7.2
CVE-2024-12278 - Booster for WooCommerce <= 7.2.4 - Unauthenticated Stored Cross-Site Scripting
The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via any location that typically sanitizes data using wp_kses, like comments, in all versions up to, and including, 7.2.4 due to insufficient input sanitization and output escaping. This makes it possible fโฆ
4.1
CVE-2025-2048 - Lana Downloads Manager < 1.10.0 - Admin+ Arbitrary File Download via Path Traversal
The Lana Downloads Manager WordPress plugin before 1.10.0 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks and download arbitrary files on the server
4.1
CVE-2025-1986 - Gutentor < 3.4.7 - Admin+ SQL Injection
The Gutentor WordPress plugin before 3.4.7 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks
6.5
CVE-2025-31409 - WordPress Bridge Core plugin < 3.3.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Bridge Core allows Stored XSS. This issue affects Bridge Core: from n/a through n/a.
8.5
CVE-2025-31024 - WordPress RJ Quickcharts plugin <= 0.6.1 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in randyjensen RJ Quickcharts rj-quickcharts allows SQL Injection.This issue affects RJ Quickcharts: from n/a through <= 0.6.1.
0.0
CVE-2025-31001 - WordPress GTM Kit plugin <= 2.4.0 - Sensitive Data Exposure vulnerability
Debug Messages Revealing Unnecessary Information vulnerability in TLA Media GTM Kit gtm-kit allows Retrieve Embedded Sensitive Data.This issue affects GTM Kit: from n/a through <= 2.4.0.
9.3
CVE-2025-30971 - WordPress XV Random Quotes plugin <= 2.0.0 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xavi Ivars XV Random Quotes xv-random-quotes allows SQL Injection.This issue affects XV Random Quotes: from n/a through <= 2.0.0.
8.8
CVE-2025-22277 - WordPress Vitepos plugin <= 3.1.4 - Broken Authentication vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in appsbd Vitepos vitepos-lite allows Authentication Abuse.This issue affects Vitepos: from n/a through <= 3.1.4.
7.6
CVE-2025-31415 - WordPress YayExtra <= 1.5.2 - Broken Access Control Vulnerability
Missing Authorization vulnerability in YayCommerce YayExtra yayextra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayExtra: from n/a through <= 1.5.2.
9.8
CVE-2025-31095 - WordPress Material Dashboard plugin <= 1.4.5 - Privilege Escalation Vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in Hossein Material Dashboard material-dashboard allows Authentication Bypass.This issue affects Material Dashboard: from n/a through <= 1.4.5.