| CVE-2025-31449 | Cross-Site Request Forgery (CSRF) vulnerability in EricH The Visitor Counter the-visitor-counter allows Stored XSS.This issue affects The Visitor Counter: from n/a through <= 1.4.3. | high | 2026-04-23 |
| CVE-2025-31448 | Cross-Site Request Forgery (CSRF) vulnerability in misteraon Simple Trackback Disabler simple-trackback-disabler allows Cross Site Request Forgery.This issue affects Simple Trackback Disabler: from n/a through <= 1.4. | medium | 2026-04-23 |
| CVE-2025-31447 | Cross-Site Request Forgery (CSRF) vulnerability in nertworks NertWorks All in One Social Share Tools nertworks-all-in-one-social-share-tools allows Cross Site Request Forgery.This issue affects NertWorks All in One Social Share Tools: from n/a through <= 1.26. | medium | 2026-04-23 |
| CVE-2025-31446 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jiangmiao WP Cleaner wpcleaner allows Reflected XSS.This issue affects WP Cleaner: from n/a through <= 1.1.5. | high | 2026-04-23 |
| CVE-2025-31445 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sed Lex Pages Order pages-order allows Reflected XSS.This issue affects Pages Order: from n/a through <= 1.1.3. | high | 2026-04-23 |
| CVE-2025-31444 | Cross-Site Request Forgery (CSRF) vulnerability in youtag ShowTime Slideshow showtime-slideshow allows Stored XSS.This issue affects ShowTime Slideshow: from n/a through <= 1.6. | high | 2026-04-23 |
| CVE-2025-31443 | Cross-Site Request Forgery (CSRF) vulnerability in Krzysztof Furtak KK I Like It kk-i-like-it allows Stored XSS.This issue affects KK I Like It: from n/a through <= 1.7.5.3. | high | 2026-04-23 |
| CVE-2025-31442 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e1tekoap42 Search engine keywords highlighter keywords-highlight-tool allows Reflected XSS.This issue affects Search engine keywords highlighter: from n/a through <= 0.1.3. | high | 2026-04-23 |
| CVE-2025-31441 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in S WordPress Galleria wp-galleria allows Reflected XSS.This issue affects WordPress Galleria: from n/a through <= 1.4. | high | 2026-04-23 |
| CVE-2025-31440 | Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Team Terms of Use terms-of-use-2 allows Stored XSS.This issue affects Terms of Use: from n/a through <= 2.0. | high | 2026-04-23 |
| CVE-2025-31439 | Cross-Site Request Forgery (CSRF) vulnerability in tobias_.MerZ Browser Caching with .htaccess browser-caching-with-htaccess allows Cross Site Request Forgery.This issue affects Browser Caching with .htaccess: from n/a through 1.2.1. | medium | 2026-04-23 |
| CVE-2025-31438 | Cross-Site Request Forgery (CSRF) vulnerability in Benoit De Boeck WP Supersized wp-supersized allows Cross Site Request Forgery.This issue affects WP Supersized: from n/a through <= 3.1.6. | medium | 2026-04-23 |
| CVE-2025-31437 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Miller WP-OGP wp-ogp allows Stored XSS.This issue affects WP-OGP: from n/a through <= 1.0.5. | medium | 2026-04-23 |
| CVE-2025-31436 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Angelo Mandato Blubrry PowerPress Podcasting plugin MultiSite add-on powerpress-multisite allows Reflected XSS.This issue affects Blubrry PowerPress Podcasting plugin MultiSite add-on: from n/a through <= 0.1.1. | high | 2026-04-23 |
| CVE-2025-31435 | Cross-Site Request Forgery (CSRF) vulnerability in Efficient Scripts Microblog Poster microblog-poster allows Stored XSS.This issue affects Microblog Poster: from n/a through <= 2.1.6. | high | 2026-04-23 |
| CVE-2025-31434 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms formlift allows Stored XSS.This issue affects FormLift for Infusionsoft Web Forms: from n/a through <= 7.5.19. | medium | 2026-04-23 |
| CVE-2025-31433 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Miguel Sirvent Magic Embeds wp-embed-facebook allows Stored XSS.This issue affects Magic Embeds: from n/a through <= 3.1.2. | medium | 2026-04-23 |
| CVE-2025-31432 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Chop Chop Pop-Up Chop Chop pop-up allows PHP Local File Inclusion.This issue affects Pop-Up Chop Chop: from n/a through <= 2.1.7. | high | 2026-04-23 |
| CVE-2025-31431 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in conlabz GmbH WP Bookmarks wp-bookmarks allows Reflected XSS.This issue affects WP Bookmarks: from n/a through <= 1.1. | high | 2026-04-23 |
| CVE-2025-31430 | Deserialization of Untrusted Data vulnerability in themeton The Business nrgbusiness allows Object Injection.This issue affects The Business: from n/a through <= 1.6.1. | critical | 2026-04-23 |
| CVE-2025-31429 | Deserialization of Untrusted Data vulnerability in themeton PressGrid - Frontend Publish Reaction & Multimedia Theme press-grid allows Object Injection.This issue affects PressGrid - Frontend Publish Reaction & Multimedia Theme: from n/a through <= 1.3.1. | critical | 2026-04-23 |
| CVE-2025-31428 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BuddhaThemes HYDRO hydro allows Reflected XSS.This issue affects HYDRO: from n/a through <= 2.8. | high | 2026-04-23 |
| CVE-2025-31427 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes Invico - WordPress Consulting Business Theme invico allows Reflected XSS.This issue affects Invico - WordPress Consulting Business Theme: from n/a through <= 1.9. | high | 2026-04-23 |
| CVE-2025-31426 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Sticky Radio Player lbg-audio5-html5-shoutcast_sticky allows Reflected XSS.This issue affects Sticky Radio Player: from n/a through <= 3.4. | high | 2026-04-23 |
| CVE-2025-31425 | Missing Authorization vulnerability in kamleshyadav WP Lead Capturing Pages leadcapture allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Lead Capturing Pages: from n/a through < 2.6. | high | 2026-04-23 |
| CVE-2025-31424 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav WP Lead Capturing Pages leadcapture allows Blind SQL Injection.This issue affects WP Lead Capturing Pages: from n/a through < 2.6. | critical | 2026-04-23 |
| CVE-2025-31423 | Deserialization of Untrusted Data vulnerability in AncoraThemes Umberto umberto allows Object Injection.This issue affects Umberto: from n/a through <= 1.2.8. | critical | 2026-04-23 |
| CVE-2025-31422 | Deserialization of Untrusted Data vulnerability in designthemes Visual Art | Gallery WordPress Theme visual-arts allows Object Injection.This issue affects Visual Art | Gallery WordPress Theme: from n/a through <= 2.4. | high | 2026-04-23 |
| CVE-2025-31419 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeix Churel churel allows DOM-Based XSS.This issue affects Churel: from n/a through <= 1.0.8. | medium | 2026-04-23 |
| CVE-2025-31418 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in noonnoo Gravel gravel allows Reflected XSS.This issue affects Gravel: from n/a through <= 1.6. | high | 2026-04-23 |
| CVE-2025-31417 | Missing Authorization vulnerability in Fahad Mahmood WP Docs wp-docs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Docs: from n/a through < 2.2.7. | medium | 2026-04-23 |
| CVE-2025-31416 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AwesomeTOGI Awesome Event Booking awesome-event-booking allows Reflected XSS.This issue affects Awesome Event Booking: from n/a through <= 2.8.4. | high | 2026-04-23 |
| CVE-2025-31415 | Missing Authorization vulnerability in YayCommerce YayExtra yayextra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayExtra: from n/a through <= 1.5.2. | high | 2026-04-23 |
| CVE-2025-31414 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stylemix Cost Calculator Builder cost-calculator-builder allows Stored XSS.This issue affects Cost Calculator Builder: from n/a through <= 3.2.65. | medium | 2026-04-23 |
| CVE-2025-31413 | Cross-Site Request Forgery (CSRF) vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Cross Site Request Forgery.This issue affects Element Pack Elementor Addons: from n/a through <= 8.3.13. | high | 2026-04-23 |
| CVE-2025-31412 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetProductGallery jet-woo-product-gallery allows DOM-Based XSS.This issue affects JetProductGallery: from n/a through <= 2.1.22. | medium | 2026-04-23 |
| CVE-2025-31411 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in aribhour Linet ERP-Woocommerce Integration linet-erp-woocommerce-integration allows Path Traversal.This issue affects Linet ERP-Woocommerce Integration: from n/a through <= 3.5.12. | medium | 2026-04-23 |
| CVE-2025-31410 | Cross-Site Request Forgery (CSRF) vulnerability in Ashish Ajani WP Church Donation wp-church-donation allows Cross Site Request Forgery.This issue affects WP Church Donation: from n/a through <= 1.7. | medium | 2026-04-23 |
| CVE-2025-31409 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Bridge Core bridge-core allows Stored XSS.This issue affects Bridge Core: from n/a through < 3.3.1. | medium | 2026-04-23 |
| CVE-2025-31408 | Missing Authorization vulnerability in Zoho Flow Zoho Flow zoho-flow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zoho Flow: from n/a through <= 2.13.3. | medium | 2026-04-23 |
| CVE-2025-31407 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hutsixdigital Tiger tiger allows Stored XSS.This issue affects Tiger: from n/a through <= 2.0. | medium | 2026-04-23 |
| CVE-2025-31406 | Missing Authorization vulnerability in ELEXtensions ELEX WooCommerce Request a Quote elex-request-a-quote allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ELEX WooCommerce Request a Quote: from n/a through <= 2.3.9. | medium | 2026-04-23 |
| CVE-2025-31405 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in zankover Fami WooCommerce Compare fami-woocommerce-compare allows PHP Local File Inclusion.This issue affects Fami WooCommerce Compare: from n/a through <= 1.0.5. | high | 2026-04-23 |
| CVE-2025-31404 | Cross-Site Request Forgery (CSRF) vulnerability in Wladyslaw Madejczyk AF Tell a Friend af-tell-a-friend allows Stored XSS.This issue affects AF Tell a Friend: from n/a through <= 1.4. | high | 2026-04-23 |
| CVE-2025-31403 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shiptrack Booking Calendar and Notification booking-calendar-and-notification allows Blind SQL Injection.This issue affects Booking Calendar and Notification: from n/a through <= 4.0.3. | critical | 2026-04-23 |
| CVE-2025-31402 | Cross-Site Request Forgery (CSRF) vulnerability in NewsBoard Plugin NewsBoard Post and RSS Scroller newsboard allows Stored XSS.This issue affects NewsBoard Post and RSS Scroller: from n/a through <= 1.2.12. | high | 2026-04-23 |
| CVE-2025-31401 | Cross-Site Request Forgery (CSRF) vulnerability in mmetrodw MMX – Make Me Christmas mmx-make-me-christmas allows Stored XSS.This issue affects MMX – Make Me Christmas: from n/a through <= 1.0.0. | high | 2026-04-23 |
| CVE-2025-31400 | Cross-Site Request Forgery (CSRF) vulnerability in icyleaf WS Audio Player ws-audio-player allows Stored XSS.This issue affects WS Audio Player: from n/a through <= 1.1.8. | high | 2026-04-23 |
| CVE-2025-31399 | Cross-Site Request Forgery (CSRF) vulnerability in Chandan Garg CG Scroll To Top cg-scroll-to-top allows Stored XSS.This issue affects CG Scroll To Top: from n/a through <= 3.5. | high | 2026-04-23 |
| CVE-2025-31398 | Deserialization of Untrusted Data vulnerability in themeton PIMP - Creative MultiPurpose pimp allows Object Injection.This issue affects PIMP - Creative MultiPurpose: from n/a through <= 1.7. | critical | 2026-04-23 |
