8.5
CVE-2025-68881 - WordPress AppExperts plugin <= 1.4.5 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saad Iqbal AppExperts appexperts allows SQL Injection.This issue affects AppExperts: from n/a through <= 1.4.5.
7.1
CVE-2025-68871 - WordPress Dooodl plugin <= 2.3.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in noCreativity Dooodl dooodl allows Reflected XSS.This issue affects Dooodl: from n/a through <= 2.3.0.
9.8
CVE-2025-68869 - WordPress LazyTasks plugin <= 1.2.37 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in LazyCoders LLC LazyTasks lazytasks-project-task-management allows Privilege Escalation.This issue affects LazyTasks: from n/a through <= 1.2.37.
7.1
CVE-2025-68866 - WordPress Dinatur plugin <= 1.18 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in woofer696 Dinatur dinatur allows Stored XSS.This issue affects Dinatur: from n/a through <= 1.18.
7.1
CVE-2025-68864 - WordPress Infility Global plugin <= 2.15.06 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Infility Infility Global infility-global allows Stored XSS.This issue affects Infility Global: from n/a through <= 2.15.06.
7.1
CVE-2025-68859 - WordPress Syntax Highlighter Compress plugin <= 3.0.83.3 - Reflected Cross Site Scripting (XSS) vulโฆ
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in agmorpheus Syntax Highlighter Compress syntax-highlighter-compress allows Reflected XSS.This issue affects Syntax Highlighter Compress: from n/a through <= 3.0.83.3.
7.1
CVE-2025-68858 - WordPress wpCAS plugin <= 1.07 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Casey Bisson wpCAS wpcas allows Reflected XSS.This issue affects wpCAS: from n/a through <= 1.07.
9.3
CVE-2025-68857 - WordPress Paid Downloads plugin <= 3.15 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ichurakov Paid Downloads paid-downloads allows Blind SQL Injection.This issue affects Paid Downloads: from n/a through <= 3.15.
7.1
CVE-2025-68849 - WordPress Quote Master plugin <= 7.1.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Frank Corso Quote Master quote-master allows Reflected XSS.This issue affects Quote Master: from n/a through <= 7.1.1.
7.1
CVE-2025-68839 - WordPress Easy Theme Options plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Remi Corson Easy Theme Options easy-theme-options allows Reflected XSS.This issue affects Easy Theme Options: from n/a through <= 1.0.