| CVE-2025-31407 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hutsixdigital Tiger tiger allows Stored XSS.This issue affects Tiger: from n/a through <= 2.0. | medium | 2026-04-23 |
| CVE-2025-31406 | Missing Authorization vulnerability in ELEXtensions ELEX WooCommerce Request a Quote elex-request-a-quote allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ELEX WooCommerce Request a Quote: from n/a through <= 2.3.9. | medium | 2026-04-23 |
| CVE-2025-31405 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in zankover Fami WooCommerce Compare fami-woocommerce-compare allows PHP Local File Inclusion.This issue affects Fami WooCommerce Compare: from n/a through <= 1.0.5. | high | 2026-04-23 |
| CVE-2025-31404 | Cross-Site Request Forgery (CSRF) vulnerability in Wladyslaw Madejczyk AF Tell a Friend af-tell-a-friend allows Stored XSS.This issue affects AF Tell a Friend: from n/a through <= 1.4. | high | 2026-04-23 |
| CVE-2025-31403 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shiptrack Booking Calendar and Notification booking-calendar-and-notification allows Blind SQL Injection.This issue affects Booking Calendar and Notification: from n/a through <= 4.0.3. | critical | 2026-04-23 |
| CVE-2025-31402 | Cross-Site Request Forgery (CSRF) vulnerability in NewsBoard Plugin NewsBoard Post and RSS Scroller newsboard allows Stored XSS.This issue affects NewsBoard Post and RSS Scroller: from n/a through <= 1.2.12. | high | 2026-04-23 |
| CVE-2025-31401 | Cross-Site Request Forgery (CSRF) vulnerability in mmetrodw MMX – Make Me Christmas mmx-make-me-christmas allows Stored XSS.This issue affects MMX – Make Me Christmas: from n/a through <= 1.0.0. | high | 2026-04-23 |
| CVE-2025-31400 | Cross-Site Request Forgery (CSRF) vulnerability in icyleaf WS Audio Player ws-audio-player allows Stored XSS.This issue affects WS Audio Player: from n/a through <= 1.1.8. | high | 2026-04-23 |
| CVE-2025-31399 | Cross-Site Request Forgery (CSRF) vulnerability in Chandan Garg CG Scroll To Top cg-scroll-to-top allows Stored XSS.This issue affects CG Scroll To Top: from n/a through <= 3.5. | high | 2026-04-23 |
| CVE-2025-31398 | Deserialization of Untrusted Data vulnerability in themeton PIMP - Creative MultiPurpose pimp allows Object Injection.This issue affects PIMP - Creative MultiPurpose: from n/a through <= 1.7. | critical | 2026-04-23 |
| CVE-2025-31397 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in smartcms Bus Ticket Booking with Seat Reservation for WooCommerce scw-bus-seat-reservation allows SQL Injection.This issue affects Bus Ticket Booking with Seat Reservation for WooCommerce: from n/a through <= 1.7. | critical | 2026-04-23 |
| CVE-2025-31396 | Deserialization of Untrusted Data vulnerability in themeton FLAP - Business WordPress Theme flap allows Object Injection.This issue affects FLAP - Business WordPress Theme: from n/a through <= 1.5. | critical | 2026-04-23 |
| CVE-2025-31395 | Cross-Site Request Forgery (CSRF) vulnerability in a.ankit Easy Custom CSS easy-custom-css allows Stored XSS.This issue affects Easy Custom CSS: from n/a through <= 1.0. | high | 2026-04-23 |
| CVE-2025-31394 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kailey (trepmal) More Mime Type Filters more-mime-type-filters allows Stored XSS.This issue affects More Mime Type Filters: from n/a through <= 0.3. | high | 2026-04-23 |
| CVE-2025-31393 | Cross-Site Request Forgery (CSRF) vulnerability in vfvalent Social Bookmarking RELOADED social-bookmarking-reloaded allows Stored XSS.This issue affects Social Bookmarking RELOADED: from n/a through <= 3.18. | high | 2026-04-23 |
| CVE-2025-31392 | Cross-Site Request Forgery (CSRF) vulnerability in Shameem Reza Smart Product Gallery Slider smart-product-gallery-slider allows Cross Site Request Forgery.This issue affects Smart Product Gallery Slider: from n/a through <= 1.0.4. | high | 2026-04-23 |
| CVE-2025-31391 | Cross-Site Request Forgery (CSRF) vulnerability in regen Script Compressor script-compressor allows Stored XSS.This issue affects Script Compressor: from n/a through <= 1.7.1. | high | 2026-04-23 |
| CVE-2025-31390 | Cross-Site Request Forgery (CSRF) vulnerability in bdoga Social Crowd social-crowd allows Stored XSS.This issue affects Social Crowd: from n/a through <= 0.9.6.1. | high | 2026-04-23 |
| CVE-2025-31389 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Introvoke Inc. dba Sequel.io Sequel sequel allows Reflected XSS.This issue affects Sequel: from n/a through <= 1.0.11. | high | 2026-04-23 |
| CVE-2025-31388 | Cross-Site Request Forgery (CSRF) vulnerability in doa The World the-world allows Stored XSS.This issue affects The World: from n/a through <= 0.4. | high | 2026-04-23 |
| CVE-2025-31387 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in InstaWP InstaWP Connect instawp-connect allows PHP Local File Inclusion.This issue affects InstaWP Connect: from n/a through <= 0.1.0.82. | high | 2026-04-23 |
| CVE-2025-31386 | Missing Authorization vulnerability in simplepress Simple:Press simplepress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple:Press: from n/a through <= 6.11.5. | medium | 2026-04-23 |
| CVE-2025-31385 | Cross-Site Request Forgery (CSRF) vulnerability in intelcaprep Site Table of Contents site-table-of-contents allows Stored XSS.This issue affects Site Table of Contents: from n/a through <= 0.3. | high | 2026-04-23 |
| CVE-2025-31384 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Aviplugins Videos videos allows Reflected XSS.This issue affects Videos: from n/a through <= 1.0.5. | high | 2026-04-23 |
| CVE-2025-31383 | Cross-Site Request Forgery (CSRF) vulnerability in sodena FrescoChat Live Chat flexytalk-widget allows Stored XSS.This issue affects FrescoChat Live Chat: from n/a through <= 3.2.6. | high | 2026-04-23 |
| CVE-2025-31382 | Cross-Site Request Forgery (CSRF) vulnerability in theode Language Field language-field allows Stored XSS.This issue affects Language Field: from n/a through <= 0.9. | high | 2026-04-23 |
| CVE-2025-31381 | Missing Authorization vulnerability in shiptrack Booking Calendar and Notification booking-calendar-and-notification allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking Calendar and Notification: from n/a through <= 4.0.3. | medium | 2026-04-23 |
| CVE-2025-31380 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in videowhisper Paid Videochat Turnkey Site ppv-live-webcams allows Password Recovery Exploitation.This issue affects Paid Videochat Turnkey Site: from n/a through <= 7.3.11. | critical | 2026-04-23 |
| CVE-2025-31379 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in programphases Insert HTML Here insert-html-here allows Reflected XSS.This issue affects Insert HTML Here: from n/a through <= 1.0. | high | 2026-04-23 |
| CVE-2025-31378 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in danbwb Oppso Unit Converter oppso-unit-converter allows Reflected XSS.This issue affects Oppso Unit Converter: from n/a through <= 1.1.1. | high | 2026-04-23 |
| CVE-2025-31377 | Missing Authorization vulnerability in Asaquzzaman mishu Woo Product Feed For Marketing Channels woocommerce-to-google-merchant-center allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woo Product Feed For Marketing Channels: from n/a through <= 1.9.0. | high | 2026-04-23 |
| CVE-2025-31376 | Missing Authorization vulnerability in Mayeenul Islam NanoSupport nanosupport allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NanoSupport: from n/a through <= 0.6.0. | medium | 2026-04-23 |
| CVE-2025-31375 | Cross-Site Request Forgery (CSRF) vulnerability in bhoogterp Scheduled scheduled allows Stored XSS.This issue affects Scheduled: from n/a through <= 1.0. | high | 2026-04-23 |
| CVE-2025-31102 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bob Hostel hostel allows Reflected XSS.This issue affects Hostel: from n/a through <= 1.1.5.5. | high | 2026-04-23 |
| CVE-2025-31101 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vault Group Pty Ltd VaultRE Contact Form 7 wp-plugin-contact-form-7 allows Stored XSS.This issue affects VaultRE Contact Form 7: from n/a through <= 1.0. | medium | 2026-04-23 |
| CVE-2025-31100 | Unrestricted Upload of File with Dangerous Type vulnerability in Mojoomla School Management school-management allows Upload a Web Shell to a Web Server.This issue affects School Management: from n/a through <= 1.93.1 (02-07-2025). | critical | 2026-04-23 |
| CVE-2025-31099 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bestweblayout Slider by BestWebSoft slider-bws allows SQL Injection.This issue affects Slider by BestWebSoft: from n/a through <= 1.1.0. | high | 2026-04-23 |
| CVE-2025-31098 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in debounce DeBounce Email Validator debounce-io-email-validator allows PHP Local File Inclusion.This issue affects DeBounce Email Validator: from n/a through <= 5.7. | high | 2026-04-23 |
| CVE-2025-31097 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Hossein Material Dashboard material-dashboard allows PHP Local File Inclusion.This issue affects Material Dashboard: from n/a through <= 1.4.5. | high | 2026-04-23 |
| CVE-2025-31096 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPXPO PostX ultimate-post allows DOM-Based XSS.This issue affects PostX: from n/a through <= 4.1.25. | medium | 2026-04-23 |
| CVE-2025-31095 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Hossein Material Dashboard material-dashboard allows Authentication Bypass.This issue affects Material Dashboard: from n/a through <= 1.4.5. | critical | 2026-04-23 |
| CVE-2025-31094 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in teastudio.pl WP Posts Carousel wp-posts-carousel allows Stored XSS.This issue affects WP Posts Carousel: from n/a through <= 1.3.8. | medium | 2026-04-23 |
| CVE-2025-31093 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in redpixelstudios RPS Include Content rps-include-content allows DOM-Based XSS.This issue affects RPS Include Content: from n/a through <= 1.2.1. | medium | 2026-04-23 |
| CVE-2025-31092 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ninja Team Click to Chat – WP Support All-in-One Floating Widget support-chat allows Stored XSS.This issue affects Click to Chat – WP Support All-in-One Floating Widget: from n/a through <= 2.3.4. | medium | 2026-04-23 |
| CVE-2025-31091 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreativeMindsSolutions CM Header and Footer cm-header-footer-script-loader allows Stored XSS.This issue affects CM Header and Footer: from n/a through <= 1.2.4. | medium | 2026-04-23 |
| CVE-2025-31090 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in alordiel Dropdown Multisite selector dropdown-multisite-selector allows Stored XSS.This issue affects Dropdown Multisite selector: from n/a through < 0.9.4. | medium | 2026-04-23 |
| CVE-2025-31089 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Fahad Mahmood Order Splitter for WooCommerce woo-order-splitter allows SQL Injection.This issue affects Order Splitter for WooCommerce: from n/a through <= 5.3.0. | high | 2026-04-23 |
| CVE-2025-31088 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows Stored XSS.This issue affects Paid Member Subscriptions: from n/a through <= 2.14.3. | medium | 2026-04-23 |
| CVE-2025-31087 | Deserialization of Untrusted Data vulnerability in silverplugins217 Multiple Shipping And Billing Address For Woocommerce different-shipping-and-billing-address-for-woocommerce allows Object Injection.This issue affects Multiple Shipping And Billing Address For Woocommerce: from n/a through <= 1.5. | critical | 2026-04-23 |
| CVE-2025-31086 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WBW Plugins Product Table by WBW woo-product-tables allows Reflected XSS.This issue affects Product Table by WBW: from n/a through <= 2.1.4. | high | 2026-04-23 |
