9.8
CVE-2025-28961 - WordPress URL Shortener <= 3.0.7 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in Md Yeasin Ul Haider URL Shortener allows Object Injection. This issue affects URL Shortener: from n/a through 3.0.7.
8.6
CVE-2025-28965 - WordPress URL Shortener <= 3.0.7 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Md Yeasin Ul Haider URL Shortener allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects URL Shortener: from n/a through 3.0.7.
9.3
CVE-2025-28982 - WordPress WP Pipes plugin <= 1.4.3 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThimPress WP Pipes allows SQL Injection. This issue affects WP Pipes: from n/a through 1.4.3.
7.5
CVE-2025-29000 - WordPress Multi-language Responsive Contact Form plugin <= 2.8 - Broken Access Control Vulnerability
Missing Authorization vulnerability in August Infotech Multi-language Responsive Contact Form allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Multi-language Responsive Contact Form: from n/a through 2.8.
10
CVE-2025-29009 - WordPress Medical Prescription Attachment Plugin for WooCommerce <= 1.2.3 - Arbitrary File Upload Vโฆ
Unrestricted Upload of File with Dangerous Type vulnerability in Webkul Medical Prescription Attachment Plugin for WooCommerce allows Upload a Web Shell to a Web Server. This issue affects Medical Prescription Attachment Plugin for WooCommerce: from n/a through 1.2.3.
9.3
CVE-2025-30936 - WordPress Torod plugin <= 1.9 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Torod Company for Information Technology Torod allows SQL Injection. This issue affects Torod: from n/a through 1.9.
9.8
CVE-2025-30949 - WordPress Site Chat on Telegram plugin <= 1.0.4 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in Guru Team Site Chat on Telegram allows Object Injection. This issue affects Site Chat on Telegram: from n/a through 1.0.4.
7.1
CVE-2025-30955 - WordPress ListingEasy theme <= 1.9.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GT3themes ListingEasy allows Reflected XSS. This issue affects ListingEasy: from n/a through 1.9.2.
6.5
CVE-2025-30959 - WordPress Product XML Feed Manager for WooCommerce <= 2.9.2 - Broken Access Control Vulnerability
Missing Authorization vulnerability in WPFactory Product XML Feed Manager for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Product XML Feed Manager for WooCommerce: from n/a through 2.9.2.
9.8
CVE-2025-30973 - WordPress CoSchool LMS plugin <= 1.4.3 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in Codexpert, Inc CoSchool LMS allows Object Injection. This issue affects CoSchool LMS: from n/a through 1.4.3.