EUVD-2025-201954

Improper Control of Generation of Code 'Code Injection' vulnerability in StellarWP GiveWP give allows Code Injection.This issue affects GiveWP: from n/a through = 4.13.1...

EUVD-2025-202033

Cross-Site Request Forgery CSRF vulnerability in apasionados DoFollow Case by Case dofollow-case-by-case allows Cross Site Request Forgery.This issue affects DoFollow Case by Case: from n/a through = 3.5.1...

CVE-2025-67519

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Shahjahan Jewel Ninja Tables ninja-tables allows SQL Injection.This issue affects Ninja Tables: from n/a through = 5.2.3...

CVE-2025-49351

Cross-Site Request Forgery CSRF vulnerability in Valentin Agachi Create Posts & Terms create-posts-terms allows Stored XSS.This issue affects Create Posts & Terms: from n/a through = 1.3.1...

CVE-2025-66533

CVE-2025-66533 is an authentication‑free vulnerability in GiveWP (WordPress donation plugin) that enables arbitrary shortcode execution through GiveWP versions affected up to 4.13.1. The issue is confirmed in the Wordfence Intelligence vulnerability tracking and is categorized as Improper Control...

CVE-2025-63068

CVE-2025-63068 : Affected is the WordPress plugin Contact Form 7 Dynamic Text Extension . The issue is an improper neutralization of script-related HTML tags in the plugin, leading to a Basic XSS / Code Injection vulnerability. Affected versions are the plugin up to and including 5.0.3 (from the ...

CVE-2025-63059

CVE-2025-63059 describes a Stored XSS in the WordPress Ninja Popups plugin (arscode-ninja-popups) affecting versions up to and including 4.7.8. The vulnerability arises from improper neutralization of input during web page generation. Public documents consistently label the issue as a stored XSS;...

CVE-2025-63050 WordPress REHub Framework plugin < 19.9.9.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sizam REHub Framework rehub-framework allows Stored XSS.This issue affects REHub Framework: from n/a through 19.9.9.7...

CVE-2025-63036 WordPress Ronneby Theme Core plugin <= 1.5.68 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in DFDevelopment Ronneby Theme Core ronneby-core allows PHP Local File Inclusion.This issue affects Ronneby Theme Core: from n/a through = 1.5.68...

CVE-2025-63030 WordPress New User Approve plugin <= 3.2.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Saad Iqbal New User Approve new-user-approve allows Cross Site Request Forgery.This issue affects New User Approve: from n/a through = 3.2.0...

CVE-2025-63023 WordPress Payment Gateway for PayPal on WooCommerce plugin <= 9.0.53 - Broken Access Control vulnerability

Missing Authorization vulnerability in Easy Payment Payment Gateway for PayPal on WooCommerce woo-paypal-gateway allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Gateway for PayPal on WooCommerce: from n/a through = 9.0.53...

CVE-2025-63015

CVE-2025-63015 describes a Missing Authorization/Broken Access Control vulnerability in the Paysera Payment Gateway for WooCommerce. Public details identify the affected plugin as WooCommerce Paysera Paysera (WordPress plugin) and indicate vulnerable versions up to 3.9.0, with the issue stemming ...

CVE-2025-63012

CVE-2025-63012 corresponds to a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin WP Hotel Booking (wp-hotel-booking). Affected versions are WP Hotel Booking

CVE-2025-63010

CVE-2025-63010 is a SSRF vulnerability reported in multiple sources affecting ThemesInflow Hercules Core (hercules-core) and the WordPress Hercules Core plugin, with versions up to and including 7.4 affected. The root cause is a server-side request forgery vulnerability that could be exploited to...

CVE-2025-62997

The connected sources confirm a vulnerability in the WordPress WP EasyCart plugin, affecting versions up to 5.8.11. The issue is described as an Information Disclosure flaw caused by insertion of sensitive information into sent data, enabling retrieval of embedded sensitive data from WP EasyCart ...

CVE-2025-62872 WordPress Social Photo Fetcher plugin <= 3.0.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in JK Social Photo Fetcher facebook-photo-fetcher allows Cross Site Request Forgery.This issue affects Social Photo Fetcher: from n/a through = 3.0.4...

CVE-2025-62865

CVE-2025-62865 describes a Missing Authorization (Broken Access Control) vulnerability in the WordPress Post Cloner plugin, affecting Post Cloner versions ≤ 1.0.0. The root cause is incorrectly configured access control security levels, enabling potential unauthorized access to Post Cloner functi...

CVE-2025-62739 WordPress Add Custom Codes plugin <= 4.80 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in SaifuMak Add Custom Codes add-custom-codes allows Cross Site Request Forgery.This issue affects Add Custom Codes: from n/a through = 4.80...

CVE-2025-62735 WordPress User Spam Remover plugin <= 1.1 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Joel User Spam Remover user-spam-remover allows Retrieve Embedded Sensitive Data.This issue affects User Spam Remover: from n/a through = 1.1...

CVE-2025-62739 WordPress Add Custom Codes plugin <= 4.80 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in SaifuMak Add Custom Codes add-custom-codes allows Cross Site Request Forgery.This issue affects Add Custom Codes: from n/a through = 4.80...