6.5
CVE-2025-47529 - WordPress Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin <= 1.1.1 - Settin…
Missing Authorization vulnerability in UX Design Experts Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin experto-cta-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Experto CTA Widget – Call To Action, Sticky CTA, Floating Bu…
9.8
CVE-2025-47530 - WordPress WPFunnels plugin <= 3.5.18 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in WPFunnels WPFunnels wpfunnels allows Object Injection.This issue affects WPFunnels: from n/a through <= 3.5.18.
9.8
CVE-2025-47532 - WordPress CoinPayments.net Payment Gateway for WooCommerce plugin <= 1.0.17 - PHP Object Injection …
Deserialization of Untrusted Data vulnerability in CoinPayments CoinPayments.net Payment Gateway for WooCommerce coinpayments-payment-gateway-for-woocommerce allows Object Injection.This issue affects CoinPayments.net Payment Gateway for WooCommerce: from n/a through <= 1.0.17.
8.6
CVE-2025-47535 - WordPress Opal Woo Custom Product Variation plugin <= 1.2.0 - Arbitrary File Deletion Vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpopal Opal Woo Custom Product Variation opal-woo-custom-product-variation allows Path Traversal.This issue affects Opal Woo Custom Product Variation: from n/a through <= 1.2.0.
9.8
CVE-2025-47539 - WordPress Eventin plugin <= 4.0.26 - Privilege Escalation Vulnerability
Incorrect Privilege Assignment vulnerability in Arraytics Eventin wp-event-solution allows Privilege Escalation.This issue affects Eventin: from n/a through <= 4.0.26.
7.5
CVE-2025-47541 - WordPress Mail Mint plugin <= 1.17.7 - Sensitive Data Exposure Vulnerability
Insertion of Sensitive Information Into Sent Data vulnerability in WPFunnels Mail Mint mail-mint allows Retrieve Embedded Sensitive Data.This issue affects Mail Mint: from n/a through <= 1.17.7.
7.5
CVE-2025-47558 - WordPress MapSVG plugin < 8.6.13 - Broken Access Control vulnerability
Missing Authorization vulnerability in RomanCode MapSVG mapsvg allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MapSVG: from n/a through < 8.6.13.
9.8
CVE-2025-47568 - WordPress ZoomSounds plugin <= 6.91 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in ZoomIt ZoomSounds dzs-zoomsounds allows Object Injection.This issue affects ZoomSounds: from n/a through <= 6.91.
8.5
CVE-2025-47575 - WordPress School Management plugin <= 92.0.0 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla School Management allows SQL Injection. This issue affects School Management: from n/a through 92.0.0.
9.3
CVE-2025-47599 - WordPress Facturante plugin <= 1.11 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in facturante Facturante facturante allows SQL Injection.This issue affects Facturante: from n/a through <= 1.11.