5.4
CVE-2025-68998 - WordPress Heateor Social Login plugin <= 1.1.39 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Heateor Support Heateor Social Login heateor-social-login allows Cross Site Request Forgery.This issue affects Heateor Social Login: from n/a through <= 1.1.39.
5.3
CVE-2025-68997 - WordPress wpDiscuz plugin <= 7.6.43 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in AdvancedCoding wpDiscuz wpdiscuz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpDiscuz: from n/a through <= 7.6.43.
7.5
CVE-2025-68996 - WordPress Responsive Posts Carousel Pro plugin <= 15.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WebCodingPlace Responsive Posts Carousel Pro responsive-posts-carousel-pro allows PHP Local File Inclusion.This issue affects Responsive Posts Carousel Pro: from n/a through <= 1β¦
4.3
CVE-2025-68995 - WordPress My Sticky Elements plugin <= 2.3.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in Premio My Sticky Elements mystickyelements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Sticky Elements: from n/a through <= 2.3.3.
5.3
CVE-2025-68994 - WordPress Product Loops for WooCommerce plugin <= 2.1.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in XforWooCommerce Product Loops for WooCommerce product-loops allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Loops for WooCommerce: from n/a through <= 2.1.2.
5.3
CVE-2025-68993 - WordPress Share, Print and PDF Products for WooCommerce plugin <= 3.1.2 - Broken Access Control vulβ¦
Missing Authorization vulnerability in XforWooCommerce Share, Print and PDF Products for WooCommerce share-print-pdf-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Share, Print and PDF Products for WooCommerce: from n/a through <= 3.1.2.
6.5
CVE-2025-68992 - WordPress BWL Knowledge Base Manager plugin <= 1.6.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xenioushk BWL Knowledge Base Manager bwl-kb-manager allows Stored XSS.This issue affects BWL Knowledge Base Manager: from n/a through <= 1.6.3.
6.5
CVE-2025-68991 - WordPress BWL Pro Voting Manager plugin <= 1.4.9 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xenioushk BWL Pro Voting Manager bwl-pro-voting-manager allows DOM-Based XSS.This issue affects BWL Pro Voting Manager: from n/a through <= 1.4.9.
8.5
CVE-2025-68990 - WordPress BWL Pro Voting Manager plugin <= 1.4.9 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in xenioushk BWL Pro Voting Manager bwl-pro-voting-manager allows Blind SQL Injection.This issue affects BWL Pro Voting Manager: from n/a through <= 1.4.9.
4.3
CVE-2025-68989 - WordPress Contact Form 7 Extension For Mailchimp plugin <= 0.9.68 - Sensitive Data Exposure vulneraβ¦
Insertion of Sensitive Information Into Sent Data vulnerability in Renzo Johnson contact-form-7-mailchimp-extension contact-form-7-mailchimp-extension allows Retrieve Embedded Sensitive Data.This issue affects contact-form-7-mailchimp-extension: from n/a through <= 0.9.68.