6.4 CVE-2025-12650
The Simple post listing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class_name'...

4.3 CVE-2025-12783
The Premmerce Brands for WooCommerce plugin for WordPress is vulnerable to unauthorized modification...

8.8 CVE-2025-12824
The Player Leaderboard plugin for WordPress is vulnerable to Local File Inclusion in all versions up...

6.4 CVE-2025-12830
The Better Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the...

6.1 CVE-2025-12834
The Accept Stripe Payments Using Contact Form 7 plugin for WordPress is vulnerable to Reflected Cross-Site...

5.3 CVE-2025-12883
The Campay Woocommerce Payment Gateway plugin for WordPress is vulnerable to Unauthenticated Payment...

9.8 CVE-2025-12963
The LazyTasks – Project & Task Management with Collaboration, Kanban and Gantt Chart plugin...

8.8 CVE-2025-12968
The Infility Global plugin for WordPress is vulnerable to arbitrary file uploads due to missing file...

5.3 CVE-2025-13314
The Product Filtering by Categories, Tags, Price Range for WooCommerce – Filter Plus plugin for...

6.8 CVE-2025-13320
The WP User Manager plugin for WordPress is vulnerable to Arbitrary File Deletion in all versions up...

8.1 CVE-2025-13334
The Blaze Demo Importer plugin for WordPress is vulnerable to unauthorized database resets and file...

4.3 CVE-2025-13363
The IMAQ Core plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to,...

4.3 CVE-2025-13366
The Rabbit Hole plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up...

4.3 CVE-2025-13408
The Foxtool All-in-One: Contact chat button, Custom login, Media optimize images plugin for WordPress...

5.3 CVE-2025-13440
The Premmerce Wishlist for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in...

6.4 CVE-2025-13747
The NewStatPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a regex bypass...

6.4 CVE-2025-13840
The BUKAZU Search widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'shortcode'...

6.4 CVE-2025-13843
The VigLink SpotLight By ShortCode plugin for WordPress is vulnerable to Stored Cross-Site Scripting...

6.4 CVE-2025-13846
The Easy Map Creator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width'...

6.4 CVE-2025-13850
The LS Google Map Router plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'map_type'...

6.4 CVE-2025-13866
The Flow-Flow Social Feed Stream plugin for WordPress is vulnerable to unauthorized modification of...