| CVE-2025-47691 | Improper Control of Generation of Code ('Code Injection') vulnerability in Ultimate Member Ultimate Member allows Code Injection. This issue affects Ultimate Member: from n/a through 2.10.3. | medium |
| CVE-2025-47688 | Missing Authorization vulnerability in Saad Iqbal Advanced File Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced File Manager: from n/a through 5.3.1. | critical |
| CVE-2025-47686 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DELUCKS DELUCKS SEO allows Stored XSS. This issue affects DELUCKS SEO: from n/a through 2.5.9. | medium |
| CVE-2025-47685 | Cross-Site Request Forgery (CSRF) vulnerability in Moloni Contribuinte Checkout allows Stored XSS. This issue affects Contribuinte Checkout: from n/a through 2.0.02. | high |
| CVE-2025-47684 | Cross-Site Request Forgery (CSRF) vulnerability in Smaily Smaily for WP allows Cross Site Request Forgery. This issue affects Smaily for WP: from n/a through 3.1.6. | medium |
| CVE-2025-47683 | Deserialization of Untrusted Data vulnerability in Florent Maillefaud WP Maintenance allows Object Injection. This issue affects WP Maintenance: from n/a through 6.1.9.7. | high |
| CVE-2025-47681 | Cross-Site Request Forgery (CSRF) vulnerability in Ability, Inc Web Accessibility with Max Access allows Cross Site Request Forgery. This issue affects Web Accessibility with Max Access: from n/a through 2.0.9. | medium |
| CVE-2025-47679 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RS WP THEMES RS WP Book Showcase allows DOM-Based XSS. This issue affects RS WP Book Showcase: from n/a through 6.7.40. | medium |
| CVE-2025-47677 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gt3themes Photo Gallery - GT3 Image Gallery & Gutenberg Block Gallery allows Stored XSS. This issue affects Photo Gallery - GT3 Image Gallery & Gutenberg Block Gallery: from n/a through 2.7.7.25. | medium |
| CVE-2025-47676 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Faiyaz Alam User Login History allows Stored XSS. This issue affects User Login History: from n/a through 2.1.6. | medium |
| CVE-2025-47675 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in woobox Woobox allows DOM-Based XSS. This issue affects Woobox: from n/a through 1.6. | medium |
| CVE-2025-47674 | Cross-Site Request Forgery (CSRF) vulnerability in Credova Financial Credova_Financial allows Cross Site Request Forgery. This issue affects Credova_Financial: from n/a through 2.5.0. | medium |
| CVE-2025-47669 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sabuj Kundu CBX Map for Google Map & OpenStreetMap allows DOM-Based XSS. This issue affects CBX Map for Google Map & OpenStreetMap: from n/a through 1.1.12. | medium |
| CVE-2025-47668 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cookiecode CookieCode allows Stored XSS. This issue affects CookieCode: from n/a through 2.4.4. | medium |
| CVE-2025-47667 | Cross-Site Request Forgery (CSRF) vulnerability in qusupport LiveAgent allows Cross Site Request Forgery. This issue affects LiveAgent: from n/a through 4.4.7. | medium |
| CVE-2025-47665 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bistromatic N360 | Splash Screen allows Stored XSS. This issue affects N360 | Splash Screen: from n/a through 1.0.6. | medium |
| CVE-2025-47664 | Server-Side Request Forgery (SSRF) vulnerability in ThimPress WP Pipes allows Server Side Request Forgery. This issue affects WP Pipes: from n/a through 1.4.2. | medium |
| CVE-2025-47662 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in woobox Woobox allows Stored XSS. This issue affects Woobox: from n/a through 1.6. | medium |
| CVE-2025-47661 | Cross-Site Request Forgery (CSRF) vulnerability in codemstory 워드프레스 결제 심플페이 allows Cross Site Request Forgery. This issue affects 워드프레스 결제 심플페이: from n/a through 5.2.11. | medium |
| CVE-2025-47659 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in voidcoders WPBakery Visual Composer WHMCS Elements allows Stored XSS. This issue affects WPBakery Visual Composer WHMCS Elements: from n/a through 1.0.4.1. | medium |
| CVE-2025-47657 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Productive Minds Productive Commerce allows SQL Injection. This issue affects Productive Commerce: from n/a through 1.1.22. | critical |
| CVE-2025-47656 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in spiraclethemes Spiraclethemes Site Library allows Stored XSS. This issue affects Spiraclethemes Site Library: from n/a through 1.4.0. | medium |
| CVE-2025-47655 | Cross-Site Request Forgery (CSRF) vulnerability in themarketer2023 theMarketer allows Stored XSS. This issue affects theMarketer: from n/a through 1.4.7. | high |
| CVE-2025-47653 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in tggfref WP-Recall allows PHP Local File Inclusion. This issue affects WP-Recall: from n/a through 16.26.14. | high |
| CVE-2025-47649 | Path Traversal vulnerability in ilmosys Open Close WooCommerce Store allows PHP Local File Inclusion. This issue affects Open Close WooCommerce Store: from n/a through 4.9.5. | high |
| CVE-2025-47648 | Cross-Site Request Forgery (CSRF) vulnerability in axima Pays – WooCommerce Payment Gateway allows Stored XSS. This issue affects Pays – WooCommerce Payment Gateway: from n/a through 2.6. | high |
| CVE-2025-47647 | Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Sidebar Manager Light allows Cross Site Request Forgery. This issue affects Sidebar Manager Light: from n/a through 1.18. | medium |
| CVE-2025-47644 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in formsintegrations Integrations of Zoho CRM with Elementor form allows Phishing. This issue affects Integrations of Zoho CRM with Elementor form: from n/a through 1.0.7. | medium |
| CVE-2025-47643 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ELEXtensions ELEX Product Feed for WooCommerce allows SQL Injection. This issue affects ELEX Product Feed for WooCommerce: from n/a through 3.1.2. | high |
| CVE-2025-47639 | Cross-Site Request Forgery (CSRF) vulnerability in Supertext Supertext Translation and Proofreading allows Stored XSS. This issue affects Supertext Translation and Proofreading: from n/a through 4.25. | high |
| CVE-2025-47638 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sarvesh M Rao WP Discord Invite allows Stored XSS. This issue affects WP Discord Invite: from n/a through 2.5.3. | medium |
| CVE-2025-47636 | Path Traversal vulnerability in Fernando Briano List category posts allows PHP Local File Inclusion. This issue affects List category posts: from n/a through 0.90.3. | high |
| CVE-2025-47635 | Server-Side Request Forgery (SSRF) vulnerability in WPWebinarSystem WebinarPress allows Server Side Request Forgery. This issue affects WebinarPress: from n/a through 1.33.27. | critical |
| CVE-2025-47633 | Cross-Site Request Forgery (CSRF) vulnerability in Awin Awin – Advertiser Tracking for WooCommerce allows Cross Site Request Forgery. This issue affects Awin – Advertiser Tracking for WooCommerce: from n/a through 2.0.0. | high |
| CVE-2025-47632 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Raihanul Islam Awesome Gallery allows Stored XSS. This issue affects Awesome Gallery: from n/a through 1.0. | medium |
| CVE-2025-47630 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Darren Cooney Ajax Load More allows Stored XSS. This issue affects Ajax Load More: from n/a through 7.3.1. | medium |
| CVE-2025-47629 | Deserialization of Untrusted Data vulnerability in Mario Peshev WP-CRM System allows Object Injection. This issue affects WP-CRM System: from n/a through 3.4.1. | high |
| CVE-2025-47628 | Missing Authorization vulnerability in quomodosoft QS Dark Mode allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects QS Dark Mode: from n/a through 3.0. | high |
| CVE-2025-47626 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in apasionados Submission DOM tracking for Contact Form 7 allows Stored XSS. This issue affects Submission DOM tracking for Contact Form 7: from n/a through 2.0. | medium |
| CVE-2025-47625 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in apasionados DoFollow Case by Case allows Stored XSS. This issue affects DoFollow Case by Case: from n/a through 3.5.1. | medium |
| CVE-2025-47624 | Cross-Site Request Forgery (CSRF) vulnerability in apasionados DoFollow Case by Case allows Cross Site Request Forgery. This issue affects DoFollow Case by Case: from n/a through 3.5.1. | high |
| CVE-2025-47623 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scott Paterson Easy PayPal Buy Now Button allows Stored XSS. This issue affects Easy PayPal Buy Now Button: from n/a through 2.0. | medium |
| CVE-2025-47622 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in apasionados Email Notification on Login allows Stored XSS. This issue affects Email Notification on Login: from n/a through 1.6.1. | medium |
| CVE-2025-47621 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Meks Meks Flexible Shortcodes allows Stored XSS. This issue affects Meks Flexible Shortcodes: from n/a through 1.3.6. | medium |
| CVE-2025-47620 | Cross-Site Request Forgery (CSRF) vulnerability in bundgaard Martins Free Monetized Ad Exchange Network allows Reflected XSS. This issue affects Martins Free Monetized Ad Exchange Network: from n/a through 1.0.5. | high |
| CVE-2025-47617 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aharonyan WP Front User Submit / Front Editor allows Stored XSS. This issue affects WP Front User Submit / Front Editor: from n/a through 4.9.3. | medium |
| CVE-2025-47616 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tushar Imran aBlocks allows Stored XSS.This issue affects aBlocks: from n/a through 1.9.2. | medium |
| CVE-2025-47615 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in flowdee Amazon Product in a Post allows Stored XSS. This issue affects Amazon Product in a Post: from n/a through 5.2.2. | medium |
| CVE-2025-47614 | Cross-Site Request Forgery (CSRF) vulnerability in Chris Clark LessButtons Social Sharing and Statistics allows Cross Site Request Forgery. This issue affects LessButtons Social Sharing and Statistics: from n/a through 1.6.1. | medium |
| CVE-2025-47612 | Missing Authorization vulnerability in flowdee ClickWhale allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ClickWhale: from n/a through 2.4.6. | high |
