7.1
CVE-2025-68041 - WordPress Omnichannel for WooCommerce plugin <= 1.3.65 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codisto Omnichannel for WooCommerce codistoconnect allows Stored XSS.This issue affects Omnichannel for WooCommerce: from n/a through <= 1.3.65.
6.5
CVE-2025-68039 - WordPress WP BackItUp plugin <= 2.1.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Chris Simmons WP BackItUp wp-backitup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP BackItUp: from n/a through <= 2.1.0.
7.5
CVE-2025-68035 - WordPress Tabby Checkout plugin <= 5.8.4 - Sensitive Data Exposure vulnerability
Insertion of Sensitive Information Into Sent Data vulnerability in tabbyai Tabby Checkout tabby-checkout allows Retrieve Embedded Sensitive Data.This issue affects Tabby Checkout: from n/a through <= 5.8.4.
9.3
CVE-2025-68034 - WordPress CleverReachยฎ WP plugin <= 1.5.21 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CleverReachยฎ CleverReachยฎ WP cleverreach-wp allows SQL Injection.This issue affects CleverReachยฎ WP: from n/a through <= 1.5.21.
7.2
CVE-2025-68030 - WordPress Frontis Blocks plugin <= 1.1.5 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery (SSRF) vulnerability in WP Messiah Frontis Blocks frontis-blocks allows Server Side Request Forgery.This issue affects Frontis Blocks: from n/a through <= 1.1.5.
7.3
CVE-2025-68027 - WordPress Hydra Booking plugin <= 1.1.32 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in Themefic Hydra Booking hydra-booking allows Privilege Escalation.This issue affects Hydra Booking: from n/a through <= 1.1.32.
6.5
CVE-2025-68020 - WordPress Notifier plugin <= 2.7.13 - Broken Access Control vulnerability
Missing Authorization vulnerability in WANotifier Notifier notifier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Notifier: from n/a through <= 2.7.13.
6.5
CVE-2025-68019 - WordPress SEO Booster plugin <= 6.1.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in cleverplugins SEO Booster seo-booster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEO Booster: from n/a through <= 6.1.8.
9.4
CVE-2025-68018 - WordPress Order Listener for WooCommerce plugin <= 3.6.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in StackWC Order Listener for WooCommerce woc-order-alert allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Listener for WooCommerce: from n/a through <= 3.6.1.
7.5
CVE-2025-68017 - WordPress Antideo Email Validator plugin <= 1.0.10 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Antideo Antideo Email Validator antideo-email-validator allows Blind SQL Injection.This issue affects Antideo Email Validator: from n/a through <= 1.0.10.