7.1
CVE-2025-48153 - WordPress Import CDN-Remote Images plugin <= 2.1.2 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Atakan Au Import CDN-Remote Images allows Stored XSS. This issue affects Import CDN-Remote Images: from n/a through 2.1.2.
5.3
CVE-2025-48155 - WordPress Residential Address Detection plugin <= 2.5.9 - Broken Access Control Vulnerability
Missing Authorization vulnerability in enituretechnology Residential Address Detection allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Residential Address Detection: from n/a through 2.5.9.
6.5
CVE-2025-48156 - WordPress Image Wall plugin <= 3.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Parakoos Image Wall allows Stored XSS. This issue affects Image Wall: from n/a through 3.1.
7.6
CVE-2025-48161 - WordPress YaySMTP plugin <= 1.3 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce YaySMTP allows SQL Injection. This issue affects YaySMTP: from n/a through 1.3.
5.3
CVE-2025-48166 - WordPress Stop and Block bots plugin Anti bots <= 1.48 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Bill Minozzi Stop and Block bots plugin Anti bots allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Stop and Block bots plugin Anti bots: from n/a through 1.48.
5.4
CVE-2025-48167 - WordPress Chatbox Manager plugin <= 1.2.5 - Broken Access Control Vulnerability
Missing Authorization vulnerability in alexvtn Chatbox Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Chatbox Manager: from n/a through 1.2.5.
4.4
CVE-2025-48294 - WordPress FG Drupal to WordPress plugin <= 3.90.0 - Server Side Request Forgery (SSRF) Vulnerability
Server-Side Request Forgery (SSRF) vulnerability in Kerfred FG Drupal to WordPress allows Server Side Request Forgery. This issue affects FG Drupal to WordPress: from n/a through 3.90.0.
6.5
CVE-2025-48295 - WordPress Easy Elementor Addons plugin <= 2.2.5 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hashthemes Easy Elementor Addons allows Stored XSS. This issue affects Easy Elementor Addons: from n/a through 2.2.5.
7.6
CVE-2025-48299 - WordPress YayExtra plugin <= 1.5.5 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce YayExtra allows SQL Injection. This issue affects YayExtra: from n/a through 1.5.5.
7.6
CVE-2025-48301 - WordPress SMTP for SendGrid โ YaySMTP plugin <= 1.5 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce SMTP for SendGrid โ YaySMTP allows SQL Injection. This issue affects SMTP for SendGrid โ YaySMTP: from n/a through 1.5.