CVE-2025-60178 WordPress WP Gravity Forms HubSpot plugin <= 1.2.6 - Deserialization of untrusted data vulnerability

Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms HubSpot gf-hubspot allows Object Injection.This issue affects WP Gravity Forms HubSpot: from n/a through = 1.2.6...

CVE-2025-60182 WordPress Support Board plugin < 3.8.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Schiocco Support Board supportboard allows Reflected XSS.This issue affects Support Board: from n/a through 3.8.7...

CVE-2025-6324

CVE-2025-6324 concerns a DOM-based XSS in the WordPress plugin “Easy Invoice” (MatrixAddons Easy Invoice), affecting versions from unknown start through 2.0.9. The vulnerability is described as improper neutralization of input during web page generation, enabling cross-site scripting. Multiple co...

CVE-2025-60090 WordPress WP Gravity Forms Insightly plugin <= 1.1.6 - Deserialization of untrusted data vulnerability

Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Insightly gf-insightly allows Object Injection.This issue affects WP Gravity Forms Insightly: from n/a through = 1.1.6...

CVE-2025-60078 WordPress Task Manager plugin <= 3.0.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Agence web Eoxia – Montpellier Task Manager task-manager allows PHP Local File Inclusion.This issue affects Task Manager: from n/a through = 3.0.2...

WordPress plugin Post Grid and Gutenberg Blocks 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

WordPress plugin WP Gravity Forms HubSpot 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

CVE-2025-67912

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Premio Stars Testimonials stars-testimonials-with-slider-and-masonry-grid allows Stored XSS.This issue affects Stars Testimonials: from n/a through = 3.3.4...

CVE-2025-68088 WordPress Huger for Elementor plugin <= 1.1.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in merkulove Huger for Elementor huger-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Huger for Elementor: from n/a through = 1.1.5...

CVE-2025-68071 WordPress Essential Real Estate plugin <= 5.3.2 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in g5theme Essential Real Estate essential-real-estate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Real Estate: from n/a through = 5.3.2...

CVE-2025-68070

CVE-2025-68070 affects VK Google Job Posting Manager plugin for WordPress (

CVE-2025-68056

CVE-2025-68056 affects the WordPress plugin LBG Zoominoutslider (LambertGroup)

CVE-2025-68053

CVE-2025-68053 concerns the WordPress plugin xPromoter (LambertGroup)

CVE-2025-67962

The CVE-2025-67962 entry concerns the WordPress plugin Broken Link Checker (AIOSEO) up to version 1.2.6, with an SQL Injection characterized as Improper Neutralization of Special Elements in SQL Commands. Public sources (Wordfence and CVE feeds) confirm the affected software and that the issue pe...

CVE-2025-66162 WordPress Spoter for Elementor plugin <= 1.04 - Broken Access Control vulnerability

Missing Authorization vulnerability in merkulove Spoter for Elementor spoter-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spoter for Elementor: from n/a through = 1.04...

CVE-2025-66129 WordPress Pochipp plugin <= 1.18.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in wppochipp Pochipp pochipp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pochipp: from n/a through = 1.18.0...

CVE-2025-66121 WordPress SiteGround Security plugin <= 1.5.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in SiteGround SiteGround Security sg-security allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteGround Security: from n/a through = 1.5.8...

CVE-2025-64631 WordPress WCFM Marketplace plugin <= 3.7.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in WC Lovers WCFM Marketplace wc-multivendor-marketplace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM Marketplace: from n/a through = 3.7.1...

CVE-2025-64246 WordPress Accessibility by AudioEye plugin <= 1.0.49 - Broken Access Control vulnerability

Missing Authorization vulnerability in netopsae Accessibility by AudioEye accessibility-by-audioeye allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accessibility by AudioEye: from n/a through = 1.0.49...

CVE-2025-12362 myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Program <= 2.9.7 - Missing Authorization to Unauthenticated Withdrawal Request Approval

The myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Program plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.9.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This mak...