6.5
CVE-2025-50039 - WordPress VG WORT METIS <= 2.0.0 - Broken Access Control Vulnerability
Missing Authorization vulnerability in vgwort VG WORT METIS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects VG WORT METIS: from n/a through 2.0.0.
7.2
CVE-2025-52718 - WordPress Alone <= 7.8.2 - Arbitrary Code Execution Vulnerability
Improper Control of Generation of Code ('Code Injection') vulnerability in Bearsthemes Alone allows Remote Code Inclusion. This issue affects Alone: from n/a through 7.8.2.
7.1
CVE-2025-52776 - WordPress Video List Manager <= 1.7 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thanhtungtnt Video List Manager allows Stored XSS. This issue affects Video List Manager: from n/a through 1.7.
7.1
CVE-2025-52796 - WordPress WP-Recall <= 16.26.14 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tggfref WP-Recall allows Reflected XSS. This issue affects WP-Recall: from n/a through 16.26.14.
7.1
CVE-2025-52798 - WordPress JobSearch <= 2.9.0 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eyecix JobSearch allows Reflected XSS. This issue affects JobSearch: from n/a through 2.9.0.
7.5
CVE-2025-52805 - WordPress Leyka <= 3.31.9 - Local File Inclusion Vulnerability
Path Traversal vulnerability in VaultDweller Leyka allows PHP Local File Inclusion. This issue affects Leyka: from n/a through 3.31.9.
8.1
CVE-2025-52807 - WordPress Kossy - Minimalist eCommerce WordPress Theme <= 1.45 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusWP Kossy - Minimalist eCommerce WordPress Theme allows PHP Local File Inclusion. This issue affects Kossy - Minimalist eCommerce WordPress Theme: from n/a through 1.45.
8.1
CVE-2025-52813 - WordPress MobiLoud <= 4.6.5 - Broken Access Control Vulnerability
Missing Authorization vulnerability in pietro MobiLoud allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MobiLoud: from n/a through 4.6.5.
8.8
CVE-2025-52828 - WordPress Red Art <= 3.7 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in designthemes Red Art allows Object Injection. This issue affects Red Art: from n/a through 3.7.
9.3
CVE-2025-52830 - WordPress bSecure โ Your Universal Checkout <= 1.7.9 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bsecuretech bSecure – Your Universal Checkout allows Blind SQL Injection. This issue affects bSecure – Your Universal Checkout: from n/a through 1.7.9.