7.5
CVE-2025-68983 - WordPress Greenmart theme <= 4.2.11 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Greenmart greenmart allows PHP Local File Inclusion.This issue affects Greenmart: from n/a through <= 4.2.11.
5.3
CVE-2025-68982 - WordPress DesignThemes LMS Addon plugin <= 2.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in designthemes DesignThemes LMS Addon designthemes-lms-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DesignThemes LMS Addon: from n/a through <= 2.6.
5.3
CVE-2025-68981 - WordPress HomeFix Elementor Portfolio plugin <= 1.0.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in designthemes HomeFix Elementor Portfolio homefix-ele-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HomeFix Elementor Portfolio: from n/a through <= 1.0.1.
5.3
CVE-2025-68980 - WordPress WeDesignTech Portfolio plugin <= 1.0.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in designthemes WeDesignTech Portfolio wedesigntech-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WeDesignTech Portfolio: from n/a through <= 1.0.2.
5.3
CVE-2025-68979 - WordPress Google Calendar Events plugin <= 3.5.9 - Insecure Direct Object References (IDOR) vulneraβ¦
Authorization Bypass Through User-Controlled Key vulnerability in SimpleCalendar Google Calendar Events google-calendar-events allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Google Calendar Events: from n/a through <= 3.5.9.
6.5
CVE-2025-68978 - WordPress DesignThemes Core plugin <= 1.6 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes DesignThemes Core designthemes-core allows DOM-Based XSS.This issue affects DesignThemes Core: from n/a through <= 1.6.
6.5
CVE-2025-68977 - WordPress DesignThemes Portfolio Addon plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes DesignThemes Portfolio Addon designthemes-portfolio-addon allows DOM-Based XSS.This issue affects DesignThemes Portfolio Addon: from n/a through <= 1.5.
5.4
CVE-2025-68976 - WordPress Eagle Booking plugin <= 1.3.4.3 - Settings Change vulnerability
Missing Authorization vulnerability in Eagle-Themes Eagle Booking eagle-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eagle Booking: from n/a through <= 1.3.4.3.
4.3
CVE-2025-68975 - WordPress Eagle Booking plugin <= 1.3.4.3 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Eagle-Themes Eagle Booking eagle-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eagle Booking: from n/a through <= 1.3.4.3.
6.6
CVE-2025-68974 - WordPress WordPress Social Login and Register plugin <= 7.7.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in miniOrange WordPress Social Login and Register miniorange-login-openid allows PHP Local File Inclusion.This issue affects WordPress Social Login and Register: from n/a through <=β¦