CVE-2025-49337 WordPress Dashboard Beacon plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in janhenckens Dashboard Beacon allows Stored XSS.This issue affects Dashboard Beacon: from n/a through 1.2.0...

CVE-2025-23608

CVE-2025-23608 corresponds to a Reflected XSS in WordPress LIVE TV plugin (LIVE TV

WordPress WordPress & WooCommerce Scraper plugin, Import Data from Any Site plugin <= 1.0.7 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Bonds in WordPress Plugin WordPress & WooCommerce Scraper Plugin, Import Data from Any Site versions = 1.0.7...

CVE-2025-66159 WordPress Walker for Elementor plugin <= 1.1.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in merkulove Walker for Elementor walker-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Walker for Elementor: from n/a through = 1.1.6...

CVE-2025-63021 WordPress Valenti Engine plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in codetipi Valenti Engine valenti-engine allows DOM-Based XSS.This issue affects Valenti Engine: from n/a through = 1.0.3...

CVE-2025-63021 WordPress Valenti Engine plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in codetipi Valenti Engine allows DOM-Based XSS.This issue affects Valenti Engine: from n/a through 1.0.3...

WordPress Valenti Engine plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Valenti Engine versions = 1.0.3...

CVE-2025-63038

Technical details for CVE-2025-63038 are not provided in the supplied documents; no affected versions, impact, or remediation are disclosed here. Monitor for updates from NVD/patch sources.

CVE-2025-49339

Technical details for CVE-2025-49339 are not provided in the Initial or Connected documents; no product/version/impact info available here. Monitor for updates.

CVE-2025-49340

CVE-2025-49340 concerns Exposure of Embedded Sensitive Data in Direct Payments WP (Direct Payments WP) with affected range from n/a through

CVE-2025-49340 WordPress Direct Payments WP plugin <= 1.3.0 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Digages Direct Payments WP allows Retrieve Embedded Sensitive Data.This issue affects Direct Payments WP: from n/a through 1.3.0...

CVE-2025-62123

Technical details for CVE-2025-62123 are not available in the provided documents. The initial description mentions a CSRF issue in WP Gmail SMTP WP-Gmail-SMTP across versions, but no vendor/product/version/remediation details are confirmed here.

WordPress Appointify plugin <= 1.0.8 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by 0xVenus in WordPress Plugin Appointify versions = 1.0.8...

CVE-2025-49334 WordPress MyD Delivery plugin <= 1.7.1 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Eduardo Villão MyD Delivery myd-delivery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MyD Delivery: from n/a through = 1.7.1...

CVE-2025-59136

CVE-2025-59136 affects Efí Bank – Gerencianet Oficial (WordPress/WooCommerce plugin). Issue: Insertion of Sensitive Information Into Sent Data, causing exposure of embedded sensitive data. Root cause: mis-handling of data during transmission from Efí Bank to Gerencianet Oficial. Affected versions...

CVE-2025-62139

CVE-2025-62139 affects the Terms descriptions plugin (versions

WordPress QuadLayers TikTok Feed plugin <= 4.6.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin QuadLayers TikTok Feed versions = 4.6.5...

CVE-2025-62117

Technical details for CVE-2025-62117 are not provided in the supplied documents. No confirmed affected products, impact, or fixes are disclosed here. Monitor official advisories for updates.

CVE-2025-62134

Technical details for CVE-2025-62134 are not publicly provided in the supplied documents. Monitor for updates.

CVE-2025-62134 WordPress Contact Form Widget plugin <= 1.5.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in A WP Life Contact Form Widget new-contact-form-widget allows Cross Site Request Forgery.This issue affects Contact Form Widget: from n/a through = 1.5.1...