8.8
CVE-2025-39493 - WordPress Rankie plugin < 1.8.2 - Broken Access Control Vulnerability
Missing Authorization vulnerability in ValvePress Rankie valvepress-rankie allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rankie: from n/a through < 1.8.2.
8.8
CVE-2025-39507 - WordPress Nasa Core Plugin <= 6.4.4 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NasaTheme Nasa Core nasa-core allows PHP Local File Inclusion.This issue affects Nasa Core: from n/a through < 6.4.4.
5.4
CVE-2025-39509 - WordPress TNC FlipBook plugin <= 12.1.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeNcode TNC FlipBook pdf-viewer-for-wordpress allows Stored XSS.This issue affects TNC FlipBook: from n/a through <= 12.1.0.
0.0
CVE-2025-39511 - WordPress Pinterest Automatic Pin plugin <= 4.19.0 - Broken Access Control Vulnerability
Missing Authorization vulnerability in ValvePress Pinterest Automatic Pin wp-pinterest-automatic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pinterest Automatic Pin: from n/a through <= 4.19.0.
0.0
CVE-2025-39537 - WordPress Better Customer List for WooCommerce Plugin <= 1.2.3 - Reflected Cross Site Scripting (XSβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Blaze Concepts Better Customer List for WooCommerce woo-better-customer-list allows Reflected XSS.This issue affects Better Customer List for WooCommerce: from n/a through <= 1.2.3.
0.0
CVE-2025-46464 - WordPress Ads Pro plugin <= 5.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in scripteo Ads Pro ap-plugin-scripteo allows Stored XSS.This issue affects Ads Pro: from n/a through <= 5.0.
0.0
CVE-2025-47534 - WordPress Wordpress Auto Spinner plugin <= 3.25.0 - Broken Access Control Vulnerability
Missing Authorization vulnerability in ValvePress Wordpress Auto Spinner wp-auto-spinner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wordpress Auto Spinner: from n/a through <= 3.25.0.
0.0
CVE-2025-47556 - WordPress CSS3 Compare Pricing Tables for WordPress plugin <= 11.6 - Broken Access Control Vulnerabβ¦
Missing Authorization vulnerability in QuanticaLabs CSS3 Compare Pricing Tables for WordPress css3_web_pricing_tables_grids allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CSS3 Compare Pricing Tables for WordPress: from n/a through <= 11.6.
0.0
CVE-2025-47557 - WordPress MapSVG plugin <= 8.5.31 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RomanCode MapSVG mapsvg allows Stored XSS.This issue affects MapSVG: from n/a through <= 8.5.31.
0.0
CVE-2025-47560 - WordPress MapSVG plugin < 8.6.13 - Broken Access Control Vulnerability
Missing Authorization vulnerability in RomanCode MapSVG mapsvg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MapSVG: from n/a through < 8.6.13.