0.0
CVE-2025-24628 - WordPress reCaptcha by BestWebSoft Plugin <= 1.78 - Captcha Bypass vulnerability
Authentication Bypass by Spoofing vulnerability in bestwebsoft Google Captcha google-captcha allows Identity Spoofing.This issue affects Google Captcha: from n/a through <= 1.78.
7.1
CVE-2025-24626 - WordPress Music Store β WordPress eCommerce Plugin <= 1.1.19 - Reflected Cross Site Scripting (XSS)β¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople Music Store music-store allows Reflected XSS.This issue affects Music Store: from n/a through <= 1.1.19.
0.0
CVE-2025-24606 - WordPress Client Invoicing by Sprout Invoices β Easy Estimates and Invoices for WordPress plugin <=β¦
Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.1.
4.3
CVE-2025-24603 - WordPress Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerβ¦
Missing Authorization vulnerability in Dmitry V. (CEO of "UKR Solution") Print Barcode Labels for your WooCommerce products/orders a4-barcode-generator.This issue affects Print Barcode Labels for your WooCommerce products/orders: from n/a through <= 3.4.10.
5.3
CVE-2025-24600 - WordPress RSVPMaker plugin <= 11.4.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in davidfcarr RSVPMarker rsvpmaker.This issue affects RSVPMarker : from n/a through <= 11.4.5.
7.1
CVE-2025-24593 - WordPress Edwiser Bridge plugin <= 3.0.8 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WisdmLabs Edwiser Bridge edwiser-bridge allows Reflected XSS.This issue affects Edwiser Bridge: from n/a through <= 3.0.8.
5.3
CVE-2025-24590 - WordPress picu β Online Photo Proofing Gallery plugin <= 2.4.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in picu picu picu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects picu: from n/a through <= 2.4.0.
4.3
CVE-2025-24540 - WordPress Website Builder by SeedProd plugin <= 6.18.9 - Cross Site Request Forgery (CSRF) vulnerabβ¦
Cross-Site Request Forgery (CSRF) vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd coming-soon allows Cross Site Request Forgery.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through <= 6.18.9.
5.4
CVE-2025-24538 - WordPress BuddyPress Groups Extras plugin <= 3.6.10 - Cross Site Request Forgery (CSRF) vulnerabiliβ¦
Cross-Site Request Forgery (CSRF) vulnerability in Slava Abakumov BuddyPress Groups Extras buddypress-groups-extras allows Cross Site Request Forgery.This issue affects BuddyPress Groups Extras: from n/a through <= 3.6.10.
5.4
CVE-2025-24537 - WordPress The Events Calendar plugin <= 6.7.0 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in StellarWP The Events Calendar the-events-calendar allows Cross Site Request Forgery.This issue affects The Events Calendar: from n/a through <= 6.7.0.