
5.4
CVE-2025-24750 - WordPress ExactMetrics plugin <= 8.1.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Syed Balkhi ExactMetrics google-analytics-dashboard-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ExactMetrics: from n/a through <= 8.1.0.
7.1
CVE-2025-24756 - WordPress Roi Calculator plugin <= 1.0 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in mgplugin Roi Calculator roi-calculator allows Stored XSS.This issue affects Roi Calculator: from n/a through <= 1.0.
6.5
CVE-2025-24729 - WordPress ElementInvader Addons for Elementor plugin <= 1.3.3 - Cross Site Scripting (XSS) vulnerabβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows Stored XSS.This issue affects ElementInvader Addons for Elementor: from n/a through <= 1.3.3.