CVE-2025-62008 WordPress Product Table For WooCommerce plugin <= 1.2.4 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in acowebs Product Table For WooCommerce product-table-for-woocommerce.This issue affects Product Table For WooCommerce: from n/a through = 1.2.4...

CVE-2025-62005

CVE-2025-62005 is a CSRF vulnerability in WordPress plugin SUMO Memberships for WooCommerce (FantasticPlugins) affecting all versions before 7.8.0. Exploitation could enable a CSRF attack against authenticated users, with the NVD/Wordfence data listing a CVSS v3.1 base score of 7.1 (High) and an ...

CVE-2025-60232 WordPress KBx Pro Ultimate plugin <= 8.0.5 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in quantumcloud KBx Pro Ultimate knowledgebase-helpdesk-pro allows Object Injection.This issue affects KBx Pro Ultimate: from n/a through = 8.0.5...

CVE-2025-60224

CVE-2025-60224 affects the WordPress Subscribe to Download plugin (versions

CVE-2025-60224 WordPress Subscribe to Download plugin <= 2.0.9 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in wpshuffle Subscribe to Download subscribe-to-download allows Object Injection.This issue affects Subscribe to Download: from n/a through = 2.0.9...

CVE-2025-60209

The CVE-2025-60209 issue is a Deserialization of Untrusted Data vulnerability in the WordPress plugin “Connector for Gravity Forms and Google Sheets” (wp-gravity-forms-spreadsheets), affecting versions up to 1.2.6. All connected sources describe it as PHP Object Injection resulting from untrusted...

CVE-2025-60208 WordPress Advanced Custom Fields : CPT Options Pages plugin <= 2.0.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Tusko Trush Advanced Custom Fields : CPT Options Pages acf-cpt-options-pages allows Object Injection.This issue affects Advanced Custom Fields : CPT Options Pages: from n/a through = 2.0.9...

CVE-2025-60134 WordPress WP Media Categories Plugin <= 2.1.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in John James Jacoby WP Media Categories wp-media-categories allows Cross Site Request Forgery.This issue affects WP Media Categories: from n/a through = 2.1.0...

CVE-2025-60135 WordPress WeShare Buttons Plugin <= 13.0.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NIKITAS GEORGOPOULOS WeShare Buttons e-mailit allows Stored XSS.This issue affects WeShare Buttons: from n/a through = 13.0.0...

CVE-2025-60132 WordPress Video Blogster Lite Plugin <= 1.2 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in johnh10 Video Blogster Lite video-blogster-lite allows Stored XSS.This issue affects Video Blogster Lite: from n/a through = 1.2...

CVE-2025-59575

CVE-2025-59575 affects the MasterStudy LMS WordPress plugin (

CVE-2025-59006 WordPress Easy Woocommerce Customizer plugin <= 1.0.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themebon Easy Woocommerce Customizer easy-woocommerce-customizer allows Reflected XSS.This issue affects Easy Woocommerce Customizer: from n/a through = 1.0.2...

CVE-2025-58959 WordPress Taskbot plugin <= 6.4 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in AmentoTech Taskbot taskbot allows Path Traversal.This issue affects Taskbot: from n/a through = 6.4...

CVE-2025-53422 WordPress WhatsApp Chat for WordPress and WooCommerce plugin <= 1.2.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeWarriors WhatsApp Chat for WordPress and WooCommerce tw-whatsapp-chat-rotator allows Reflected XSS.This issue affects WhatsApp Chat for WordPress and WooCommerce: from n/a through = 1.2.1...

CVE-2025-53420

CVE-2025-53420 affects WordPress WPLMS plugin versions up to 1.9.9.8. The issue is a Reflected XSS caused by improper neutralization of input during web page generation. Impact per CVSS shows HIGH severity (7.1) with low confidentiality, integrity, and availability impacts. The vulnerability deta...

CVE-2025-53351 WordPress Fidelo Snippet plugin <= 1.12 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Fidelo Software GmbH Fidelo Snippet thebing-snippet allows Reflected XSS.This issue affects Fidelo Snippet: from n/a through = 1.12...

CVE-2025-53350 WordPress Calendar Plus plugin <= 1.2.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webjunk Calendar Plus calendar-plus allows Reflected XSS.This issue affects Calendar Plus: from n/a through = 1.2.4...

CVE-2025-53234

CVE-2025-53234 is a reflected Cross‑Site Scripting (XSS) vulnerability in AndonDesign UDesign Core for WordPress, affecting Core/UDesign Core versions up to and including 4.14.0. The root cause is improper neutralization of user input during web page generation, allowing injected scripts via vuln...

CVE-2025-52770

CVE-2025-52770 concerns the WordPress Hello Followers plugin (versions up to and including 2.5). The vulnerability is a reflected Cross-Site Scripting (XSS) caused by improper input neutralization during web page generation. Affected component: Hellofollowers plugin; root cause: improper handling...

CVE-2025-52743

CVE-2025-52743 describes a Reflected XSS in the WordPress plugin oik-privacy-policy (bobbingwide) with vulnerable versions up to 1.4.9 per the CVE/NVD/Red Hat entries. Public sources also indicate a remediation path: update to a version greater than 1.4.9 (PatchStack references 1.4.10 and beyond)...