• New Page 1

    RSSFacebookInstagramTwitterYouTubeYouTubeYouTubeYouTubeYouTubeYouTubeYouTube  

    AGÊNCIA JF | Social - Repositório

Wordfence Intelligence Weekly WordPress Vulnerability Report (March 24, 2025 to March 30, 2025)

por | |

📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the rest.

Last week, there were 392 vulnerabilities disclosed in 345 WordPress Plugins and 15 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 68 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to implement layered security, aligning with our overarching mission to secure WordPress with defense in depth strategies. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.

Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 24,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

New Firewall Rules Deployed Last Week

The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.

The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:

  • User Registration & Membership <= 4.1.1 – Unauthenticated Privilege Escalation
  • User Registration & Membership <= 4.1.2 – Authentication Bypass
  • WAF-RULE-817 – Data redacted while we work with the vendor on a patch.

Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.

Total Unpatched & Patched Vulnerabilities Last Week

Patch Status Number of Vulnerabilities
Patched 213
Unpatched 179

Total Vulnerabilities by CVSS Severity Last Week

Severity Rating Number of Vulnerabilities
Low Severity 1
Medium Severity 327
High Severity 48
Critical Severity 16

Total Vulnerabilities by CWE Type Last Week

Vulnerability Type by CWE Number of Vulnerabilities
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 161
Cross-Site Request Forgery (CSRF) 90
Missing Authorization 46
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) 31
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) 17
Deserialization of Untrusted Data 10
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) 8
Exposure of Sensitive Information to an Unauthorized Actor 5
Server-Side Request Forgery (SSRF) 5
URL Redirection to Untrusted Site (‘Open Redirect’) 5
Improper Control of Generation of Code (‘Code Injection’) 4
Improper Input Validation 2
Improper Privilege Management 2
Unrestricted Upload of File with Dangerous Type 2
Authorization Bypass Through User-Controlled Key 1
External Control of File Name or Path 1
Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) 1
Relative Path Traversal 1

Researchers That Contributed to WordPress Security Last Week

Researcher Name Number of Vulnerabilities

Nabil Irawan

55

yudha

30

LVT-tholv2k

23

Trương Hữu Phúc (truonghuuphuc)

22

Skalucy

21

Peter Thaleikis

20

Nguyen Xuan Chien

19

Nguyen Xuan Chien

19

johska

15

stealthcopter

13

0xd4rk5id3

12

Abdi Pranata

11

timomangcut

9

Le Ngoc Anh

8

astra.r3verii

8

mikemyers

7

theviper17y

7

Rafie Muhammad

5

Avraham Shemesh

5

Phan Trong Quan

5

João Pedro Soares de Alcântara

5

Psai

4

Phat RiO – BlueRock

4

HayMiz

4

zaim

4

kuteminh11

4

Prissy

3

Webula

2

Truoc Phan

2

kr0d

2

Arkadiusz Hydzik

2

Ananda Dhakal

2

wesley (wcraft)

2

David Ojeda Guijarro

2

domiee13

2

Krzysztof Zając

2

SOPROBRO

2

Nguyễn Trung Kiên

2

Falgun Patel

1

sterva

1

Marek Mikita

1

zer0gh0st

1

m3ssap0

1

István Márton

1

Gab

1

omstaendlig

1

Francesco Carlucci

1

Luciano Hanna

1

zhuxuan wu

1

shaman0x01

1

Abdi

1

Webbernaut

1

Muhamad Visat

1

Khang Duong

1

Revan Arifio

1

Françoa Taffarel

1

Michael

1

Dimas Maulana

1

Kévin Mosbahi (Mika)

1

Lucio Sá

1

Dhabaleshwar Das

1

Nguyen Vuong Quoc

1

Pham Van Tam

1

Nguyen Khanh Hao

1

SavPhill (Savphill)

1

Ayato Shitomi

1

lucky_buddy

1

Hoang Phuc Vo (HrxKnight)

1

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.

WordPress Plugins with Reported Vulnerabilities Last Week

Software Name Software Slug
3DPrint Lite 3dprint-lite
About Author about-author
Accounting for WooCommerce accounting-for-woocommerce
Active Products Tables for WooCommerce. Use constructor to create tables  profit-products-tables-for-woocommerce
Administrator Z administrator-z
Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads quick-adsense-reloaded
AdSense Privacy Policy adsense-privacy-policy
Advanced Dewplayer advanced-dewplayer
Advanced Google reCAPTCHA advanced-google-recaptcha
Advanced iFrame advanced-iframe
Advanced Post Search advanced-post-search
Advanced Woo Search advanced-woo-search
AEC Kiosque aec-kiosque
AI Preloader ai-preloader
Alert Box Block – Display notice/alerts in the front end. alert-box-block
AliExpress Dropshipping Plugin for WooCommerce – AliNext ali2woo-lite
AlphaOmega Captcha & Anti-Spam Filter alphaomega-captcha-anti-spam
Amazing service box Addons For WPBakery Page Builder (formerly Visual Composer) amazing-service-box-visual-composer-addons
ANAC XML Render anac-xml-render
Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) wp-analytify
Anthologize anthologize
APPExperts – Mobile App Builder for WordPress | WooCommerce to iOS and Android Apps appexperts
Appointment Booking and Scheduling Calendar Plugin – WP Timetics timetics
ARPrice – WordPress Pricing Table Plugin arprice
Arrow Maps – Custom Maps for WordPress ap-google-maps
Audio Album audio-album
AvaiBook vacation rental booking engine avaibook
Awesome Logos awesome-logos
Ayyash Studio — The kick-start kit ayyash-studio
banner-manager banner-manager
Beautiful Link Preview beautiful-link-preview
Better Section Navigation better-section-navigation
Better WishList API better-wlm-api
BizCalendar Web bizcalendar-web
Blue Captcha blue-captcha
BMo Expo – a WordPress and NextGEN Gallery plugin bmo-expo
Booking for Appointments and Events Calendar – Amelia ameliabooking
Breezing Forms breezing-forms
Browser Address Bar Color browser-address-bar-color
Browser Caching with .htaccess browser-caching-with-htaccess
BWL Advanced FAQ Manager bwl-advanced-faq-manager
Cackle cackle
CallPhone’r callphoner
Cart tracking for WooCommerce cart-tracking-for-woocommerce
CAS Maestro cas-maestro
Cazamba cazamba
Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More charitable
Chartify – WordPress Chart Plugin chart-builder
Chat Widget: Customer Support Button with SMS Call Button, Click to Chat Messenger, Live Chat Support Chat Button – Bit Assist bit-assist
Chatbox Manager wa-chatbox-manager
Checkout Mestres do WP for WooCommerce checkout-mestres-wp
Christmas Panda christmas-panda
Clear Sucuri Cache clear-sucuri-cache
Clearout Email Validator – Real-Time Email Verification on WordPress Forms clearout-email-validator
Click to Chat – WP Support All-in-One Floating Widget support-chat
Clink – WordPress Link Manager clink
Cloudflare Turnstile or reCAPTCHA For any Pages, to Block Spam and Hackers Attack. recaptcha-for-all
CM Download Manager – Simplify file sharing with powerful download management cm-download-manager
Comment Approved Notifier Extended comment-approved-notifier-extended
Contact Form 7 Material Design cf7-material-design
Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder bit-form
Contact Form, Drag and Drop Form Builder Plugin – Live Forms liveforms
Conversios: Google Analytics GA4, Google Ads, GTM & Multiple Pixel Tracking enhanced-e-commerce-for-woocommerce-store
Cool Author Box – For Widget and Post Content hm-cool-author-box-widget
CopyLink copy-link
Cozy Blocks – Page Builder for Gutenberg & Site Editor with Post Blocks, WooCommerce Blocks, Magazine Blocks & WordPress Gutenberg Blocks cozy-addons
CRM and Lead Management by vcita crm-customer-relationship-management-by-vcita
cTabs ctabs
Currency Switcher for WooCommerce currency-switcher-for-woocommerce
Custom Field For WP Job Manager custom-field-for-wp-job-manager
Custom Fields Account Registration For Woocommerce custom-fields-account-registration-for-woocommerce
Custom Login Logo ideal-wp-login-logo-changer
Custom Product Stickers for Woocommerce custom-product-stickers-for-woocommerce
Custom Script Integration custom-script-integration
DAP to Autoresponders Email Syncing dap-to-autoresponders-daar
DesignThemes Core Features designthemes-core-features
DICOM Support dicom-support
Digital License Manager digital-license-manager
Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings directorist
Doneren met Mollie doneren-met-mollie
Dr. Flex dr-flex
Drag and Drop Multiple File Upload for Contact Form 7 drag-and-drop-multiple-file-upload-contact-form-7
Driving Directions ddirections
Dropdown multisite selector dropdown-multisite-selector
Duplicate Page and Post duplicate-post-and-page
Easy 301 Redirects odihost-easy-redirect-301
Easy Digital Downloads – eCommerce Payments and Subscriptions made easy easy-digital-downloads
Easy Page Transition easy-page-transition
ElementsKit Elementor Addons and Templates elementskit-lite
EO4WP: EmailOctopus for WordPress fw-integration-for-emailoctopus
Essential Real Estate essential-real-estate
Estatebud – Properties & Listings estatebud-properties-listings
Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin mage-eventpress
Event post event-post
Event Tickets and Registration event-tickets
Exchange Rates exchange-rates
External image replace external-image-replace
EZ SQL Reports Shortcode Widget and DB Backup elisqlreports
Five Star Restaurant Reservations – WordPress Booking Plugin restaurant-reservations
Fiverr.com Official Search Box fiverr-official-search-box
Fix Rss Feeds fix-rss-feed
Flatty – Flat Admin Theme flatty-flat-admin-theme
Flexible Cookies flexible-cookies
Flickr set slideshows flickr-set-slideshows
Flipdish Ordering System flipdish-ordering-system
Float menu – awesome floating side menu float-menu
FormLift for Infusionsoft Web Forms formlift
Frndzk Expandable Bottom Bar frndzk-expandable-bottom-bar
FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce wp-marketing-automations
Gallery for Social Photo feed-instagram-lite
Generate Post Thumbnails generate-post-thumbnails
Gift Message for WooCommerce gift-message-for-woocommerce
Google Font Fix google-font-fix
GP Back To Top gp-back-to-top
Greek Multi Tool – Ultimate Greek Language Toolkit for WordPress greek-multi-tool
Greenshift – animation and page builder blocks greenshift-animation-and-page-builder-blocks
Gum Elementor Addon gum-elementor-addon
Hacklog Remote Image Autosave hacklog-remote-image-autosave
Happy Addons for Elementor happy-elementor-addons
Hesabfa Accounting hesabfa-accounting
Hostel hostel
IG Shortcodes ig-shortcodes
Image Captcha image-captcha
Image Wall image-wall
Import Export Suite for CSV and XML Datafeed wp-ultimate-csv-importer
Include URL include-url
include-file include-file
Info Boxes Shortcode and Widget info-boxes-shortcode-and-widget
Inline Image Upload for BBPress image-upload-for-bbpress
Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms integration-for-contact-form-7-and-google-sheets
IP Locator ip-locator
issuupress issuupress
jAlbum Bridge jalbum-bridge
Job Colors for WP Job Manager wp-job-manager-colors
Job Postings job-postings
jQuery Dropdown Menu jquery-drop-down-menu-plugin
JS Help Desk – The Ultimate Help Desk & Support Plugin js-support-ticket
Just Writing Statistics just-writing-statistics
Kento WordPress Stats kento-wp-stats
Key4ce osTicket Bridge key4ce-osticket-bridge
King Addons for Elementor – Free Elements, Widgets, Templates, and Features for Elementor king-addons
KK I Like It kk-i-like-it
Kubio AI Page Builder kubio
LatePoint – Calendar Booking Plugin for Appointments and Events latepoint
Lead Form Data Collection to CRM wp-leads-builder-any-crm
LeadConnector leadconnector
Leaky Paywall leaky-paywall
LearnPress – WordPress LMS Plugin learnpress
LH OGP Meta lh-ogp-meta-tags
Lightview Plus lightview-plus
Listamester listamester
Login Alert login-alert
Login Redirect login-redirect
Login Widget for Ultimate Member login-widget-for-ultimate-member
LWS SMS lws-sms
Magic Embeds wp-embed-facebook
Map Contact map-contact
Material Dashboard material-dashboard
MDJM Event Management mobile-dj-manager
MediaView mediaview
Menu Duplicator copy-menu
Message ticker message-ticker
MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor metform
Microblog Poster – Auto Publish on Social Media microblog-poster
MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Wallet paid-membership
Mobile Navigation mobile-navigation
Multiple Shipping And Billing Address For Woocommerce different-shipping-and-billing-address-for-woocommerce
Music Press Pro music-press-pro
My Bootstrap Menu my-bootstrap-menu
My Default Post Content my-default-post-content
N-Media MailChimp Subscription nmedia-mailchimp-widget
Navigation Tree Elementor navigation-tree-elementor
NertWorks All in One Social Share Tools nertworks-all-in-one-social-share-tools
Newsletters newsletters-lite
NextGEN Gallery Voting nextgen-gallery-voting
Novelist novelist
Off-Canvas Sidebars & Menus (Slidebars) off-canvas-sidebars
OK Poster Group ok-poster-group
Omnify – The Best Scheduling Widgets for WordPress omnify-widget
OmniLeads Scripts and Tags Manager omnileads-scripts-and-tags-manager
One to one user Chat by WPGuppy wpguppy-lite
OSS Upload oss-upload
Our Team Members – Team Members WordPress Plugin our-team-members
Page Takeover page-takeover
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction paid-member-subscriptions
PDF for WPForms + Drag and Drop Template Builder pdf-for-wpforms
Pesapal Gateway for Woocommerce pesapal-for-woocommerce
Plugin Name: GMO Font Agent gmo-font-agent
Pop-Up Chop Chop pop-up
Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX ultimate-post
PostMash Custom – custom post order postmash-custom
Pretty file links pretty-file-links
Primer MyData for Woocommerce primer-mydata
Pro Rank Tracker proranktracker
Product Author for WooCommerce wc-product-author
Product Catalog – Catalog for WordPress displayproduct
Product Import Export for WooCommerce – Import Export Product CSV Suite product-import-export-for-woo
Quick Interest Slider quick-interest-slider
Quick Localization (Quick Localisation) quick-localization
Quiz Cat – WordPress Quiz Plugin quiz-cat
Quotes llama quotes-llama
Related Posts via Categories related-posts-via-categories
Replace Default Words replace-default-words
Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates responsive-addons-for-elementor
Restaurant Menu and Food Ordering mp-restaurant-menu
Rewrite rewrite
RomethemeKit For Elementor rometheme-for-elementor
RPS Include Content rps-include-content
Scheduled & Automatic Order Status Controller for WooCommerce order-status-rules-for-woocommerce
SearchIQ – The Search Solution searchiq
Secret Meta facebook-secret-meta
SecuPress Free — WordPress Security secupress
Sensei LMS – Online Courses, Quizzes, & Learning sensei-lms
SEO Plugin by Squirrly SEO squirrly-seo
Serial Codes Generator and Validator with WooCommerce Support serial-codes-generator-and-validator
SH Email Alert sh-email-alert
Shipmondo – A complete shipping solution for WooCommerce pakkelabels-for-woocommerce
Shortcodes by United Themes ut-shortcodes
ShowTime Slideshow showtime-slideshow
Shuffle shuffle
Simple Giveaways – Grow your business, email lists and traffic with contests giveasap
Simple Optimizer simple-optimizer
Simple Rating simple-rating
Simple Trackback Disabler simple-trackback-disabler
Simplebooklet PDF Viewer and Embedder simplebooklet
SimplyRETS Real Estate IDX simply-rets
Sitekit sitekit
SKT Addons for Elementor skt-addons-for-elementor
SKU Generator for WooCommerce sku-for-woocommerce
Slider by BestWebSoft slider-bws
Smart Maintenance Mode smart-maintenance-mode
SNORDIAN’s H5PxAPIkatchu h5pxapikatchu
So-Called Air Quotes so-called-air-quotes
Social Reviews & Recommendations fb-reviews-widget
SoJ SoundSlides soj-soundslides
SoundCloud Ultimate Plugin soundcloud-ultimate
sourceplay-navermap sourceplay-navermap
SpeakPipe – Voicemail for Websites speakpipe-voicemail-for-websites
Specific Content For Mobile – Customize the mobile version without redirections specific-content-for-mobile
Spectra Gutenberg Blocks – Website Builder for the Block Editor ultimate-addons-for-gutenberg
STEdb Forms stedb-forms
Stock Sync for WooCommerce with Google Sheets | WooCommerce Bulk Edit, Stock Management, Inventory Management System & more – FlexStock stock-sync-with-google-sheet-for-woocommerce
Store Locator Widget store-locator-widget
Structured Content (JSON-LD) #wpsc structured-content
Subscribe to Download Lite – Download after Email Subscription Form WordPress Plugin subscribe-to-download-lite
Sunshine Photo Cart: Free Client Photo Galleries for Photographers sunshine-photo-cart
Super Simple Subscriptions super-simple-subscriptions
Super Static Cache super-static-cache
Support Genix – Helpdesk & Customer Support Ticket System support-genix-lite
SyntaxHighlighter Evolved syntaxhighlighter
TablePress – Tables in WordPress made easy tablepress
tagDiv Composer td-composer
Taxi Booking Manager for WooCommerce – WordPress plugin | Ecab ecab-taxi-booking-manager
teachPress teachpress
Team Manager – Team Member Showcase with grid, slider, table Elementor widget & shortcode wp-team-manager
Teleport teleport
Terms & Conditions Per Product terms-and-conditions-per-product
Terms of Use terms-of-use-2
Text Selection Color text-selection-color
Textmetrics webtexttool
TGG – WP Optimizer tgg-wp-optimizer
The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library) the-pack-addon
The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid the-post-grid
The Ultimate WordPress Toolkit – WP Extended wpextended
The Visitor Counter Plugin the-visitor-counter
Themify Event Post themify-event-post
Tickera – WordPress Event Ticketing tickera-event-ticketing-system
Tidekey tidekey
Toggle Box toggle-box
Top Bar ultimate-bar
Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid boldgrid-backup
Translate Multilingual sites – TranslatePress translatepress-multilingual
Translator translator
TWB Woocommerce Reviews twb-woocommerce-reviews
Typekit plugin for WordPress typekit
Ultimate Blocks – WordPress Blocks Plugin ultimate-blocks
Ultimate Dashboard – Custom WordPress Dashboard ultimate-dashboard
Ultimate Security Checker ultimate-security-checker
Upload Quota per User upload-quota-per-user
User Registration & Membership – Custom Registration Form, Login Form, and User Profile user-registration
Usermaven usermaven
ValidateCertify Free validar-certificados-de-cursos
VaultRE Contact Form 7 wp-plugin-contact-form-7
Verge3D Publishing and E-Commerce verge3d
Video Embedder video-embedder
Vimeotheque: Vimeo WordPress Plugin codeflavors-vimeo-video-post-lite
Visual Text Editor visual-text-editor
wA11y – The Web Accessibility Toolbox wa11y
wBounce wbounce
Weather Layer weather-layer
Web Directory Free web-directory-free
Webhook Automator & Contact Form Integration to Automate 280+ Platforms – Bit Integrations bit-integrations
WIP WooCarousel Lite wip-woocarousel-lite
WishSuite – Wishlist for WooCommerce wishsuite
WooCommerce Fattureincloud woo-fattureincloud
WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features) smart-wishlist-for-more-convert
WordPres 同步微博 wp2wb
WordPress Admin Bar Improved wordpress-admin-bar-improved
WordPress Importer wordpress-importer
WordPress Infinite Scroll by Auto Load Next Post auto-load-next-post
wordpress publish post email notification publish-post-email-notification
WordPress SQL Backup wordpress-sql-backup
WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly tour-booking-manager
WP Cards wp-cards
WP Cassify wp-cassify
WP Church Donation wp-church-donation
WP Colorful Tag Cloud wp-colorful-tag-cloud
WP Compress for MainWP wp-compress-mainwp
WP Compress – Instant Performance & Speed Optimization wp-compress-image-optimizer
WP Database Optimizer wp-database-optimizer
WP e-Commerce Style Email wp-e-commerce-style-email
WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting erp
WP Event Ticketing wpeventticketing
WP Fast Total Search – The Power of Indexed Search fulltext-search
WP Featured Entries wp-featured-entries
WP Google Review Slider wp-google-places-review-slider
WP Google Street View (with 360° virtual tour) & Google maps + Local SEO wp-google-street-view
WP Hotjar wp-hotjar
WP Multistore Locator — WP Store Locator Plugin: Effortless Integration With Snazzy Maps wp-multi-store-locator
WP Odoo Form Integrator wp-odoo-form-integrator
WP Parallax Content Slider wp-parallax-content-slider
WP Posts Carousel wp-posts-carousel
WP Profitshare wp-profitshare
WP Ride Booking – Best Taxi Booking Solution for WordPress wp-ride-booking
WP Social Widget wp-social-widget
WP Subscription Forms – Subscription Form Plugin for WordPress wp-subscription-forms
WP Supersized wp-supersized
WP Travel Engine – Tour Booking Plugin – Tour Operator Software wp-travel-engine
WP Ultimate Search wp-ultimate-search
WP-OGP wp-ogp
WP2LEADS | WordPress und KlickTipp einfach verbinden – WooCommerce und KlickTipp einfach verbinden wp2leads
WPC Smart Upsell Funnel for WooCommerce wpc-smart-upsell-funnel
WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce wp-cafe
wpShopGermany IT-RECHT KANZLEI wpshopgermany-it-recht-kanzlei
xili-dictionary xili-dictionary
Your Simple SVG Support your-simple-svg-support
YouTube SimpleGallery youtube-simplegallery
Yummly Rich Recipes yummly-rich-recipes
Z Companion z-companion
Zapier for WordPress zapier
ZhuiGe Official Website Mini Program jiangqie-official-website-mini-program
Zoho Billing – Embed Payment Form zoho-subscriptions
افزونه حمل و نقل ووکامرس (پست پیشتاز و سفارشی، پیک موتوری) persian-woocommerce-shipping
دکمه، شبکه اجتماعی خرید dokme
=== Export All Posts, Products, Orders, Refunds & Users wp-ultimate-exporter

WordPress Themes with Reported Vulnerabilities Last Week

Software Name Software Slug
AuraMart auramart
Big Store big-store
Build build
Churel churel
City Store city-store
Hester hester
MorningTime Lite morningtime-lite
newseqo newseqo
RainbowNews rainbownews
rapyd-payments rapyd-payments
StoreBiz storebiz
Travel Booking WordPress Theme traveler
Unlimited unlimited
Whitish Lite whitish-lite
wp-weixin wp-weixin

Vulnerability Details

Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.

Accounting for WooCommerce <= 1.6.8 – Unauthenticated Local File Inclusion

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-30835
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Accounting for WooCommerce
Researcher

Dimas Maulana

More Details >

Checkout Mestres do WP for WooCommerce 8.6.5 – 8.7.5 – Unauthenticated Arbitrary Options Update

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-2266
Patch Status
Unpatched
Published
Mar 28, 2025

Affected Software
Checkout Mestres do WP for WooCommerce
Researcher

kr0d

More Details >

Essential Real Estate <= 5.2.0 – Unauthenticated Local File Inclusion

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-30849
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Essential Real Estate
Researcher

LVT-tholv2k

More Details >

Export All Posts, Products, Orders, Refunds & Users <= 2.13 – Unauthenticated PHP Object Injection

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-2332
Patch Status
Patched
Published
Mar 26, 2025

Affected Software
=== Export All Posts, Products, Orders, Refunds & Users
Researcher

Webbernaut

More Details >

JS Help Desk <= 2.9.2 – Unauthenticated Local File Inclusion

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-30901
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
JS Help Desk – The Ultimate Help Desk & Support Plugin
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Kubio AI Page Builder <= 2.5.1 – Unauthenticated Local File Inclusion

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-2294
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Kubio AI Page Builder
Researcher

mikemyers

More Details >

Material Dashboard <= 1.4.5 – Unauthenticated Privilege Escalation

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-31095
Patch Status
Patched
Published
Mar 28, 2025

Affected Software
Material Dashboard
Researcher

LVT-tholv2k

More Details >

Multiple Shipping And Billing Address For Woocommerce <= 1.5 – Unauthenticated PHP Object Injection

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-31087
Patch Status
Patched
Published
Mar 28, 2025

Affected Software
Multiple Shipping And Billing Address For Woocommerce
Researcher

Le Ngoc Anh

More Details >

postMash Custom – custom post order <= 1.0.3 – Unauthenticated SQL Injection

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-30622
Patch Status
Unpatched
Published
Mar 26, 2025

Affected Software
PostMash Custom – custom post order
Researcher

timomangcut

More Details >

Rapyd Payment Extension for WooCommerce <= 1.1.9 – Unauthenticated PHP Object Injection

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-30618
Patch Status
Unpatched
Published
Mar 27, 2025

Affected Software
rapyd-payments
Researcher

astra.r3verii

More Details >

Sunshine Photo Cart <= 3.4.10 – Unauthenticated PHP Object Injection

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-31084
Patch Status
Patched
Published
Mar 28, 2025

Affected Software
Sunshine Photo Cart: Free Client Photo Galleries for Photographers
Researcher

João Pedro Soares de Alcântara

More Details >

Traveler <= 3.1.8 – Unauthenticated PHP Object Injection

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-26873
Patch Status
Unpatched
Published
Mar 27, 2025

Affected Software
Travel Booking WordPress Theme
Researcher

Rafie Muhammad

More Details >

User Registration & Membership <= 4.1.1 – Unauthenticated Privilege Escalation

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-2563
Patch Status
Patched
Published
Mar 24, 2025

Affected Software
User Registration & Membership – Custom Registration Form, Login Form, and User Profile
Researcher

wesley (wcraft)

More Details >

WP Travel Engine <= 6.3.5 – Unauthenticated Local File Inclusion

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-30870
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
WP Travel Engine – Tour Booking Plugin – Tour Operator Software
Researcher

LVT-tholv2k

More Details >

CM Download Manager <= 2.9.6 – Unauthenticated Arbitrary File Deletion

9.1

CVSS Rating
Critical (9.1)
CVE-ID
CVE-2025-30910
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
CM Download Manager – Simplify file sharing with powerful download management
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

JS Help Desk <= 2.9.2 – Unauthenticated Arbitrary File Deletion

9.1

CVSS Rating
Critical (9.1)
CVE-ID
CVE-2025-30878
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
JS Help Desk – The Ultimate Help Desk & Support Plugin
Researcher

LVT-tholv2k

More Details >

Administrator Z <= 2025.03.24 – Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2025-2815
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Administrator Z
Researcher

kr0d

More Details >

Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.8.7 – Unauthenticated Arbitrary File Deletion

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2025-2328
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Drag and Drop Multiple File Upload for Contact Form 7
Researcher

Phat RiO – BlueRock

More Details >

EZ SQL Reports Shortcode Widget and DB Backup 4.11.13 – 5.25.08 – Cross-Site Request Forgery to Remote Code Execution

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2025-2319
Patch Status
Patched
Published
Mar 24, 2025

Affected Software
EZ SQL Reports Shortcode Widget and DB Backup
Researcher

lucky_buddy

More Details >

Inline Image Upload for BBPress <= 1.1.19 – Authenticated (Subscriber+) Arbitrary File Upload

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2025-2006
Patch Status
Patched
Published
Mar 28, 2025

Affected Software
Inline Image Upload for BBPress
Researcher

yudha

More Details >

Login Widget for Ultimate Member <= 1.1.2 – Authenticated (Contributor+) Local File Inclusion

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2025-30890
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Login Widget for Ultimate Member
Researcher

yudha

More Details >

MDJM Event Management <= 1.7.5.2 – Authenticated (Subscriber+) PHP Object Injection

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2025-31074
Patch Status
Patched
Published
Mar 28, 2025

Affected Software
MDJM Event Management
Researcher

LVT-tholv2k

More Details >

Pop-Up Chop Chop <= 2.1.7 – Authenticated (Contributor+) Local File Inclusion

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2025-31432
Patch Status
Unpatched
Published
Mar 28, 2025

Affected Software
Pop-Up Chop Chop
Researcher

Nguyen Xuan Chien

More Details >

Restaurant Menu by MotoPress <= 2.4.4 – Authenticated (Contributor+) Local File Inclusion

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2025-30846
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Restaurant Menu and Food Ordering
Researcher

yudha

More Details >

RomethemeKit For Elementor <= 1.5.4 – Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2025-30911
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
RomethemeKit For Elementor
Researcher

Rafie Muhammad

More Details >

SoJ Soundslides <= 1.2.2 – Authenticated (Contributor+) Arbitrary File Upload

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2025-2249
Patch Status
Unpatched
Published
Mar 28, 2025

Affected Software
SoJ SoundSlides
Researcher

Hoang Phuc Vo (HrxKnight)

More Details >

Subscribe to Download Lite <= 1.2.9 – Authenticated (Contributor+) Local File Inclusion

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2025-30785
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Subscribe to Download Lite – Download after Email Subscription Form WordPress Plugin
Researcher

LVT-tholv2k

More Details >

Team Manager <= 2.1.23 – Authenticated (Contributor+) Local File Inclusion

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2025-30868
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Team Manager – Team Member Showcase with grid, slider, table Elementor widget & shortcode
Researcher

LVT-tholv2k

More Details >

The Pack Elementor addons <= 2.1.1 – Authenticated (Contributor+) Local File Inclusion

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2025-30845
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library)
Researcher

LVT-tholv2k

More Details >

The Post Grid <= 7.7.17 – Authenticated (Contributor+) Local File Inclusion

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2025-30814
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid
Researcher

LVT-tholv2k

More Details >

Themify Event Post <= 1.3.2 – Authenticated (Contributor+) Local File Inclusion

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2025-30831
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Themify Event Post
Researcher

LVT-tholv2k

More Details >

Visual Text Editor <= 1.2.1 – Authenticated (Contributor+) Remote Code Execution

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2025-28893
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
Visual Text Editor
Researcher

theviper17y

More Details >

WishSuite <= 1.4.4 – Authenticated (Contributor+) Local File Inclusion

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2025-30820
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
WishSuite – Wishlist for WooCommerce
Researcher

LVT-tholv2k

More Details >

WP Compress <= 6.30.15 – Authenticated (Subscriber+) Missing Authorization via Multiple Functions

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2025-2110
Patch Status
Patched
Published
Mar 25, 2025

Affected Software
WP Compress – Instant Performance & Speed Optimization
Researcher

mikemyers

More Details >

WP e-Commerce Style Email <= 0.6.2 – Cross-Site Request Forgery to Remote Code Execution

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2025-30615
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
WP e-Commerce Style Email
Researcher

0xd4rk5id3

More Details >

WP Travel Engine <= 6.3.5 – Authenticated (Contributor+) Local File Inclusion

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2025-30871
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
WP Travel Engine – Tour Booking Plugin – Tour Operator Software
Researcher

LVT-tholv2k

More Details >

WPC Smart Upsell Funnel for WooCommerce <= 3.0.4 – Authenticated (Subscriber+) Arbitrary Options Update

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2025-30772
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
WPC Smart Upsell Funnel for WooCommerce
Researcher

LVT-tholv2k

More Details >

WPCafe <= 2.2.31 – Authenticated (Contributor+) Local File Inclusion

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2025-30829
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce
Researcher

LVT-tholv2k

More Details >

WpEvently <= 4.2.9 – Authenticated (Contributor+) Local File Inclusion

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2025-30895
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin
Researcher

LVT-tholv2k

More Details >

WpTravelly <= 1.8.7 – Authenticated (Contributor+) Local File Inclusion

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2025-30891
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly
Researcher

LVT-tholv2k

More Details >

Product Catalog – Catalog for WordPress <= 1.0.4 – Unauthenticated SQL Injection

8.6

CVSS Rating
High (8.6)
CVE-ID
CVE-2025-30524
Patch Status
Unpatched
Published
Mar 25, 2025

Affected Software
Product Catalog – Catalog for WordPress
Researcher

Phan Trong Quan

More Details >

BWL Advanced FAQ Manager <= 2.1.4 – Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update

8.1

CVSS Rating
High (8.1)
CVE-ID
CVE-2024-13801
Patch Status
Patched
Published
Mar 25, 2025

Affected Software
BWL Advanced FAQ Manager
Researcher

Lucio Sá

More Details >

Import Export Suite for CSV and XML Datafeed <= 7.19 – Authenticated (Subscriber+) Arbitrary File Deletion

8.1

CVSS Rating
High (8.1)
CVE-ID
CVE-2025-2007
Patch Status
Patched
Published
Mar 25, 2025

Affected Software
Import Export Suite for CSV and XML Datafeed
Researcher

mikemyers

More Details >

Product Import Export for WooCommerce <= 2.5.0 – Authenticated (Administrator+) Server-Side Request Forgery via validate_file Function

7.6

CVSS Rating
High (7.6)
CVE-ID
CVE-2025-1912
Patch Status
Patched
Published
Mar 25, 2025

Affected Software
Product Import Export for WooCommerce – Import Export Product CSV Suite
Researcher

HayMiz

More Details >

Ads by WPQuads <= 2.0.87.1 – Unauthenticated SQL Injection

7.5

CVSS Rating
High (7.5)
CVE-ID
CVE-2025-30876
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads
Researcher

astra.r3verii

More Details >

Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.8.7 – Unauthenticated PHP Object Injection via PHAR to Arbitrary File Deletion

7.5

CVSS Rating
High (7.5)
CVE-ID
CVE-2025-2485
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Drag and Drop Multiple File Upload for Contact Form 7
Researcher

Phat RiO – BlueRock

More Details >

JS Help Desk <= 2.9.1 – Unauthenticated Arbitrary File Download

7.5

CVSS Rating
High (7.5)
CVE-ID
CVE-2025-30882
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
JS Help Desk – The Ultimate Help Desk & Support Plugin
Researcher

LVT-tholv2k

More Details >

JS Help Desk <= 2.9.2 – Unauthenticated SQL Injection

7.5

CVSS Rating
High (7.5)
CVE-ID
CVE-2025-30886
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
JS Help Desk – The Ultimate Help Desk & Support Plugin
Researcher

LVT-tholv2k

More Details >

Traveler <= 3.1.8 – Unauthenticated SQL Injection

7.5

CVSS Rating
High (7.5)
CVE-ID
CVE-2025-26898
Patch Status
Unpatched
Published
Mar 27, 2025

Affected Software
Travel Booking WordPress Theme
Researcher

Rafie Muhammad

More Details >

Web Directory Free <= 1.7.6 – Unauthenticated SQL Injection

7.5

CVSS Rating
High (7.5)
CVE-ID
CVE-2025-28904
Patch Status
Patched
Published
Mar 24, 2025

Affected Software
Web Directory Free
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

WP Multistore Locator <= 2.5.2 – Unauthenticated SQL Injection

7.5

CVSS Rating
High (7.5)
CVE-ID
CVE-2025-28898
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
WP Multistore Locator — WP Store Locator Plugin: Effortless Integration With Snazzy Maps
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Active Products Tables for WooCommerce <= 1.0.6.7 – Unauthenticated Arbitrary Filter Call

7.3

CVSS Rating
High (7.3)
CVE-ID
CVE-2025-1514
Patch Status
Patched
Published
Mar 25, 2025

Affected Software
Active Products Tables for WooCommerce. Use constructor to create tables 
Researcher

Arkadiusz Hydzik

More Details >

So-Called Air Quotes <= 0.1 – Unauthenticated Arbitrary Shortcode Execution

7.3

CVSS Rating
High (7.3)
CVE-ID
CVE-2025-2803
Patch Status
Unpatched
Published
Mar 28, 2025

Affected Software
So-Called Air Quotes
Researcher

Avraham Shemesh

More Details >

AliNext <= 3.5.1 – Open Redirect

7.2

CVSS Rating
High (7.2)
CVE-ID
CVE-2025-30859
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
AliExpress Dropshipping Plugin for WooCommerce – AliNext
Researcher

Le Ngoc Anh

More Details >

Automation By Autonami <= 3.5.1 – Open Redirect

7.2

CVSS Rating
High (7.2)
CVE-ID
CVE-2025-30795
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce
Researcher

Le Ngoc Anh

More Details >

Bit Form – Contact Form Plugin <= 2.18.0 – Open Redirect

7.2

CVSS Rating
High (7.2)
CVE-ID
CVE-2025-30885
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder
Researcher

Le Ngoc Anh

More Details >

Bit Integrations <= 2.4.10 – Open Redirect

7.2

CVSS Rating
High (7.2)
CVE-ID
CVE-2025-30884
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Webhook Automator & Contact Form Integration to Automate 280+ Platforms – Bit Integrations
Researcher

Le Ngoc Anh

More Details >

Newsletters <= 4.9.9.7 – Unauthenticated Stored Cross-Site Scripting

7.2

CVSS Rating
High (7.2)
CVE-ID
CVE-2025-2009
Patch Status
Patched
Published
Mar 25, 2025

Affected Software
Newsletters
Researcher

m3ssap0

More Details >

Product Import Export for WooCommerce <= 2.5.0 – Authenticated (Admin+) PHP Object Injection via form_data Parameter

7.2

CVSS Rating
High (7.2)
CVE-ID
CVE-2025-1913
Patch Status
Patched
Published
Mar 25, 2025

Affected Software
Product Import Export for WooCommerce – Import Export Product CSV Suite
Researcher

HayMiz

More Details >

Scheduled & Automatic Order Status Controller for WooCommerce <= 3.7.1 – Open Redirect

7.2

CVSS Rating
High (7.2)
CVE-ID
CVE-2025-30781
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Scheduled & Automatic Order Status Controller for WooCommerce
Researcher

Le Ngoc Anh

More Details >

Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid <= 1.16.10 – Authenticated (Admin+) Command Injection

7.2

CVSS Rating
High (7.2)
CVE-ID
CVE-2025-2257
Patch Status
Patched
Published
Mar 25, 2025

Affected Software
Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid
Researcher

sterva

More Details >

TranslatePress <= 2.9.6 – Authenticated (Administrator+) PHP Object Injection

7.2

CVSS Rating
High (7.2)
CVE-ID
CVE-2025-30773
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Translate Multilingual sites – TranslatePress
Researcher

Ananda Dhakal

More Details >

WordPress Importer <= 0.8.3 – Authenticated (Administrator+) PHP Object Injection

7.2

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-13889
Patch Status
Patched
Published
Mar 25, 2025

Affected Software
WordPress Importer
Researcher

Francesco Carlucci

More Details >

WP Church Donation <= 1.7 – Unauthenticated Stored Cross-Site Scripting

7.2

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-13690
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
WP Church Donation
Researcher

johska

More Details >

Custom Field For WP Job Manager <= 1.4 – Cross-Site Request Forgery

6.5

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-30856
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Custom Field For WP Job Manager
Researcher

Skalucy

More Details >

Duplicate Page and Post <= 1.0 – Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-31466
Patch Status
Unpatched
Published
Mar 28, 2025

Affected Software
Duplicate Page and Post
Researcher

domiee13

More Details >

Flickr set slideshows <= 0.9 – Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-30590
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
Flickr set slideshows
Researcher

timomangcut

More Details >

Flickr set slideshows <= 0.9 – Authenticated (Subscriber+) SQL Injection

6.5

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-30589
Patch Status
Unpatched
Published
Mar 27, 2025

Affected Software
Flickr set slideshows
Researcher

timomangcut

More Details >

Jobs for WordPress <= 2.7.11 – Authenticated (Subscriber+) Arbitrary File Read

6.5

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-1310
Patch Status
Patched
Published
Mar 25, 2025

Affected Software
Job Postings
Researcher

Arkadiusz Hydzik

More Details >

Lead Form Data Collection to CRM <= 3.0.1 – Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-30810
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Lead Form Data Collection to CRM
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Navigation Tree Elementor <= 1.0.1 – Authenticated (Subscriber+) SQL Injection

6.5

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-30562
Patch Status
Unpatched
Published
Mar 25, 2025

Affected Software
Navigation Tree Elementor
Researcher

timomangcut

More Details >

SEO Plugin by Squirrly SEO <= 12.4.03 – Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-22783
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
SEO Plugin by Squirrly SEO
Researcher

Webula

More Details >

Shortcodes by United Themes <= 5.1.6 – Unauthenticated Arbitrary Shortcode Execution

6.5

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-13557
Patch Status
Patched
Published
Mar 28, 2025

Affected Software
Shortcodes by United Themes
Researcher

mikemyers

More Details >

Shuffle <= 0.5 – Authenticated (Subscriber+) SQL Injection

6.5

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-28873
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
Shuffle
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Simple Giveaways <= 2.48.1 – Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-30819
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Simple Giveaways – Grow your business, email lists and traffic with contests
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Vimeotheque <= 2.3.4.2 – Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-30806
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Vimeotheque: Vimeo WordPress Plugin
Researcher

Phat RiO – BlueRock

More Details >

WP Featured Entries <= 1.0 – Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-30569
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
WP Featured Entries
Researcher

timomangcut

More Details >

WP Subscription Forms <= 1.2.3 – Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-30784
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
WP Subscription Forms – Subscription Form Plugin for WordPress
Researcher

LVT-tholv2k

More Details >

WPGuppy <= 1.1.3 – Authenticated (Subscriber+) SQL Injection

6.5

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-30775
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
One to one user Chat by WPGuppy
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Advanced iFrame <= 2024.5 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-1437
Patch Status
Patched
Published
Mar 25, 2025

Affected Software
Advanced iFrame
Researcher

Luciano Hanna

More Details >

Advanced iFrame <= 2024.5 – Authenticated (Contributor+) Stored Cross-Site Scripting via Host Header

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-1439
Patch Status
Patched
Published
Mar 25, 2025

Affected Software
Advanced iFrame
Researcher

omstaendlig

More Details >

Advanced Woo Search <= 3.28 – Authenticated (Contributor+) Stored Cross-Site Scripting via aws_search_terms Shortcode

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-2302
Patch Status
Patched
Published
Mar 25, 2025

Affected Software
Advanced Woo Search
Researcher

yudha

More Details >

Alert Box Block – Display notice/alerts in the front end <= 1.1.2 – Authenticated (Contributor+) Stored Cross-Site Scripting via Alert Box Block

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-13731
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
Alert Box Block – Display notice/alerts in the front end.
Researchers

Nguyen Vuong Quoc
Pham Van Tam
Nguyen Khanh Hao

More Details >

Amazing service box Addons For WPBakery Page Builder <= 2.0.0 – Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-2573
Patch Status
Unpatched
Published
Mar 25, 2025

Affected Software
Amazing service box Addons For WPBakery Page Builder (formerly Visual Composer)
Researcher

Avraham Shemesh

More Details >

ARPrice <= 4.1.3 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-26731
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
ARPrice – WordPress Pricing Table Plugin
Researcher

Nguyễn Trung Kiên

More Details >

Audio Album <= 1.5.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-30780
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Audio Album
Researcher

yudha

More Details >

AuraMart <= 2.0.7 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-26922
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
AuraMart
Researcher

stealthcopter

More Details >

Ayyash Studio <= 1.0.3 – Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-2576
Patch Status
Unpatched
Published
Mar 25, 2025

Affected Software
Ayyash Studio — The kick-start kit
Researcher

Avraham Shemesh

More Details >

Better Section Navigation Widget <= 1.6.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31465
Patch Status
Unpatched
Published
Mar 28, 2025

Affected Software
Better Section Navigation
Researcher

yudha

More Details >

Build <= 1.0.3 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-26869
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
Build
Researcher

stealthcopter

More Details >

Charitable <= 1.8.4.7 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-30770
Patch Status
Patched
Published
Mar 26, 2025

Affected Software
Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More
Researcher

yudha

More Details >

Churel <= 1.0.8 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31419
Patch Status
Unpatched
Published
Mar 28, 2025

Affected Software
Churel
Researcher

stealthcopter

More Details >

City Store <= 1.4.5 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-26737
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
City Store
Researcher

stealthcopter

More Details >

Click to Chat – WP Support All-in-One Floating Widget <= 2.3.4 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31092
Patch Status
Unpatched
Published
Mar 27, 2025

Affected Software
Click to Chat – WP Support All-in-One Floating Widget
Researcher

Gab

More Details >

Clink <= 1.2.2 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-30566
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
Clink – WordPress Link Manager
Researcher

yudha

More Details >

Cozy Blocks <= 2.1.6 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-30838
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Cozy Blocks – Page Builder for Gutenberg & Site Editor with Post Blocks, WooCommerce Blocks, Magazine Blocks & WordPress Gutenberg Blocks
Researcher

Prissy

More Details >

CRM and Lead Management by vcita <= 2.7.4 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-13702
Patch Status
Patched
Published
Mar 25, 2025

Affected Software
CRM and Lead Management by vcita
Researcher

yudha

More Details >

DesignThemes Core Features <= 4.8 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-0845
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
DesignThemes Core Features
Researcher

István Márton

More Details >

DICOM Support <= 0.10.6 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-12623
Patch Status
Patched
Published
Mar 24, 2025

Affected Software
DICOM Support
Researcher

Peter Thaleikis

More Details >

Doneren met Mollie <= 2.10.7 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-30779
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Doneren met Mollie
Researcher

yudha

More Details >

Dr. Flex <= 2.0.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-30850
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Dr. Flex
Researcher

stealthcopter

More Details >

Dropdown Multisite selector < 0.9.4 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31090
Patch Status
Patched
Published
Mar 28, 2025

Affected Software
Dropdown multisite selector
Researcher

yudha

More Details >

ElementsKit Elementor addons <= 3.4.7 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-11180
Patch Status
Patched
Published
Mar 28, 2025

Affected Software
ElementsKit Elementor Addons and Templates
Researcher

zer0gh0st

More Details >

EO4WP <= 1.0.8.4 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-30763
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
EO4WP: EmailOctopus for WordPress
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Fiverr.com Official Search Box <= 1.0.8 – Authenticated (Subscriber+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-28885
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
Fiverr.com Official Search Box
Researcher

Abdi Pranata

More Details >

FormLift for Infusionsoft Web Forms <= 7.5.19 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31434
Patch Status
Patched
Published
Mar 28, 2025

Affected Software
FormLift for Infusionsoft Web Forms
Researcher

yudha

More Details >

Gallery for Social Photo <= 1.0.0.35 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-26742
Patch Status
Patched
Published
Mar 25, 2025

Affected Software
Gallery for Social Photo
Researcher

yudha

More Details >

GMO Font Agent <= 1.6 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-30553
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
Plugin Name: GMO Font Agent
Researcher

theviper17y

More Details >

Greenshift <= 11.0.2 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-30873
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Greenshift – animation and page builder blocks
Researcher

Peter Thaleikis

More Details >

Gum Elementor Addon <= 1.3.10 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-30800
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Gum Elementor Addon
Researcher

Prissy

More Details >

Happy Addons for Elementor <= 3.16.2 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-30766
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Happy Addons for Elementor
Researcher

stealthcopter

More Details >

Hester <= 1.1.10 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-26734
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
Hester
Researcher

stealthcopter

More Details >

IG Shortcodes <= 3.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-30597
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
IG Shortcodes
Researcher

timomangcut

More Details >

Include URL <= 0.3.5 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-30593
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
Include URL
Researcher

timomangcut

More Details >

include-file <= 1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-30595
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
include-file
Researcher

timomangcut

More Details >

IP Locator <= 4.1.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-30826
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
IP Locator
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

jAlbum Bridge <= 2.0.17 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-30818
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
jAlbum Bridge
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

jAlbum Bridge <= 2.0.18 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-30768
Patch Status
Patched
Published
Mar 26, 2025

Affected Software
jAlbum Bridge
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

LatePoint <= 5.1.6 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-30836
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
LatePoint – Calendar Booking Plugin for Appointments and Events
Researcher

Peter Thaleikis

More Details >

LeadConnector <= 3.0.2 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-30893
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
LeadConnector
Researcher

Peter Thaleikis

More Details >

Leaky Paywall <= 4.21.7 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31083
Patch Status
Patched
Published
Mar 28, 2025

Affected Software
Leaky Paywall
Researcher

yudha

More Details >

Listamester <= 2.3.5 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-30813
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Listamester
Researcher

theviper17y

More Details >

Magic Embeds <= 3.1.2 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31433
Patch Status
Unpatched
Published
Mar 28, 2025

Affected Software
Magic Embeds
Researcher

yudha

More Details >

MicroPayments <= 2.9.29 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31075
Patch Status
Patched
Published
Mar 28, 2025

Affected Software
MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Wallet
Researcher

yudha

More Details >

MorningTime Lite <= 1.3.2 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-26736
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
MorningTime Lite
Researcher

stealthcopter

More Details >

newseqo <= 2.1.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-26739
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
newseqo
Researcher

Michael

More Details >

Nmedia MailChimp <= 5.4 – Authenticated (Subscriber+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-30613
Patch Status
Unpatched
Published
Mar 27, 2025

Affected Software
N-Media MailChimp Subscription
Researcher

Skalucy

More Details >

Off-Canvas Sidebars & Menus (Slidebars) <= 0.5.8.2 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-30860
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Off-Canvas Sidebars & Menus (Slidebars)
Researcher

yudha

More Details >

Paid Member Subscriptions <= 2.14.3 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31088
Patch Status
Patched
Published
Mar 28, 2025

Affected Software
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction
Researcher

yudha

More Details >

persian-woocommerce-shipping <= 4.2.3 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-30898
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
افزونه حمل و نقل ووکامرس (پست پیشتاز و سفارشی، پیک موتوری)
Researcher

Peter Thaleikis

More Details >

PostX <= 4.1.25 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31096
Patch Status
Patched
Published
Mar 28, 2025

Affected Software
Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX
Researcher

Peter Thaleikis

More Details >

Pretty file links <= 0.9 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-30551
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
Pretty file links
Researcher

theviper17y

More Details >

Quick Interest Slider <= 3.1.3 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-26738
Patch Status
Unpatched
Published
Mar 25, 2025

Affected Software
Quick Interest Slider
Researcher

yudha

More Details >

Quotes llama <= 3.1.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-30786
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Quotes llama
Researcher

yudha

More Details >

RainbowNews <= 1.0.7 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-26747
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
RainbowNews
Researcher

stealthcopter

More Details >

RPS Include Content <= 1.2.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31093
Patch Status
Patched
Published
Mar 28, 2025

Affected Software
RPS Include Content
Researcher

yudha

More Details >

SearchIQ <= 4.7 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-30867
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
SearchIQ – The Search Solution
Researcher

yudha

More Details >

SecuPress Free <= 2.2.5.3 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-30907
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
SecuPress Free — WordPress Security
Researcher

zaim

More Details >

Simplebooklet PDF Viewer and Embedder <= 1.1.2 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-30922
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Simplebooklet PDF Viewer and Embedder
Researcher

zaim

More Details >

Sitekit <= 1.8 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-30776
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Sitekit
Researcher

yudha

More Details >

SKT Addons for Elementor <= 3.5 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-30812
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
SKT Addons for Elementor
Researcher

Prissy

More Details >

Spectra – WordPress Gutenberg Blocks <= 2.19.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-1784
Patch Status
Patched
Published
Mar 25, 2025

Affected Software
Spectra Gutenberg Blocks – Website Builder for the Block Editor
Researcher

Peter Thaleikis

More Details >

StoreBiz <= 1.0.32 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-26732
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
StoreBiz
Researcher

stealthcopter

More Details >

Structured Content <= 1.6.3 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-30918
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Structured Content (JSON-LD) #wpsc
Researcher

Peter Thaleikis

More Details >

SyntaxHighlighter Evolved <= 3.7.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-30903
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
SyntaxHighlighter Evolved
Researcher

Peter Thaleikis

More Details >

TablePress – Tables in WordPress made easy <= 3.0.4 – Authenticated (Author+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-2685
Patch Status
Patched
Published
Mar 26, 2025

Affected Software
TablePress – Tables in WordPress made easy
Researcher

SavPhill (Savphill)

More Details >

The Pack Elementor addons <= 2.1.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-30925
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library)
Researcher

João Pedro Soares de Alcântara

More Details >

Themify Event Post <= 1.3.2 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-30832
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Themify Event Post
Researcher

LVT-tholv2k

More Details >

Toggle Box <= 1.6 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31450
Patch Status
Unpatched
Published
Mar 28, 2025

Affected Software
Toggle Box
Researcher

yudha

More Details >

Ultimate Blocks – WordPress Blocks Plugin <= 3.2.7 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-1312
Patch Status
Patched
Published
Mar 25, 2025

Affected Software
Ultimate Blocks – WordPress Blocks Plugin
Researcher

zaim

More Details >

Ultimate Blocks <= 3.2.7 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31077
Patch Status
Patched
Published
Mar 28, 2025

Affected Software
Ultimate Blocks – WordPress Blocks Plugin
Researcher

zaim

More Details >

Ultimate Blocks <= 3.2.7 – Authenticated (Contributor+) Stored Cross-Site Scripting via content Parameter

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-1703
Patch Status
Patched
Published
Mar 25, 2025

Affected Software
Ultimate Blocks – WordPress Blocks Plugin
Researcher

Peter Thaleikis

More Details >

Unlimited <= 1.45 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31073
Patch Status
Patched
Published
Mar 28, 2025

Affected Software
Unlimited
Researcher

stealthcopter

More Details >

wBounce <= 1.8.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31451
Patch Status
Unpatched
Published
Mar 28, 2025

Affected Software
wBounce
Researcher

yudha

More Details >

Whitish Lite <= 2.1.13 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-22278
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
Whitish Lite
Researcher

stealthcopter

More Details >

WP Cassify <= 2.3.5 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-30771
Patch Status
Patched
Published
Mar 26, 2025

Affected Software
WP Cassify
Researcher

yudha

More Details >

WP Compress for MainWP <= 6.30.03 – Authenticated (Subscriber+) Server-Side Request Forgery

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31076
Patch Status
Patched
Published
Mar 28, 2025

Affected Software
WP Compress for MainWP
Researcher

theviper17y

More Details >

WP Posts Carousel <= 1.3.7 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-30920
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
WP Posts Carousel
Researcher

Peter Thaleikis

More Details >

WP Posts Carousel <= 1.3.8 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31094
Patch Status
Patched
Published
Mar 28, 2025

Affected Software
WP Posts Carousel
Researcher

astra.r3verii

More Details >

WP Social Widget <= 2.2.6 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-30610
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
WP Social Widget
Researcher

yudha

More Details >

WP Ultimate Search <= 2.0.3 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31452
Patch Status
Unpatched
Published
Mar 28, 2025

Affected Software
WP Ultimate Search
Researcher

yudha

More Details >

Your Simple SVG Support <= 1.0.1 – Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-2542
Patch Status
Patched
Published
Mar 24, 2025

Affected Software
Your Simple SVG Support
Researcher

Avraham Shemesh

More Details >

YouTube SimpleGallery <= 2.0.6 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31453
Patch Status
Unpatched
Published
Mar 28, 2025

Affected Software
YouTube SimpleGallery
Researcher

yudha

More Details >

Zapier for WordPress <= 1.5.1 – Authenticated (Subscriber+) Blind Server-Side Request Forgery via updated_user Function

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-13411
Patch Status
Patched
Published
Mar 25, 2025

Affected Software
Zapier for WordPress
Researcher

shaman0x01

More Details >

Zoho Billing – Embed Payment Form <= 4.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-30900
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Zoho Billing – Embed Payment Form
Researcher

yudha

More Details >

PDF for WPForms <= 5.3.0 – Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution

6.3

CVSS Rating
Medium (6.3)
CVE-ID
CVE-2025-30767
Patch Status
Patched
Published
Mar 26, 2025

Affected Software
PDF for WPForms + Drag and Drop Template Builder
Researcher

theviper17y

More Details >

About Author <= 1.6.2 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-30808
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
About Author
Researcher

0xd4rk5id3

More Details >

AdSense Privacy Policy <= 1.1.1 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-30578
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
AdSense Privacy Policy
Researcher

Skalucy

More Details >

Advanced Post Search <= 1.1.0 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-30548
Patch Status
Unpatched
Published
Mar 27, 2025

Affected Software
Advanced Post Search
Researcher

0xd4rk5id3

More Details >

AEC Kiosque <= 1.9.3 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-30902
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
AEC Kiosque
Researcher

stealthcopter

More Details >

AlphaOmega Captcha & Anti-Spam Filter <= 3.3 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-30584
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
AlphaOmega Captcha & Anti-Spam Filter
Researcher

Nabil Irawan

More Details >

ANAC XML Render <= 1.5.7 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-30558
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
ANAC XML Render
Researcher

Abdi Pranata

More Details >

Arrow Maps <= 1.0.9 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-28858
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
Arrow Maps – Custom Maps for WordPress
Researcher

Abdi Pranata

More Details >

banner-manager <= 16.04.19 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-30565
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
banner-manager
Researcher

Nguyen Xuan Chien

More Details >

Better WishList API <= 1.1.4 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-30798
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Better WishList API
Researcher

0xd4rk5id3

More Details >

Blue Captcha <= 1.7.4 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-28880
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
Blue Captcha
Researcher

Le Ngoc Anh

More Details >

Breezing Forms <= 1.2.8.11 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-30520
Patch Status
Unpatched
Published
Mar 27, 2025

Affected Software
Breezing Forms
Researcher

Nguyen Xuan Chien

More Details >

Browser Address Bar Color <= 3.3 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-30577
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
Browser Address Bar Color
Researcher

Skalucy

More Details >

CallPhone’r <= 1.1.1 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-30550
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
CallPhone’r
Researcher

Nabil Irawan

More Details >

CAS Maestro <= 1.1.3 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-30561
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
CAS Maestro
Researcher

Nguyen Xuan Chien

More Details >

Cazamba <= 1.2 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-25100
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
Cazamba
Researcher

SOPROBRO

More Details >

Contact Form 7 Material Design <= 1.0.0 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-30522
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
Contact Form 7 Material Design
Researcher

Skalucy

More Details >

CopyLink <= 1.1 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-30603
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
CopyLink
Researcher

Nabil Irawan

More Details >

cTabs <= 1.3 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-30586
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
cTabs
Researcher

Abdi Pranata

More Details >

Custom Product Stickers for Woocommerce <= 1.9.0 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-28889
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
Custom Product Stickers for Woocommerce
Researcher

0xd4rk5id3

More Details >

Digital License Manager <= 1.7.3 – Reflected Cross-Site Scripting via remove_query_arg Function

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-2635
Patch Status
Patched
Published
Mar 24, 2025

Affected Software
Digital License Manager
Researcher

Peter Thaleikis

More Details >

Driving Directions <= 1.4.4 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-28903
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
Driving Directions
Researcher

johska

More Details >

Event Tickets <= 5.20.0 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-30794
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Event Tickets and Registration
Researcher

João Pedro Soares de Alcântara

More Details >

EZ SQL Reports Shortcode Widget and DB Backup <= 5.25.08 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-30787
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
EZ SQL Reports Shortcode Widget and DB Backup
Researcher

Nabil Irawan

More Details >

Google Font Fix <= 2.3.1 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-30614
Patch Status
Unpatched
Published
Mar 27, 2025

Affected Software
Google Font Fix
Researcher

Skalucy

More Details >

Hostel <= 1.1.5 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-30848
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Hostel
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Hostel <= 1.1.5.5 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31102
Patch Status
Patched
Published
Mar 28, 2025

Affected Software
Hostel
Researcher

johska

More Details >

Image Wall <= 3.0 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-30869
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Image Wall
Researcher

0xd4rk5id3

More Details >

jQuery Dropdown Menu <= 3.0 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-30560
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
jQuery Dropdown Menu
Researcher

Nguyen Xuan Chien

More Details >

Kento WordPress Stats <= 1.1 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-30559
Patch Status
Unpatched
Published
Mar 28, 2025

Affected Software
Kento WordPress Stats
Researcher

Abdi Pranata

More Details >

Key4ce osTicket Bridge <= 1.4.0 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-28877
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
Key4ce osTicket Bridge
Researcher

johska

More Details >

LH OGP Meta <= 1.73 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-30587
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
LH OGP Meta
Researcher

Abdi Pranata

More Details >

Lightview Plus <= 3.1.3 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-28890
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
Lightview Plus
Researcher

johska

More Details >

Map Contact <= 3.0.4 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-30588
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
Map Contact
Researcher

Abdi Pranata

More Details >

MediaView <= 1.1.2 – Reflected Cross-Site Scripting via id Parameter

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-2481
Patch Status
Unpatched
Published
Mar 26, 2025

Affected Software
MediaView
Researcher

johska

More Details >

NextGEN Gallery Voting <= 2.7.6 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-28869
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
NextGEN Gallery Voting
Researcher

johska

More Details >

OK Poster Group <= 1.1 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-30544
Patch Status
Unpatched
Published
Mar 27, 2025

Affected Software
OK Poster Group
Researcher

0xd4rk5id3

More Details >

Omnify <= 2.0.3 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-28882
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
Omnify – The Best Scheduling Widgets for WordPress
Researcher

Abdi Pranata

More Details >

OmniLeads Scripts and Tags Manager <= 1.3 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31460
Patch Status
Unpatched
Published
Mar 28, 2025

Affected Software
OmniLeads Scripts and Tags Manager
Researcher

Skalucy

More Details >

Pesapal Gateway for Woocommerce <= 2.1.0 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-30579
Patch Status
Unpatched
Published
Mar 27, 2025

Affected Software
Pesapal Gateway for Woocommerce
Researcher

Nguyen Xuan Chien

More Details >

Primer MyData for Woocommerce < 4.2.4 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-30924
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Primer MyData for Woocommerce
Researcher

João Pedro Soares de Alcântara

More Details >

Pro Rank Tracker <= 1.0.0 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-30583
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
Pro Rank Tracker
Researcher

Abdi Pranata

More Details >

Quick Localization <= 0.1.0 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-30607
Patch Status
Unpatched
Published
Mar 27, 2025

Affected Software
Quick Localization (Quick Localisation)
Researcher

Nguyen Xuan Chien

More Details >

Related Posts via Categories <= 2.1.2 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-30602
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
Related Posts via Categories
Researcher

Nabil Irawan

More Details >

Replace Default Words <= 1.3 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-30612
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
Replace Default Words
Researcher

Skalucy

More Details >

Secret Meta <= 1.2.1 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-25086
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
Secret Meta
Researcher

SOPROBRO

More Details >

SH Email Alert <= 1.0 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-2165
Patch Status
Unpatched
Published
Mar 25, 2025

Affected Software
SH Email Alert
Researcher

johska

More Details >

ShowTime Slideshow <= 1.6 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31444
Patch Status
Unpatched
Published
Mar 28, 2025

Affected Software
ShowTime Slideshow
Researcher

Skalucy

More Details >

Simple Rating <= 1.4 – Cross-Site Request Forgery

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-30572
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
Simple Rating
Researcher

Nabil Irawan

More Details >

SKU Generator for WooCommerce <= 1.6.2 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-30917
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
SKU Generator for WooCommerce
Researcher

Peter Thaleikis

More Details >

Smart Maintenance Mode <= 1.5.2 – Reflected Cross-Site Scripting via setstatus Parameter

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-1490
Patch Status
Unpatched
Published
Mar 25, 2025

Affected Software
Smart Maintenance Mode
Researcher

Krzysztof Zając

More Details >

Store Locator Widget <= 2025r2 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-30919
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Store Locator Widget
Researcher

Abdi

More Details >

tagDiv Composer <= 5.3 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-1705
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
tagDiv Composer
Researcher

Truoc Phan

More Details >

tagDiv Composer <= 5.3 – Reflected Cross-Site Scripting via ‘account_id’ and ‘account_username’

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-2804
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
tagDiv Composer
Researcher

Truoc Phan

More Details >

Teleport <= 1.2.4 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-28855
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
Teleport
Researcher

Abdi Pranata

More Details >

Terms of Use <= 2.0 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31440
Patch Status
Unpatched
Published
Mar 28, 2025

Affected Software
Terms of Use
Researcher

Skalucy

More Details >

The Ultimate WordPress Toolkit – WP Extended <= 3.0.14 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-30796
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
The Ultimate WordPress Toolkit – WP Extended
Researcher

Le Ngoc Anh

More Details >

The Visitor Counter <= 1.4.3 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31449
Patch Status
Unpatched
Published
Mar 28, 2025

Affected Software
The Visitor Counter Plugin
Researcher

Nguyen Xuan Chien

More Details >

Tidekey <= 1.1 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-30563
Patch Status
Unpatched
Published
Mar 27, 2025

Affected Software
Tidekey
Researcher

Nguyen Xuan Chien

More Details >

Translator <= 0.3 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-30621
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
Translator
Researcher

Nguyen Xuan Chien

More Details >

Video Embedder <= 1.7.1 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31458
Patch Status
Unpatched
Published
Mar 28, 2025

Affected Software
Video Embedder
Researcher

Nguyen Xuan Chien

More Details >

WIP WooCarousel Lite <= 1.1.7 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-30769
Patch Status
Patched
Published
Mar 26, 2025

Affected Software
WIP WooCarousel Lite
Researcher

Nguyen Xuan Chien

More Details >

WooCommerce Fattureincloud <= 2.6.7 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-30837
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
WooCommerce Fattureincloud
Researcher

Nguyen Xuan Chien

More Details >

WordPress SQL Backup <= 3.5.2 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-30608
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
WordPress SQL Backup
Researcher

johska

More Details >

WP Cards <= 1.5.1 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-30547
Patch Status
Unpatched
Published
Mar 27, 2025

Affected Software
WP Cards
Researcher

0xd4rk5id3

More Details >

WP Colorful Tag Cloud <= 2.0.1 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-28865
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
WP Colorful Tag Cloud
Researcher

Nguyen Xuan Chien

More Details >

WP Event Ticketing <= 1.3.4 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-28899
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
WP Event Ticketing
Researcher

johska

More Details >

WP Odoo Form Integrator <= 1.1.0 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-30620
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
WP Odoo Form Integrator
Researcher

Nguyen Xuan Chien

More Details >

WP2LEADS <= 3.4.5 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-30827
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
WP2LEADS | WordPress und KlickTipp einfach verbinden – WooCommerce und KlickTipp einfach verbinden
Researcher

johska

More Details >

xili-dictionary <= 2.12.5 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-30840
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
xili-dictionary
Researcher

0xd4rk5id3

More Details >

Yummly Rich Recipes <= 4.2 – Cross-Site Request Forgery

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-30549
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
Yummly Rich Recipes
Researcher

Nabil Irawan

More Details >

Bit Assist <= 1.5.4 – Unauthenticated Path Traversal

5.8

CVSS Rating
Medium (5.8)
CVE-ID
CVE-2025-30834
Patch Status
Patched
Published
Mar 28, 2025

Affected Software
Chat Widget: Customer Support Button with SMS Call Button, Click to Chat Messenger, Live Chat Support Chat Button – Bit Assist
Researcher

Falgun Patel

More Details >

WP Compress <= 6.30.15 – Unauthenticated Server-Side Request Forgery via init Function

5.8

CVSS Rating
Medium (5.8)
CVE-ID
CVE-2025-2109
Patch Status
Patched
Published
Mar 24, 2025

Affected Software
WP Compress – Instant Performance & Speed Optimization
Researcher

mikemyers

More Details >

Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates <= 1.6.8 – Authenticated (Contributor+) Sensitive Information Exposure

5.7

CVSS Rating
Medium (5.7)
CVE-ID
CVE-2025-2228
Patch Status
Patched
Published
Mar 25, 2025

Affected Software
Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates
Researcher

wesley (wcraft)

More Details >

AI Preloader <= 1.0.2 – Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVSS Rating
Medium (5.5)
CVE-ID
CVE-2025-30530
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
AI Preloader
Researcher

Nabil Irawan

More Details >

Frndzk Expandable Bottom Bar <= 1.0 – Authenticated (Administrator+) Stored Cross-Site Scripting via text Parameter

5.5

CVSS Rating
Medium (5.5)
CVE-ID
CVE-2025-2510
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
Frndzk Expandable Bottom Bar
Researcher

johska

More Details >

Login Redirect <= 1.0.5 – Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVSS Rating
Medium (5.5)
CVE-ID
CVE-2025-30575
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
Login Redirect
Researcher

Nabil Irawan

More Details >

Message ticker <= 9.3 – Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVSS Rating
Medium (5.5)
CVE-ID
CVE-2025-30533
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
Message ticker
Researcher

Nabil Irawan

More Details >

Metform <= 3.9.2 – Authenticated (Admin+) Server-Side Request Forgery

5.5

CVSS Rating
Medium (5.5)
CVE-ID
CVE-2025-30914
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor
Researcher

Marek Mikita

More Details >

My Bootstrap Menu <= 1.2.1 – Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVSS Rating
Medium (5.5)
CVE-ID
CVE-2025-30527
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
My Bootstrap Menu
Researcher

Nabil Irawan

More Details >

Page Takeover <= 1.1.6 – Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVSS Rating
Medium (5.5)
CVE-ID
CVE-2025-31470
Patch Status
Unpatched
Published
Mar 28, 2025

Affected Software
Page Takeover
Researcher

Nabil Irawan

More Details >

VaultRE Contact Form 7 <= 1.0 – Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVSS Rating
Medium (5.5)
CVE-ID
CVE-2025-31101
Patch Status
Unpatched
Published
Mar 27, 2025

Affected Software
VaultRE Contact Form 7
Researcher

Psai

More Details >

Weather Layer <= 4.2.1 – Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVSS Rating
Medium (5.5)
CVE-ID
CVE-2025-30532
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
Weather Layer
Researcher

Nabil Irawan

More Details >

WP Parallax Content Slider <= 0.9.8 – Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVSS Rating
Medium (5.5)
CVE-ID
CVE-2025-30599
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
WP Parallax Content Slider
Researcher

Nabil Irawan

More Details >

WP-OGP <= 1.0.5 – Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVSS Rating
Medium (5.5)
CVE-ID
CVE-2025-31437
Patch Status
Unpatched
Published
Mar 28, 2025

Affected Software
WP-OGP
Researcher

Nabil Irawan

More Details >

Event post <= 5.9.9 – Authenticated (Contributor+) Stored Cross-Site Scripting

5.4

CVSS Rating
Medium (5.4)
CVE-ID
CVE-2025-2167
Patch Status
Patched
Published
Mar 25, 2025

Affected Software
Event post
Researcher

Peter Thaleikis

More Details >

Support Genix <= 1.4.11 – Authenticated (Subscriber+) Insecure Direct Object Reference

5.4

CVSS Rating
Medium (5.4)
CVE-ID
CVE-2025-30777
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Support Genix – Helpdesk & Customer Support Ticket System
Researcher

astra.r3verii

More Details >

Ads by WPQuads <= 2.0.87.1 – Missing Authorization

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-30855
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads
Researcher

astra.r3verii

More Details >

Advanced Dewplayer <= 1.6 – Missing Authorization

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-30592
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
Advanced Dewplayer
Researcher

0xd4rk5id3

More Details >

Advanced Google reCAPTCHA <= 1.29 – Authenticated (Subscriber+) Limited SQL Injection via ‘sSearch’ Parameter

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-2074
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Advanced Google reCAPTCHA
Researcher

Muhamad Visat

More Details >

Advanced iFrame <= 2024.5 – Unauthenticated Settings Update

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-1440
Patch Status
Patched
Published
Mar 25, 2025

Affected Software
Advanced iFrame
Researcher

Peter Thaleikis

More Details >

AppExperts <= 1.4.3 – Unauthenticated Sensitive Information Exposure

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-30609
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
APPExperts – Mobile App Builder for WordPress | WooCommerce to iOS and Android Apps
Researcher

Phan Trong Quan

More Details >

Booking for Appointments and Events Calendar – Amelia <= 1.2.19 – Unauthenticated Full Path Disclosure

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-2578
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Booking for Appointments and Events Calendar – Amelia
Researcher

zhuxuan wu

More Details >

Chatbox Manager <= 1.2.2 – Missing Authorization

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-30790
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Chatbox Manager
Researcher

Nabil Irawan

More Details >

Clear Sucuri Cache <= 1.4 – Missing Authorization

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-31469
Patch Status
Unpatched
Published
Mar 28, 2025

Affected Software
Clear Sucuri Cache
Researcher

Nabil Irawan

More Details >

Cool Author Box <= 2.9.9 – Missing Authorization

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-30830
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Cool Author Box – For Widget and Post Content
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

DAP to Autoresponders Email Syncing <= 1.0 – Unauthenticated Information Exposure

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-2840
Patch Status
Unpatched
Published
Mar 28, 2025

Affected Software
DAP to Autoresponders Email Syncing
Researcher

Avraham Shemesh

More Details >

Directorist <= 8.2 – Missing Authorization to Unauthenticated Arbitrary Post Publishing

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-2224
Patch Status
Patched
Published
Mar 24, 2025

Affected Software
Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings
Researcher

mikemyers

More Details >

Easy Digital Downloads – eCommerce Payments and Subscriptions made easy <= 3.3.6.1 – Unauthenticated Private Post Title Disclosure

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-2252
Patch Status
Patched
Published
Mar 24, 2025

Affected Software
Easy Digital Downloads – eCommerce Payments and Subscriptions made easy
Researcher

Françoa Taffarel

More Details >

Greek Multi Tool – Fix peralinks, accents, auto create menus and more <= 2.3.1 – Missing Authorization

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-30797
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Greek Multi Tool – Ultimate Greek Language Toolkit for WordPress
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

JS Help Desk <= 2.9.2 – Missing Authorization

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-30880
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
JS Help Desk – The Ultimate Help Desk & Support Plugin
Researcher

LVT-tholv2k

More Details >

LearnPress <= 4.2.7.5 – Missing Authorization

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-22739
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
LearnPress – WordPress LMS Plugin
Researcher

David Ojeda Guijarro

More Details >

Live Forms <= 4.8.4 – Missing Authorization to Authenticated (Subscriber+) Settings Update

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-30809
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Contact Form, Drag and Drop Form Builder Plugin – Live Forms
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Music Press Pro <= 1.4.6 – Missing Authorization

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-30591
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
Music Press Pro
Researcher

0xd4rk5id3

More Details >

Sensei LMS <= 4.24.4 – Missing Authorization

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-22740
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Sensei LMS – Online Courses, Quizzes, & Learning
Researcher

David Ojeda Guijarro

More Details >

SNORDIAN’s H5PxAPIkatchu <= 0.4.14 – Missing Authorization

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-30821
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
SNORDIAN’s H5PxAPIkatchu
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Taxi Booking Manager for WooCommerce <= 1.2.1 – Missing Authorization

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-30839
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Taxi Booking Manager for WooCommerce – WordPress plugin | Ecab
Researcher

LVT-tholv2k

More Details >

Terms & Conditions Per Product <= 1.2.15 – Missing Authorization

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-30866
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Terms & Conditions Per Product
Researcher

Skalucy

More Details >

Timetics <= 1.0.29 – Missing Authorization

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-30828
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Appointment Booking and Scheduling Calendar Plugin – WP Timetics
Researcher

Phat RiO – BlueRock

More Details >

Top Bar <= 3.3 – Missing Authorization

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-30581
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
Top Bar
Researcher

0xd4rk5id3

More Details >

Traveler <= 3.1.8 – Missing Authorization

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-26733
Patch Status
Unpatched
Published
Mar 27, 2025

Affected Software
Travel Booking WordPress Theme
Researcher

Rafie Muhammad

More Details >

WpEvently <= 4.2.9 – Missing Authorization

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-30887
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin
Researcher

LVT-tholv2k

More Details >

bizcalendar-web <= 1.1.0.34 – Authenticated (Administrator+) SQL Injection

4.9

CVSS Rating
Medium (4.9)
CVE-ID
CVE-2025-30843
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
BizCalendar Web
Researcher

Phan Trong Quan

More Details >

Cart tracking for WooCommerce <= 1.0.16 – Authenticated (Administrator+) SQL Injection

4.9

CVSS Rating
Medium (4.9)
CVE-ID
CVE-2025-30791
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Cart tracking for WooCommerce
Researcher

kuteminh11

More Details >

FlexStock <= 3.13.1 – Authenticated (Administrator+) SQL Injection

4.9

CVSS Rating
Medium (4.9)
CVE-ID
CVE-2025-30765
Patch Status
Patched
Published
Mar 26, 2025

Affected Software
Stock Sync for WooCommerce with Google Sheets | WooCommerce Bulk Edit, Stock Management, Inventory Management System & more – FlexStock
Researcher

astra.r3verii

More Details >

JiangQie Official Website Mini Program <= 1.8.2 – Authenticated (Administrator+) SQL Injection

4.9

CVSS Rating
Medium (4.9)
CVE-ID
CVE-2025-30604
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
ZhuiGe Official Website Mini Program
Researcher

kuteminh11

More Details >

MC Woocommerce Wishlist <= 1.8.9 – Authenticated (Administrator+) SQL Injection

4.9

CVSS Rating
Medium (4.9)
CVE-ID
CVE-2025-30879
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features)
Researcher

Phan Trong Quan

More Details >

Newsletters <= 4.9.9.7 – Authenticated (Administrator+) SQL Injection

4.9

CVSS Rating
Medium (4.9)
CVE-ID
CVE-2025-30921
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Newsletters
Researcher

Webula

More Details >

Product Import Export for WooCommerce <= 2.5.0 – Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Read via download_file Function

4.9

CVSS Rating
Medium (4.9)
CVE-ID
CVE-2025-1769
Patch Status
Patched
Published
Mar 25, 2025

Affected Software
Product Import Export for WooCommerce – Import Export Product CSV Suite
Researcher

HayMiz

More Details >

Slider by BestWebSoft <= 1.1.0 – Authenticated (Administrator+) SQL Injection

4.9

CVSS Rating
Medium (4.9)
CVE-ID
CVE-2025-31099
Patch Status
Patched
Published
Mar 28, 2025

Affected Software
Slider by BestWebSoft
Researcher

domiee13

More Details >

STEdb Forms <= 1.0.4 – Authenticated (Administrator+) SQL Injection

4.9

CVSS Rating
Medium (4.9)
CVE-ID
CVE-2025-30571
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
STEdb Forms
Researcher

kuteminh11

More Details >

Super Simple Subscriptions <= 1.1.0 – Authenticated (Administrator+) SQL Injection

4.9

CVSS Rating
Medium (4.9)
CVE-ID
CVE-2025-30523
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
Super Simple Subscriptions
Researcher

Phan Trong Quan

More Details >

WP Profitshare <= 1.4.9 – Authenticated (Editor+) SQL Injection

4.9

CVSS Rating
Medium (4.9)
CVE-ID
CVE-2025-30525
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
WP Profitshare
Researcher

Nguyen Xuan Chien

More Details >

دکمه، شبکه اجتماعی خرید <= 2.0.6 – Authenticated (Administrator+) SQL Injection

4.9

CVSS Rating
Medium (4.9)
CVE-ID
CVE-2025-30570
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
دکمه، شبکه اجتماعی خرید
Researcher

kuteminh11

More Details >

AvaiBook <= 1.2 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-30540
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
AvaiBook vacation rental booking engine
Researcher

Nabil Irawan

More Details >

Beautiful Link Preview <= 1.5.0 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-30536
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
Beautiful Link Preview
Researcher

Nabil Irawan

More Details >

BMo Expo <= 1.0.15 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-30539
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
BMo Expo – a WordPress and NextGEN Gallery plugin
Researcher

Nabil Irawan

More Details >

Chartify <= 3.1.7 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-30904
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Chartify – WordPress Chart Plugin
Researcher

astra.r3verii

More Details >

Clearout Email Validator <= 3.2.0 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-30789
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Clearout Email Validator – Real-Time Email Verification on WordPress Forms
Researcher

Nabil Irawan

More Details >

Comment Approved Notifier Extended <= 5.2 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-30792
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Comment Approved Notifier Extended
Researcher

Nabil Irawan

More Details >

Duplicate Page and Post <= 1.0 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-31471
Patch Status
Unpatched
Published
Mar 28, 2025

Affected Software
Duplicate Page and Post
Researcher

Nabil Irawan

More Details >

Easy Page Transition <= 1.0.1 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-30606
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
Easy Page Transition
Researcher

Nabil Irawan

More Details >

Flatty <= 2.0.0 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-31472
Patch Status
Unpatched
Published
Mar 28, 2025

Affected Software
Flatty – Flat Admin Theme
Researcher

Nabil Irawan

More Details >

issuuPress <= 1.3.2 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-30545
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
issuupress
Researcher

Nabil Irawan

More Details >

Job Colors for WP Job Manager <= 1.0.4 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-31031
Patch Status
Unpatched
Published
Mar 27, 2025

Affected Software
Job Colors for WP Job Manager
Researcher

Psai

More Details >

Mobile Navigation <= 1.5 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-30574
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
Mobile Navigation
Researcher

Nabil Irawan

More Details >

My Default Post Content <= 0.7.3 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-30573
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
My Default Post Content
Researcher

Nabil Irawan

More Details >

Novelist <= 1.2.3 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-30847
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Novelist
Researcher

timomangcut

More Details >

Text Selection Color <= 1.6 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-31464
Patch Status
Unpatched
Published
Mar 28, 2025

Affected Software
Text Selection Color
Researcher

Nabil Irawan

More Details >

TGG WP Optimizer <= 1.22 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-31463
Patch Status
Unpatched
Published
Mar 28, 2025

Affected Software
TGG – WP Optimizer
Researcher

Nabil Irawan

More Details >

Upload Quota per User <= 1.3 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-30537
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
Upload Quota per User
Researcher

Nabil Irawan

More Details >

User Registration <= 4.0.3 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-30899
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
User Registration & Membership – Custom Registration Form, Login Form, and User Profile
Researcher

Ayato Shitomi

More Details >

wA11y – The Web Accessibility Toolbox <= 1.0.3 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-30623
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
wA11y – The Web Accessibility Toolbox
Researcher

Nabil Irawan

More Details >

WP Database Optimizer <= 1.2.1.3 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-31473
Patch Status
Unpatched
Published
Mar 28, 2025

Affected Software
WP Database Optimizer
Researcher

Nabil Irawan

More Details >

WP Google Street View <= 1.1.5 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-30799
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
WP Google Street View (with 360° virtual tour) & Google maps + Local SEO
Researcher

Nabil Irawan

More Details >

WP Hotjar <= 0.0.3 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-30600
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
WP Hotjar
Researcher

Nabil Irawan

More Details >

WP Weixin <= 1.3.16 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-30875
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
wp-weixin
Researcher

Nabil Irawan

More Details >

3DPrint Lite <= 2.1.3.5 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30865
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
3DPrint Lite
Researcher

Skalucy

More Details >

Analytify <= 5.5.1 – Missing Authorization to Authenticated (Subscriber+) Minor Settings Update

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30897
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy)
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Anthologize <= 0.8.2 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30823
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Anthologize
Researcher

Nguyen Xuan Chien

More Details >

Auto Load Next Post <= 1.5.14 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30529
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
WordPress Infinite Scroll by Auto Load Next Post
Researcher

Nabil Irawan

More Details >

Awesome Logos <= 1.2 – Cross-Site Request Forgery to SQL Injection

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30528
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
Awesome Logos
Researcher

Nguyen Xuan Chien

More Details >

Big Store <= 2.0.8 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30881
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Big Store
Researcher

Peter Thaleikis

More Details >

Browser Caching with .htaccess 1.2.1 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31439
Patch Status
Unpatched
Published
Mar 28, 2025

Affected Software
Browser Caching with .htaccess
Researcher

Nguyen Xuan Chien

More Details >

Cackle <= 4.33 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30546
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
Cackle
Researcher

Nabil Irawan

More Details >

Christmas Panda <= 1.0.4 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30842
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Christmas Panda
Researcher

Nabil Irawan

More Details >

Conversios.io <= 7.2.3 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30909
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Conversios: Google Analytics GA4, Google Ads, GTM & Multiple Pixel Tracking
Researcher

Ananda Dhakal

More Details >

Currency Switcher for WooCommerce <= 0.0.7 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30857
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Currency Switcher for WooCommerce
Researcher

Nguyen Xuan Chien

More Details >

Custom Fields Account Registration For Woocommerce <= 1.1 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30888
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Custom Fields Account Registration For Woocommerce
Researcher

Nguyen Xuan Chien

More Details >

Custom Login Logo <= 1.1.7 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30822
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Custom Login Logo
Researcher

Nguyen Xuan Chien

More Details >

Custom Script Integration <= 2.1 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30564
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
Custom Script Integration
Researcher

Skalucy

More Details >

Easy 301 Redirects <= 1.33 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30557
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
Easy 301 Redirects
Researcher

Nguyen Xuan Chien

More Details >

Estatebud – Properties & Listings <= 5.5.0 – Cross-Site Request Forgery to Settings Update

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-13710
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
Estatebud – Properties & Listings
Researcher

Dhabaleshwar Das

More Details >

Exchange Rates <= 1.2.2 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30864
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Exchange Rates
Researcher

Nguyen Xuan Chien

More Details >

External image replace <= 1.0.8 – Cross-Site Request Forgery to Settings Update

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30535
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
External image replace
Researcher

Nabil Irawan

More Details >

EZ SQL Reports Shortcode Widget and DB Backup <= 5.25.08 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30788
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
EZ SQL Reports Shortcode Widget and DB Backup
Researcher

Nabil Irawan

More Details >

Five Star Restaurant Reservations <= 2.6.29 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30861
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Five Star Restaurant Reservations – WordPress Booking Plugin
Researcher

Revan Arifio

More Details >

Fix Rss Feeds <= 3.1 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30556
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
Fix Rss Feeds
Researcher

Nguyen Xuan Chien

More Details >

Flexible Cookies <= 1.1.8 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30805
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Flexible Cookies
Researcher

Skalucy

More Details >

Flipdish Ordering System <= 1.5.2 – Cross-Site Request Forgery to Settings Update

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30601
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
Flipdish Ordering System
Researcher

Nabil Irawan

More Details >

Float menu <= 6.1.2 – Cross-Site Request Forgery to Settings Update

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30912
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Float menu – awesome floating side menu
Researcher

Khang Duong

More Details >

Generate Post Thumbnails <= 0.8 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30585
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
Generate Post Thumbnails
Researcher

Nabil Irawan

More Details >

Gift Message for WooCommerce <= 1.7.8 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30923
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Gift Message for WooCommerce
Researcher

Kévin Mosbahi (Mika)

More Details >

GP Back To Top <= 3.0 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30521
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
GP Back To Top
Researcher

Skalucy

More Details >

Hacklog Remote Image Autosave <= 2.1.0 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30576
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
Hacklog Remote Image Autosave
Researcher

Nabil Irawan

More Details >

Hesabfa Accounting <= 2.1.8 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30815
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Hesabfa Accounting
Researcher

Nabil Irawan

More Details >

Image Captcha <= 1.2 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30534
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
Image Captcha
Researcher

Nabil Irawan

More Details >

Info Boxes Shortcode and Widget <= 1.15 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30541
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
Info Boxes Shortcode and Widget
Researcher

Nabil Irawan

More Details >

Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.0.9 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30863
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms
Researcher

Nguyen Xuan Chien

More Details >

Just Writing Statistics <= 5.3 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30803
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Just Writing Statistics
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

King Addons for Elementor <= 24.12.58 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30926
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
King Addons for Elementor – Free Elements, Widgets, Templates, and Features for Elementor
Researcher

João Pedro Soares de Alcântara

More Details >

KK I Like It <= 1.7.5.3 – Cross-Site Request Forgery to Stored Cross-Site Scripting

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31443
Patch Status
Unpatched
Published
Mar 28, 2025

Affected Software
KK I Like It
Researcher

johska

More Details >

Login Alert <= 0.2.1 – Cross-Site Request Forgery to Stored Cross-Site Scripting

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31459
Patch Status
Unpatched
Published
Mar 28, 2025

Affected Software
Login Alert
Researcher

Skalucy

More Details >

LWS SMS <= 2.4.1 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31457
Patch Status
Unpatched
Published
Mar 28, 2025

Affected Software
LWS SMS
Researcher

Nguyen Xuan Chien

More Details >

Menu Duplicator <= 1.0 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30543
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
Menu Duplicator
Researcher

Nabil Irawan

More Details >

Microblog Poster <= 2.1.6 – Cross-Site Request Forgery to Stored Cross-Site Scripting

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31435
Patch Status
Unpatched
Published
Mar 28, 2025

Affected Software
Microblog Poster – Auto Publish on Social Media
Researcher

Nguyen Xuan Chien

More Details >

NertWorks All in One Social Share Tools <= 1.26 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31447
Patch Status
Unpatched
Published
Mar 28, 2025

Affected Software
NertWorks All in One Social Share Tools
Researcher

johska

More Details >

OSS Upload <= 4.8.9 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30598
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
OSS Upload
Researcher

Nabil Irawan

More Details >

Our Team Members <= 2.2 – Missing Authorization to Authenticated (Subscriber+) Information Disclosure

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30802
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Our Team Members – Team Members WordPress Plugin
Researcher

Nguyễn Trung Kiên

More Details >

Product Author for WooCommerce <= 1.0.7 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30872
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Product Author for WooCommerce
Researcher

Nguyen Xuan Chien

More Details >

publish post email notification <= 1.0.2.3 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30816
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
wordpress publish post email notification
Researcher

Nguyen Xuan Chien

More Details >

Quiz Cat <= 3.0.8 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30877
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Quiz Cat – WordPress Quiz Plugin
Researcher

Peter Thaleikis

More Details >

reCAPTCHA for all <= 2.22 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30862
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Cloudflare Turnstile or reCAPTCHA For any Pages, to Block Spam and Hackers Attack.
Researcher

Skalucy

More Details >

Rewrite <= 0.2.1 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30617
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
Rewrite
Researcher

Nguyen Xuan Chien

More Details >

Serial Codes Generator and Validator with WooCommerce Support <= 2.7.7 – Cross-Site Request Forgery via [placeholder]

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30854
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Serial Codes Generator and Validator with WooCommerce Support
Researcher

Nguyen Xuan Chien

More Details >

Shipmondo – A complete shipping solution for WooCommerce <= 5.0.3 – Missing Authorization to Authenticated (Customer+) Information Disclosure

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-27001
Patch Status
Patched
Published
Mar 28, 2025

Affected Software
Shipmondo – A complete shipping solution for WooCommerce
Researcher

Psai

More Details >

Simple Optimizer <= 1.2.7 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30538
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
Simple Optimizer
Researcher

Nabil Irawan

More Details >

Simple Trackback Disabler <= 1.4 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31448
Patch Status
Unpatched
Published
Mar 28, 2025

Affected Software
Simple Trackback Disabler
Researcher

Nguyen Xuan Chien

More Details >

SimplyRETS Real Estate IDX <= 3.0.3 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31010
Patch Status
Unpatched
Published
Mar 27, 2025

Affected Software
SimplyRETS Real Estate IDX
Researcher

Psai

More Details >

SoundCloud Ultimate <= 1.5 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30542
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
SoundCloud Ultimate Plugin
Researcher

Nabil Irawan

More Details >

sourceplay-navermap <= 0.0.2 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30605
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
sourceplay-navermap
Researcher

Nabil Irawan

More Details >

SpeakPipe <= 0.2 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30619
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
SpeakPipe – Voicemail for Websites
Researcher

Nguyen Xuan Chien

More Details >

Specific Content For Mobile <= 0.5.3 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30874
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Specific Content For Mobile – Customize the mobile version without redirections
Researcher

Peter Thaleikis

More Details >

Super Static Cache <= 3.3.5 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30568
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
Super Static Cache
Researcher

Skalucy

More Details >

teachPress <= 9.0.9 – Cross-Site Request Forgery to Import Delete

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-1320
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
teachPress
Researcher

Krzysztof Zając

More Details >

Textmetrics <= 3.6.1 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30824
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Textmetrics
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Tickera <= 3.5.5.2 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30851
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Tickera – WordPress Event Ticketing
Researcher

Peter Thaleikis

More Details >

Traveler <= 3.1.8 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-26956
Patch Status
Unpatched
Published
Mar 27, 2025

Affected Software
Travel Booking WordPress Theme
Researcher

Rafie Muhammad

More Details >

Trust.Reviews <= 2.3 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30883
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Social Reviews & Recommendations
Researcher

Peter Thaleikis

More Details >

TWB Woocommerce Reviews <= 1.7.7 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30801
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
TWB Woocommerce Reviews
Researcher

Nguyen Xuan Chien

More Details >

Typekit plugin for WordPress <= 1.2.3 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30526
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
Typekit plugin for WordPress
Researcher

Nabil Irawan

More Details >

Ultimate Dashboard <= 3.8.7 – Missing Authorization to Authenticated (Subscriber+) Plugin Modules Activation/Deactivation

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-2276
Patch Status
Patched
Published
Mar 25, 2025

Affected Software
Ultimate Dashboard – Custom WordPress Dashboard
Researcher

mikemyers

More Details >

Ultimate Security Checker <= 4.2 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31456
Patch Status
Unpatched
Published
Mar 28, 2025

Affected Software
Ultimate Security Checker
Researcher

Nguyen Xuan Chien

More Details >

Usermaven <= 1.2.1 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31079
Patch Status
Patched
Published
Mar 28, 2025

Affected Software
Usermaven
Researcher

Skalucy

More Details >

ValidateCertify <= 1.6.1 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30811
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
ValidateCertify Free
Researcher

Skalucy

More Details >

Verge3D <= 4.8.2 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30833
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Verge3D Publishing and E-Commerce
Researcher

Nguyen Xuan Chien

More Details >

WordPres 同步微博 <= 1.1.0 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30555
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
WordPres 同步微博
Researcher

Abdi Pranata

More Details >

WordPress Admin Bar Improved <= 3.3.5 – Cross-Site Request Forgery to Stored Cross-Site Scripting

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30552
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
WordPress Admin Bar Improved
Researcher

johska

More Details >

WP Database Optimizer <= 1.2.1.3 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31474
Patch Status
Unpatched
Published
Mar 28, 2025

Affected Software
WP Database Optimizer
Researcher

Nabil Irawan

More Details >

WP ERP <= 1.13.4 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30896
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting
Researcher

theviper17y

More Details >

WP Fast Total Search <= 1.79.262 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30894
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
WP Fast Total Search – The Power of Indexed Search
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

WP Google Review Slider <= 16.0 – Cross-Site Request Forgery to SQL Injection

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30783
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
WP Google Review Slider
Researcher

astra.r3verii

More Details >

WP Ride Booking <= 2.4 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30531
Patch Status
Unpatched
Published
Mar 24, 2025

Affected Software
WP Ride Booking – Best Taxi Booking Solution for WordPress
Researcher

Nabil Irawan

More Details >

WP Supersized <= 3.1.6 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31438
Patch Status
Unpatched
Published
Mar 28, 2025

Affected Software
WP Supersized
Researcher

Nguyen Xuan Chien

More Details >

wpShopGermany IT-RECHT KANZLEI <= 2.0 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30804
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
wpShopGermany IT-RECHT KANZLEI
Researcher

Skalucy

More Details >

Z Companion <= 1.0.13 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30817
Patch Status
Patched
Published
Mar 27, 2025

Affected Software
Z Companion
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Product Import Export for WooCommerce <= 2.5.0 – Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Deletion via admin_log_page Function

2.7

CVSS Rating
Low (2.7)
CVE-ID
CVE-2025-1911
Patch Status
Patched
Published
Mar 25, 2025

Affected Software
Product Import Export for WooCommerce – Import Export Product CSV Suite
Researcher

HayMiz

More Details >

As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.

This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

The post Wordfence Intelligence Weekly WordPress Vulnerability Report (March 24, 2025 to March 30, 2025) appeared first on Wordfence.

Adicionar aos favoritos o Link permanente.