7.2
CVE-2025-27301 - WordPress NHR Options Table Manager Plugin <= 1.1.2 - Deserialization of untrusted data vulnerabiliβ¦
Deserialization of Untrusted Data vulnerability in Nazmul Hasan Robin NHR Options Table Manager nhrrob-options-table-manager allows Object Injection.This issue affects NHR Options Table Manager: from n/a through <= 1.1.2.
7.2
CVE-2025-27300 - WordPress ADFO plugin <= 1.9.1 - Deserialization of untrusted data vulnerability
Deserialization of Untrusted Data vulnerability in giuliopanda ADFO admin-form allows Object Injection.This issue affects ADFO: from n/a through <= 1.9.1.
8.3
CVE-2025-27298 - WordPress WP Video Posts plugin <= 3.5.1 - CSRF to Remote Code Execution (RCE) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in cmstactics WP Video Posts wp-video-posts allows OS Command Injection.This issue affects WP Video Posts: from n/a through <= 3.5.1.
7.6
CVE-2025-27297 - WordPress Bravo Search & Replace Plugin <= 1.0 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in guelben Bravo Search & Replace bravo-search-and-replace allows Blind SQL Injection.This issue affects Bravo Search & Replace: from n/a through <= 1.0.
7.2
CVE-2025-27296 - WordPress Auto Ad Inserter β Increase Google Adsense and Ad Manager Revenue Plugin <= 1.5 - Settingβ¦
Missing Authorization vulnerability in revenueflex Auto Ad Inserter β Increase Google Adsense and Ad Manager Revenue revenueflex-easy-ads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Auto Ad Inserter β Increase Google Adsense and Ad Manager Revenue: froβ¦
4.8
CVE-2025-27294 - WordPress WP-Asambleas plugin <= 2.85.0 - Arbitrary Shortcode Execution vulnerability
Missing Authorization vulnerability in platcom WP-Asambleas wp-asambleas allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-Asambleas: from n/a through <= 2.85.0.
4.3
CVE-2025-27290 - WordPress Select Erima Zarinpal Donate Plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerabilβ¦
Cross-Site Request Forgery (CSRF) vulnerability in seyyed-amir Erima Zarinpal Donate erima-zarinpal-donate allows Cross Site Request Forgery.This issue affects Erima Zarinpal Donate: from n/a through <= 1.0.
6.5
CVE-2025-27280 - WordPress Archive Page plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alobaidi Archive Page archive-page allows DOM-Based XSS.This issue affects Archive Page: from n/a through <= 1.0.2.
7.1
CVE-2025-27277 - WordPress Add Linked Images To Gallery plugin <= 1.4 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in tiefpunkt Add Linked Images To Gallery add-linked-images-to-gallery-v01 allows Cross Site Request Forgery.This issue affects Add Linked Images To Gallery: from n/a through <= 1.4.
8.8
CVE-2025-27276 - WordPress Photo Gallery ( Responsive ) plugin <= 4.0 - CSRF to Privilege Escalation vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in lizeipe Photo Gallery ( Responsive ) photo-gallery-pearlbells allows Privilege Escalation.This issue affects Photo Gallery ( Responsive ): from n/a through <= 4.0.