4.3
CVE-2025-28984 - WordPress Subscription Renewal Reminders for WooCommerce plugin <= 1.4.1 - Cross Site Request Forgeβ¦
Cross-Site Request Forgery (CSRF) vulnerability in storepro Subscription Renewal Reminders for WooCommerce subscriptions-renewal-reminders allows Cross Site Request Forgery.This issue affects Subscription Renewal Reminders for WooCommerce: from n/a through <= 1.4.1.
5.4
CVE-2025-28985 - WordPress Elastic Email Subscribe Form plugin <= 1.2.2 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Elastic Email Elastic Email Subscribe Form elastic-email-subscribe-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elastic Email Subscribe Form: from n/a through <= 1.2.2.
8.2
CVE-2025-28986 - WordPress Epicwin Plugin plugin <= 1.5 - CSRF to SQL Injection vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Webaholicson Epicwin Plugin epicwin-subscribers allows SQL Injection.This issue affects Epicwin Plugin: from n/a through <= 1.5.
5.9
CVE-2025-28989 - WordPress Read More Login plugin <= 2.0.3 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in arildur Read More Login read-more-login allows Stored XSS.This issue affects Read More Login: from n/a through <= 2.0.3.
4.3
CVE-2025-28994 - WordPress Viral Loops WP Integration plugin <= 3.8.1 - Broken Access Control Vulnerability
Missing Authorization vulnerability in viralloops Viral Loops WP Integration viral-loops-wp-integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Viral Loops WP Integration: from n/a through <= 3.8.1.
5.3
CVE-2025-28995 - WordPress Viral Loops WP Integration plugin <= 3.8.1 - Broken Access Control Vulnerability
Missing Authorization vulnerability in viralloops Viral Loops WP Integration viral-loops-wp-integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Viral Loops WP Integration: from n/a through <= 3.8.1.
4.3
CVE-2025-28996 - WordPress GPP Slideshow plugin <= 1.3.5 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Thad Allender GPP Slideshow gpp-slideshow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GPP Slideshow: from n/a through <= 1.3.5.
5.3
CVE-2025-28997 - WordPress WP AutoKeyword plugin <= 1.0 - Broken Access Control Vulnerability
Missing Authorization vulnerability in EXEIdeas International WP AutoKeyword wp-autokeyword allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP AutoKeyword: from n/a through <= 1.0.
6.5
CVE-2025-29003 - WordPress The Holiday Calendar plugin <= 1.18.2.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mva7 The Holiday Calendar the-holiday-calendar allows Stored XSS.This issue affects The Holiday Calendar: from n/a through <= 1.18.2.1.
4.3
CVE-2025-29005 - WordPress HR Management Lite plugin <= 3.6 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Weblizar - WordPress Themes & Plugin HR Management Lite hr-management-lite allows Cross Site Request Forgery.This issue affects HR Management Lite: from n/a through <= 3.6.