5.3
CVE-2025-68993 - WordPress Share, Print and PDF Products for WooCommerce plugin <= 3.1.2 - Broken Access Control vulβ¦
Missing Authorization vulnerability in XforWooCommerce Share, Print and PDF Products for WooCommerce share-print-pdf-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Share, Print and PDF Products for WooCommerce: from n/a through <= 3.1.2.
6.5
CVE-2025-68992 - WordPress BWL Knowledge Base Manager plugin <= 1.6.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xenioushk BWL Knowledge Base Manager bwl-kb-manager allows Stored XSS.This issue affects BWL Knowledge Base Manager: from n/a through <= 1.6.3.
6.1
CVE-2025-68991 - WordPress BWL Pro Voting Manager plugin <= 1.4.9 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xenioushk BWL Pro Voting Manager bwl-pro-voting-manager allows DOM-Based XSS.This issue affects BWL Pro Voting Manager: from n/a through <= 1.4.9.
9.8
CVE-2025-68990 - WordPress BWL Pro Voting Manager plugin <= 1.4.9 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in xenioushk BWL Pro Voting Manager bwl-pro-voting-manager allows Blind SQL Injection.This issue affects BWL Pro Voting Manager: from n/a through <= 1.4.9.
7.5
CVE-2025-68989 - WordPress Contact Form 7 Extension For Mailchimp plugin <= 0.9.68 - Sensitive Data Exposure vulneraβ¦
Insertion of Sensitive Information Into Sent Data vulnerability in Renzo Johnson contact-form-7-mailchimp-extension contact-form-7-mailchimp-extension allows Retrieve Embedded Sensitive Data.This issue affects contact-form-7-mailchimp-extension: from n/a through <= 0.9.68.
7.5
CVE-2025-68988 - WordPress E-Invoice App Malaysia plugin <= 1.3.0 - Sensitive Data Exposure vulnerability
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in o2oe E-Invoice App Malaysia einvoiceapp-malaysia allows Retrieve Embedded Sensitive Data.This issue affects E-Invoice App Malaysia: from n/a through <= 1.3.0.
9.8
CVE-2025-68987 - WordPress Cinerama theme <= 2.9 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Edge-Themes Cinerama cinerama allows PHP Local File Inclusion.This issue affects Cinerama: from n/a through <= 2.9.
9.8
CVE-2025-68985 - WordPress Aora theme <= 1.3.15 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Aora aora allows PHP Local File Inclusion.This issue affects Aora: from n/a through <= 1.3.15.
9.8
CVE-2025-68984 - WordPress Puca theme <= 2.6.39 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Puca puca allows PHP Local File Inclusion.This issue affects Puca: from n/a through <= 2.6.39.
9.8
CVE-2025-68983 - WordPress Greenmart theme <= 4.2.11 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Greenmart greenmart allows PHP Local File Inclusion.This issue affects Greenmart: from n/a through <= 4.2.11.