5.3
CVE-2025-31533 - WordPress Salesmate Add-On for Gravity Forms plugin <= 2.0.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in Salesmate.io Salesmate Add-On for Gravity Forms gf-salesmate-add-on allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Salesmate Add-On for Gravity Forms: from n/a through <= 2.0.3.
6.5
CVE-2025-31532 - WordPress AtomChat plugin <= 1.1.8 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Team AtomChat AtomChat atomchat allows Stored XSS.This issue affects AtomChat: from n/a through <= 1.1.8.
4.3
CVE-2025-31530 - WordPress Google SEO Pressor Snippet plugin <= 2.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Smackcoders Inc., Google SEO Pressor Snippet google-seo-author-snippets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Google SEO Pressor Snippet: from n/a through <= 2.0.
4.3
CVE-2025-31529 - WordPress Slider Path for Elementor plugin <= 3.0.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Rashid Slider Path for Elementor slider-path allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slider Path for Elementor: from n/a through <= 3.0.0.
4.3
CVE-2025-31528 - WordPress StaticPress plugin <= 0.4.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in wokamoto StaticPress staticpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects StaticPress: from n/a through <= 0.4.5.
6.4
CVE-2025-31527 - WordPress WP Link Preview plugin <= 1.4.1 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery (SSRF) vulnerability in Kishan WP Link Preview wp-link-preview allows Server Side Request Forgery.This issue affects WP Link Preview: from n/a through <= 1.4.1.
8.5
CVE-2025-31526 - WordPress Behance Portfolio Manager plugin <= 1.7.5 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in eleopard Behance Portfolio Manager portfolio-manager-powered-by-behance allows SQL Injection.This issue affects Behance Portfolio Manager: from n/a through <= 1.7.5.
6.9
CVE-2025-2995 - Tenda FH1202 Web Management Interface SysToolChangePwd access control
A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and classified as critical. This vulnerability affects unknown code of the file /goform/SysToolChangePwd of the component Web Management Interface. The manipulation leads to improper access controls. The attack can be initiated remotely. โฆ
6.9
CVE-2025-2994 - Tenda FH1202 Web Management Interface qossetting access control
A vulnerability, which was classified as critical, was found in Tenda FH1202 1.2.0.14(408). This affects an unknown part of the file /goform/qossetting of the component Web Management Interface. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The โฆ
6.9
CVE-2025-2993 - Tenda FH1202 default.cfg access control
A vulnerability, which was classified as critical, has been found in Tenda FH1202 1.2.0.14(408). Affected by this issue is some unknown functionality of the file /default.cfg. The manipulation of the argument these leads to improper access controls. The attack may be launched remotely. The exploit โฆ