4.3
CVE-2025-31068 - WordPress Seven Stars theme <= 1.4.4 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in themeton Seven Stars sevenstars allows Cross Site Request Forgery.This issue affects Seven Stars: from n/a through <= 1.4.4.
5.3
CVE-2025-31071 - WordPress HotStar β Multi-Purpose Business Theme <= 1.4 - Broken Access Control Vulnerability
Missing Authorization vulnerability in themeton HotStar β Multi-Purpose Business Theme hotstar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HotStar β Multi-Purpose Business Theme: from n/a through <= 1.4.
5.3
CVE-2025-31630 - WordPress The Business theme <= 1.6.1 - Broken Access Control Vulnerability
Missing Authorization vulnerability in themeton The Business nrgbusiness allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Business: from n/a through <= 1.6.1.
8.5
CVE-2025-31637 - WordPress SHOUT plugin <= 3.5.3 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup SHOUT lbg-audio8-html5-radio_ads allows SQL Injection.This issue affects SHOUT: from n/a through <= 3.5.3.
4.3
CVE-2025-31639 - WordPress Spare theme <= 1.7 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in themeton Spare spare allows Cross Site Request Forgery.This issue affects Spare: from n/a through <= 1.7.
8.5
CVE-2025-31640 - WordPress Magic Responsive Slider and Carousel WordPress plugin < 1.6 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Magic Responsive Slider and Carousel WordPress magic-carousel allows SQL Injection.This issue affects Magic Responsive Slider and Carousel WordPress: from n/a through < 1.6.
8.5
CVE-2025-31641 - WordPress UberSlider plugin <= 2.3 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup UberSlider uber-classic allows SQL Injection.This issue affects UberSlider: from n/a through < 2.6.
5.4
CVE-2025-31915 - WordPress Pixel Form BuilderPlugin & Autoresponder plugin <= 1.0.3 - Cross Site Request Forgery (CSβ¦
Cross-Site Request Forgery (CSRF) vulnerability in kamleshyadav Pixel WordPress Form BuilderPlugin & Autoresponder pixel-formbuilder allows Cross Site Request Forgery.This issue affects Pixel WordPress Form BuilderPlugin & Autoresponder: from n/a through <= 1.0.3.
4.3
CVE-2025-31921 - WordPress WP Ultimate Tours Builder plugin <= 1.055 - Cross Site Request Forgery (CSRF) Vulnerabiliβ¦
Cross-Site Request Forgery (CSRF) vulnerability in loopus WP Ultimate Tours Builder WP_UltimateToursBuilder allows Cross Site Request Forgery.This issue affects WP Ultimate Tours Builder: from n/a through <= 1.055.
7.1
CVE-2025-31922 - WordPress CSS3 Accordions for WordPress plugin <= 3.0 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in QuanticaLabs CSS3 Accordions for WordPress css3_accordions allows Stored XSS.This issue affects CSS3 Accordions for WordPress: from n/a through <= 3.0.