5.4
CVE-2025-48135 - WordPress Aptivada for WP plugin <= 2.0.0 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aptivadadev Aptivada for WP aptivada-for-wp allows DOM-Based XSS.This issue affects Aptivada for WP: from n/a through <= 2.0.0.
7.2
CVE-2025-48134 - WordPress WP Tabs plugin <= 2.2.12 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in ShapedPlugin LLC WP Tabs wp-expand-tabs-free allows Object Injection.This issue affects WP Tabs: from n/a through <= 2.2.12.
5.4
CVE-2025-48132 - WordPress X Addons for Elementor plugin <= 1.0.16 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pencilwp X Addons for Elementor x-addons-elementor allows Stored XSS.This issue affects X Addons for Elementor: from n/a through <= 1.0.16.
0.0
CVE-2025-48131 - WordPress UltraAddons Elementor Lite plugin <= 2.0.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saiful Islam UltraAddons Elementor Lite ultraaddons-elementor-lite allows Stored XSS.This issue affects UltraAddons Elementor Lite: from n/a through <= 2.0.2.
0.0
CVE-2025-48128 - WordPress Sharespine Woocommerce Connector plugin <= 4.7.55 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Sharespine Sharespine Woocommerce Connector sharespine-woocommerce-connector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sharespine Woocommerce Connector: from n/a through <= 4.7.55.
0.0
CVE-2025-48127 - WordPress Push notification for Mobile and Web app plugin <= 2.0.3 - Broken Access Control vulnerabβ¦
Missing Authorization vulnerability in App Cheap Push notification for Mobile and Web app push-notification-mobile-and-web-app allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Push notification for Mobile and Web app: from n/a through <= 2.0.3.
0.0
CVE-2025-48121 - WordPress WP Notes Widget plugin <= 1.0.6 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Steve Puddick WP Notes Widget wp-notes-widget allows DOM-Based XSS.This issue affects WP Notes Widget: from n/a through <= 1.0.6.
0.0
CVE-2025-48120 - WordPress MapSVG Lite plugin <= 8.6.9 - Arbitrary Shortcode Execution vulnerability
Improper Control of Generation of Code ('Code Injection') vulnerability in RomanCode MapSVG mapsvg-lite-interactive-vector-maps allows Code Injection.This issue affects MapSVG: from n/a through <= 8.6.9.
0.0
CVE-2025-48119 - WordPress RS WP Book Showcase plugin <= 6.7.59 - Content Injection vulnerability
Improper Control of Generation of Code ('Code Injection') vulnerability in RS WP THEMES RS WP Book Showcase rs-wp-books-showcase allows Code Injection.This issue affects RS WP Book Showcase: from n/a through <= 6.7.59.
0.0
CVE-2025-48117 - WordPress WooCommerce POS plugin <= 1.7.8 - Broken Access Control Vulnerability
Missing Authorization vulnerability in kilbot WooCommerce POS woocommerce-pos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce POS: from n/a through <= 1.7.8.