7.5
CVE-2025-30782 - WordPress Subscribe to Download Lite plugin <= 1.2.9 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Shuffle Subscribe to Download Lite subscribe-to-download-lite allows PHP Local File Inclusion.This issue affects Subscribe to Download Lite: from n/a through <= 1.2.9.
8.2
CVE-2025-30774 - WordPress Quiz Maker plugin <= 6.6.8.7 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ays Pro Quiz Maker quiz-maker allows SQL Injection.This issue affects Quiz Maker: from n/a through <= 6.6.8.7.
0.0
CVE-2025-30622 - WordPress PostMash plugin <= 1.0.3 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in torsteino PostMash postmash-custom allows SQL Injection.This issue affects PostMash: from n/a through <= 1.0.3.
7.1
CVE-2025-30614 - WordPress Google Font Fix plugin <= 2.3.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Haozhe Xie Google Font Fix google-font-fix allows Reflected XSS.This issue affects Google Font Fix: from n/a through <= 2.3.1.
6.5
CVE-2025-30613 - WordPress Nmedia MailChimp plugin <= 5.4 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in N-Media Nmedia MailChimp nmedia-mailchimp-widget allows Stored XSS.This issue affects Nmedia MailChimp: from n/a through <= 5.4.
7.1
CVE-2025-30607 - WordPress Quick Localization plugin <= 0.1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Name.ly Quick Localization quick-localization allows Reflected XSS.This issue affects Quick Localization: from n/a through <= 0.1.0.
6.5
CVE-2025-30594 - WordPress Include URL plugin <= 0.3.5 Arbitrary File Download Vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in samsk Include URL include-url allows Path Traversal.This issue affects Include URL: from n/a through <= 0.3.5.
8.5
CVE-2025-30589 - WordPress Flickr set slideshows plugin <= 0.9 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Dourou Flickr set slideshows flickr-set-slideshows allows SQL Injection.This issue affects Flickr set slideshows: from n/a through <= 0.9.
7.1
CVE-2025-30579 - WordPress Pesapal Gateway for Woocommerce plugin <= 2.1.0 - Reflected Cross Site Scripting (XSS) vuโฆ
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jakeii Pesapal Gateway for Woocommerce pesapal-for-woocommerce allows Reflected XSS.This issue affects Pesapal Gateway for Woocommerce: from n/a through <= 2.1.0.
7.1
CVE-2025-30563 - WordPress Tidekey plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in makong Tidekey tidekey allows Reflected XSS.This issue affects Tidekey: from n/a through <= 1.1.