0.0
CVE-2025-43840 - WordPress CheckBot plugin <= 1.05 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in ref CheckBot checkbot allows Stored XSS.This issue affects CheckBot: from n/a through <= 1.05.
0.0
CVE-2025-46262 - WordPress Mad Mimi for WordPress plugin <= 1.5.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zack Katz Mad Mimi for WordPress mad-mimi allows Stored XSS.This issue affects Mad Mimi for WordPress: from n/a through <= 1.5.1.
0.0
CVE-2025-46263 - WordPress Author Box After Posts plugin <= 1.6 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lloyd Saunders Author Box After Posts author-box-after-posts allows Stored XSS.This issue affects Author Box After Posts: from n/a through <= 1.6.
0.0
CVE-2025-46543 - WordPress Enhanced Paypal Shortcodes plugin <= 0.5a - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CharlyLeetham Enhanced Paypal Shortcodes enhanced-paypal-shortcodes allows Stored XSS.This issue affects Enhanced Paypal Shortcodes: from n/a through <= 0.5a.
6.9
CVE-2025-4941 - PHPGurukul Credit Card Application Management System index.php sql injection
A vulnerability, which was classified as critical, was found in PHPGurukul Credit Card Application Management System 1.0. Affected is an unknown function of the file /admin/index.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. Theβ¦
5.3
CVE-2025-39394 - WordPress AnalyticsWP plugin <= 2.1.2 - Sensitive Data Exposure vulnerability
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Solid Plugins AnalyticsWP allows Retrieve Embedded Sensitive Data.This issue affects AnalyticsWP: from n/a through 2.1.2.
0.0
CVE-2025-26920 - WordPress Customify theme <= 0.4.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in pressmaximum Customify customify-theme allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Customify: from n/a through <= 0.4.8.
5.3
CVE-2025-26867 - WordPress Bulk theme <= 1.0.11 - Broken Access Control vulnerability
Missing Authorization vulnerability in Themes4WP Bulk allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bulk: from n/a through 1.0.11.
5.3
CVE-2025-39388 - WordPress AnalyticsWP plugin <= 2.0.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Solid Plugins AnalyticsWP allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects AnalyticsWP: from n/a through 2.0.0.
0.0
CVE-2025-39376 - WordPress Car Park Booking System for WordPress plugin <= 2.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in QuanticaLabs Car Park Booking System for WordPress car-park-booking-system-for-wordpress.This issue affects Car Park Booking System for WordPress: from n/a through <= 2.6.