5.9
CVE-2025-49862 - WordPress Ebook Store plugin <= 5.8008 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in motov.net Ebook Store ebook-store allows Stored XSS.This issue affects Ebook Store: from n/a through <= 5.8008.
6.5
CVE-2025-49863 - WordPress Advanced Sermons plugin <= 3.6 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP CodeUs Advanced Sermons advanced-sermons allows Stored XSS.This issue affects Advanced Sermons: from n/a through <= 3.6.
5.3
CVE-2025-49864 - WordPress AFS Analytics plugin <= 4.21 - Broken Access Control Vulnerability
Missing Authorization vulnerability in AFS Analytics AFS Analytics addfreestats allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects AFS Analytics: from n/a through <= 4.21.
4.3
CVE-2025-49865 - WordPress Advanced Settings plugin <= 3.0.1 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Helmut Wandl Advanced Settings advanced-settings allows Cross Site Request Forgery.This issue affects Advanced Settings: from n/a through <= 3.0.1.
4.7
CVE-2025-49868 - WordPress Automation By Autonami plugin <= 3.6.0 - Open Redirection Vulnerability
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Aman FunnelKit Automations wp-marketing-automations allows Phishing.This issue affects FunnelKit Automations: from n/a through <= 3.6.0.
5.9
CVE-2025-49871 - WordPress Noptin plugin <= 3.8.7 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noptin Newsletter Team Noptin newsletter-optin-box allows Stored XSS.This issue affects Noptin: from n/a through <= 3.8.7.
5.3
CVE-2025-49872 - WordPress myCred plugin <= 2.9.4.2 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Saad Iqbal myCred mycred allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects myCred: from n/a through <= 2.9.4.2.
4.3
CVE-2025-49874 - WordPress Arconix FAQ plugin <= 1.9.6 - Broken Access Control Vulnerability
Missing Authorization vulnerability in tychesoftwares Arconix FAQ arconix-faq allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Arconix FAQ: from n/a through <= 1.9.6.
6.5
CVE-2025-49875 - WordPress If-So Dynamic Content Personalization plugin <= 1.9.3.1 - Cross Site Scripting (XSS) Vulnโฆ
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in If-So Dynamic Content If-So Dynamic Content Personalization if-so allows Stored XSS.This issue affects If-So Dynamic Content Personalization: from n/a through <= 1.9.3.1.
4.9
CVE-2025-49877 - WordPress ProfileGrid plugin <= 5.9.5.2 - Server Side Request Forgery (SSRF) Vulnerability
Server-Side Request Forgery (SSRF) vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Server Side Request Forgery.This issue affects ProfileGrid : from n/a through <= 5.9.5.2.