5.3

CVSS3.1

CVE-2025-47479 - WordPress WP Compress <= 6.30.30 - Broken Authentication Vulnerability

Weak Authentication vulnerability in AresIT WP Compress allows Authentication Abuse. This issue affects WP Compress: from n/a through 6.30.30.

📅 Published: July 4, 2025, 11:18 a.m. 🔄 Last Modified: July 4, 2025, 12:15 p.m.

6.3

CVSS3.1

CVE-2025-47565 - WordPress EventON plugin <= 4.9.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in ashanjay EventON allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects EventON: from n/a through 4.9.9.

📅 Published: July 4, 2025, 11:18 a.m. 🔄 Last Modified: July 4, 2025, 12:15 p.m.

7.5

CVSS3.1

CVE-2025-47627 - WordPress PrivateContent - Mail Actions plugin <= 2.3.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LCweb PrivateContent - Mail Actions allows PHP Local File Inclusion. This issue affects PrivateContent - Mail Actions: from n/a through 2.3.2.

📅 Published: July 4, 2025, 11:18 a.m. 🔄 Last Modified: July 4, 2025, 12:15 p.m.

6.5

CVSS3.1

CVE-2025-47634 - WordPress WC Pickup Store <= 1.8.9 - Settings Change Vulnerability

Missing Authorization vulnerability in Keylor Mendoza WC Pickup Store allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WC Pickup Store: from n/a through 1.8.9.

📅 Published: July 4, 2025, 11:18 a.m. 🔄 Last Modified: July 4, 2025, 12:15 p.m.

6.5

CVSS3.1

CVE-2025-48231 - WordPress Booking Calendar Contact Form <= 1.2.58 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople Booking Calendar Contact Form allows Stored XSS. This issue affects Booking Calendar Contact Form: from n/a through 1.2.58.

📅 Published: July 4, 2025, 11:18 a.m. 🔄 Last Modified: July 4, 2025, 12:15 p.m.

7.1

CVSS3.1

CVE-2025-49245 - WordPress Testimonials Showcase plugin <= 1.9.16 - Reflected Cross Site Scripting (XSS) vulnerabili…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cmoreira Testimonials Showcase allows Reflected XSS. This issue affects Testimonials Showcase: from n/a through 1.9.16.

📅 Published: July 4, 2025, 11:18 a.m. 🔄 Last Modified: July 4, 2025, 12:15 p.m.

7.1

CVSS3.1

CVE-2025-49247 - WordPress Team Showcase plugin < 25.05.13 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cmoreira Team Showcase allows DOM-Based XSS. This issue affects Team Showcase: from n/a through n/a.

📅 Published: July 4, 2025, 11:18 a.m. 🔄 Last Modified: July 4, 2025, 12:15 p.m.

7.1

CVSS3.1

CVE-2025-49274 - WordPress Neom Blog theme <= 0.0.9 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in awplife Neom Blog allows Reflected XSS. This issue affects Neom Blog: from n/a through 0.0.9.

📅 Published: July 4, 2025, 11:18 a.m. 🔄 Last Modified: July 4, 2025, 12:15 p.m.

10

CVSS3.1

CVE-2025-49302 - WordPress Easy Stripe <= 1.1 - Remote Code Execution (RCE) Vulnerability

Improper Control of Generation of Code ('Code Injection') vulnerability in Scott Paterson Easy Stripe allows Remote Code Inclusion. This issue affects Easy Stripe: from n/a through 1.1.

📅 Published: July 4, 2025, 11:18 a.m. 🔄 Last Modified: July 4, 2025, 12:15 p.m.

6.8

CVSS3.1

CVE-2025-49303 - WordPress Frontend Admin by DynamiApps <= 3.28.7 - Arbitrary File Download Vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Shabti Kaplan Frontend Admin by DynamiApps allows Path Traversal. This issue affects Frontend Admin by DynamiApps: from n/a through 3.28.7.

📅 Published: July 4, 2025, 11:18 a.m. 🔄 Last Modified: July 4, 2025, 12:15 p.m.

CVE Authored by @h3xecute

5.3

CVE-2025-47479 - WordPress WP Compress <= 6.30.30 - Broken Authentication Vulnerability

6.3

CVE-2025-47565 - WordPress EventON plugin <= 4.9.9 - Broken Access Control vulnerability

7.5

CVE-2025-47627 - WordPress PrivateContent - Mail Actions plugin <= 2.3.2 - Local File Inclusion vulnerability

6.5

CVE-2025-47634 - WordPress WC Pickup Store <= 1.8.9 - Settings Change Vulnerability

6.5

CVE-2025-48231 - WordPress Booking Calendar Contact Form <= 1.2.58 - Cross Site Scripting (XSS) Vulnerability

7.1

CVE-2025-49245 - WordPress Testimonials Showcase plugin <= 1.9.16 - Reflected Cross Site Scripting (XSS) vulnerabili…

7.1

CVE-2025-49247 - WordPress Team Showcase plugin < 25.05.13 - Reflected Cross Site Scripting (XSS) vulnerability

7.1

CVE-2025-49274 - WordPress Neom Blog theme <= 0.0.9 - Reflected Cross Site Scripting (XSS) vulnerability

10

CVE-2025-49302 - WordPress Easy Stripe <= 1.1 - Remote Code Execution (RCE) Vulnerability

6.8

CVE-2025-49303 - WordPress Frontend Admin by DynamiApps <= 3.28.7 - Arbitrary File Download Vulnerability