4.3
CVE-2025-62078 - WordPress Easy Upload Files During Checkout plugin <= 3.0.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Fahad Mahmood Easy Upload Files During Checkout easy-upload-files-during-checkout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Upload Files During Checkout: from n/a through <= 3.0.0.
4.3
CVE-2025-49339 - WordPress Direct Payments WP plugin <= 1.3.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in Digages Direct Payments WP direct-payments-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Direct Payments WP: from n/a through <= 1.3.2.
4.3
CVE-2025-49340 - WordPress Direct Payments WP plugin <= 1.3.2 - Sensitive Data Exposure vulnerability
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Digages Direct Payments WP direct-payments-wp allows Retrieve Embedded Sensitive Data.This issue affects Direct Payments WP: from n/a through <= 1.3.2.
4.3
CVE-2025-62083 - WordPress BoomDevs WordPress Coming Soon plugin plugin <= 1.0.4 - Sensitive Data Exposure vulnerabiβ¦
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WP Messiah BoomDevs WordPress Coming Soon coming-soon-by-boomdevs allows Retrieve Embedded Sensitive Data.This issue affects BoomDevs WordPress Coming Soon: from n/a through <= 1.0.4.
4.3
CVE-2025-62113 - WordPress Co-marquage service-public.fr plugin <= 0.5.77 - Cross Site Request Forgery (CSRF) vulnerβ¦
Cross-Site Request Forgery (CSRF) vulnerability in emendo_seb Co-marquage service-public.fr co-marquage-service-public allows Cross Site Request Forgery.This issue affects Co-marquage service-public.fr: from n/a through <= 0.5.77.
4.3
CVE-2025-62115 - WordPress Hide Plugins plugin <= 1.0.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in ThemeBoy Hide Plugins hide-plugins allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hide Plugins: from n/a through <= 1.0.4.
4.3
CVE-2025-62123 - WordPress WP Gmail SMTP plugin <= 1.0.7 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in inkthemes WP Gmail SMTP wp-gmail-smtp allows Cross Site Request Forgery.This issue affects WP Gmail SMTP: from n/a through <= 1.0.7.
4.3
CVE-2025-49352 - WordPress Order Cancellation & Returns for WooCommerce plugin <= 1.1.10 - Insecure Direct Object Reβ¦
Authorization Bypass Through User-Controlled Key vulnerability in YoOhw Studio Order Cancellation & Returns for WooCommerce wc-order-cancellation-return allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Cancellation & Returns for WooCommerce: from n/a β¦
4.3
CVE-2025-62087 - WordPress Sticky Notes for WP Dashboard plugin <= 1.2.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in Web Builder 143 Sticky Notes for WP Dashboard wb-sticky-notes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sticky Notes for WP Dashboard: from n/a through <= 1.2.4.
4.3
CVE-2025-63040 - WordPress Post Snippets plugin <= 4.0.11 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal Post Snippets post-snippets allows Cross Site Request Forgery.This issue affects Post Snippets: from n/a through <= 4.0.11.