8.8
CVE-2025-62886 - WordPress Pricing Table builder plugin <= 1.5.1 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in wpdevart Pricing Table builder wpdevart-pricing-table allows Stored XSS.This issue affects Pricing Table builder: from n/a through <= 1.5.1.
6.5
CVE-2025-62885 - WordPress WP VR plugin <= 8.5.42 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RexTheme WP VR wpvr allows DOM-Based XSS.This issue affects WP VR: from n/a through <= 8.5.42.
5.3
CVE-2025-62884 - WordPress Coupon Affiliates plugin <= 7.0.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in Elliot Sowersby / RelyWP Coupon Affiliates woo-coupon-usage allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Coupon Affiliates: from n/a through <= 7.0.3.
4.3
CVE-2025-62883 - WordPress Premmerce User Roles plugin <= 1.0.13 - Broken Access Control vulnerability
Missing Authorization vulnerability in Premmerce Premmerce User Roles premmerce-user-roles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premmerce User Roles: from n/a through <= 1.0.13.
4.3
CVE-2025-62882 - WordPress Seriously Simple Podcasting plugin <= 3.13.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Seriously Simple Podcasting: from n/a through <= 3.13.0.
4.3
CVE-2025-62881 - WordPress WP-Lister Lite for eBay plugin <= 3.8.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in WP Lab WP-Lister Lite for eBay wp-lister-for-ebay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-Lister Lite for eBay: from n/a through <= 3.8.3.
5.3
CVE-2025-12202 - ajayrandhawa User-Management-PHP-MYSQL web cross-site request forgery
A security flaw has been discovered in ajayrandhawa User-Management-PHP-MYSQL web up to fedcf58797bf2791591606f7b61fdad99ad8bff1. This vulnerability affects unknown code. Performing manipulation results in cross-site request forgery. The attack can be initiated remotely. The exploit has been releasβ¦
5.1
CVE-2025-12201 - ajayrandhawa User-Management-PHP-MYSQL User Management edit-user.php unrestricted upload
A vulnerability was identified in ajayrandhawa User-Management-PHP-MYSQL up to fedcf58797bf2791591606f7b61fdad99ad8bff1. This affects an unknown part of the file /admin/edit-user.php of the component User Management Interface. Such manipulation of the argument image leads to unrestricted upload. Itβ¦
4.8
CVE-2025-12200 - dnsmasq Config File option.c parse_dhcp_opt null pointer dereference
A vulnerability was determined in dnsmasq up to 2.73rc6. Affected by this issue is the function parse_dhcp_opt of the file src/option.c of the component Config File Handler. This manipulation of the argument m causes null pointer dereference. The attack can only be executed locally. The exploit hasβ¦
4.8
CVE-2025-12199 - dnsmasq Config File network.c check_servers null pointer dereference
A vulnerability was found in dnsmasq up to 2.73rc6. Affected by this vulnerability is the function check_servers of the file src/network.c of the component Config File Handler. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit has been madeβ¦