CVE-2025-31910 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in reputeinfosystems BookingPress allows SQL Injection. This issue affects BookingPress: from n/a through 1.1.28. | high |
CVE-2025-31908 | Cross-Site Request Forgery (CSRF) vulnerability in Sami Ahmed Siddiqui JSON Structuring Markup allows Stored XSS. This issue affects JSON Structuring Markup: from n/a through 0.1. | high |
CVE-2025-31906 | Cross-Site Request Forgery (CSRF) vulnerability in ProfitShare.ro WP Profitshare allows Stored XSS. This issue affects WP Profitshare: from n/a through 1.4.9. | high |
CVE-2025-31904 | Cross-Site Request Forgery (CSRF) vulnerability in Infoway LLC Ebook Downloader allows Cross Site Request Forgery. This issue affects Ebook Downloader: from n/a through 1.0. | high |
CVE-2025-31897 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arrow Plugins Arrow Custom Feed for Twitter allows Stored XSS. This issue affects Arrow Custom Feed for Twitter: from n/a through 1.5.3. | medium |
CVE-2025-31895 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in paulrosen ABC Notation allows Stored XSS. This issue affects ABC Notation: from n/a through 6.1.3. | medium |
CVE-2025-31894 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Infoway LLC Ebook Downloader allows Stored XSS. This issue affects Ebook Downloader: from n/a through 1.0. | medium |
CVE-2025-31892 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum WP Crowdfunding allows Stored XSS. This issue affects WP Crowdfunding: from n/a through 2.1.13. | medium |
CVE-2025-31891 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gosign Gosign – Posts Slider Block allows Stored XSS. This issue affects Gosign – Posts Slider Block: from n/a through 1.1.0. | medium |
CVE-2025-31890 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mashi Simple Map No Api allows Stored XSS. This issue affects Simple Map No Api: from n/a through 1.9. | medium |
CVE-2025-31888 | Cross-Site Request Forgery (CSRF) vulnerability in WPExperts.io WP Multistore Locator allows Cross Site Request Forgery. This issue affects WP Multistore Locator: from n/a through 2.5.2. | medium |
CVE-2025-31887 | Missing Authorization vulnerability in zookatron MyBookProgress by Stormhill Media allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MyBookProgress by Stormhill Media: from n/a through 1.0.8. | medium |
CVE-2025-31886 | Missing Authorization vulnerability in Repuso Social proof testimonials and reviews by Repuso allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Social proof testimonials and reviews by Repuso: from n/a through 5.21. | medium |
CVE-2025-31885 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Daniel Floeter Hyperlink Group Block allows DOM-Based XSS. This issue affects Hyperlink Group Block: from n/a through 2.0.1. | medium |
CVE-2025-31884 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP CMS Ninja Norse Rune Oracle Plugin allows Stored XSS. This issue affects Norse Rune Oracle Plugin: from n/a through 1.4.3. | medium |
CVE-2025-31883 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPWebinarSystem WebinarPress allows Stored XSS. This issue affects WebinarPress: from n/a through 1.33.27. | medium |
CVE-2025-31882 | Missing Authorization vulnerability in WPWebinarSystem WebinarPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WebinarPress: from n/a through 1.33.27. | medium |
CVE-2025-31881 | Missing Authorization vulnerability in Stylemix Pearl allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Pearl: from n/a through 1.3.9. | medium |
CVE-2025-31879 | Missing Authorization vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Generator for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Barcode Generator for WooCommerce: from n/a through 2.0.4. | medium |
CVE-2025-31878 | Missing Authorization vulnerability in Dmitry V. (CEO of "UKR Solution") UPC/EAN/GTIN Code Generator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects UPC/EAN/GTIN Code Generator: from n/a through 2.0.2. | medium |
CVE-2025-31877 | Missing Authorization vulnerability in Magnigenie RestroPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects RestroPress: from n/a through 3.1.8.4. | medium |
CVE-2025-31875 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluginic FancyPost allows DOM-Based XSS. This issue affects FancyPost: from n/a through 6.0.1. | medium |
CVE-2025-31874 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ajay WebberZone Snippetz allows Stored XSS. This issue affects WebberZone Snippetz: from n/a through 2.1.0. | medium |
CVE-2025-31873 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sheetdb SheetDB allows Stored XSS. This issue affects SheetDB: from n/a through 1.3.3. | medium |
CVE-2025-31872 | Missing Authorization vulnerability in Galaxy Weblinks WP Clone any post type allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Clone any post type: from n/a through 3.4. | medium |
CVE-2025-31871 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Galaxy Weblinks WP Clone any post type allows Phishing. This issue affects WP Clone any post type: from n/a through 3.4. | medium |
CVE-2025-31870 | Missing Authorization vulnerability in EXEIdeas International WP AutoKeyword allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP AutoKeyword: from n/a through 1.0. | medium |
CVE-2025-31869 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Modernaweb Studio Black Widgets For Elementor allows Stored XSS. This issue affects Black Widgets For Elementor: from n/a through 1.3.9. | medium |
CVE-2025-31868 | Missing Authorization vulnerability in JoomSky JS Job Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JS Job Manager: from n/a through 2.0.2. | medium |
CVE-2025-31867 | Authorization Bypass Through User-Controlled Key vulnerability in JoomSky JS Job Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JS Job Manager: from n/a through 2.0.2. | medium |
CVE-2025-31866 | Missing Authorization vulnerability in Ship Depot ShipDepot for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ShipDepot for WooCommerce: from n/a through 1.2.19. | medium |
CVE-2025-31865 | Missing Authorization vulnerability in CartBoss SMS Abandoned Cart Recovery ✦ CartBoss allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SMS Abandoned Cart Recovery ✦ CartBoss: from n/a through 4.1.2. | medium |
CVE-2025-31864 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Out the Box Beam me up Scotty – Back to Top Button allows Stored XSS. This issue affects Beam me up Scotty – Back to Top Button: from n/a through 1.0.23. | medium |
CVE-2025-31863 | Missing Authorization vulnerability in inspry Agency Toolkit allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Agency Toolkit: from n/a through 1.0.23. | medium |
CVE-2025-31862 | Missing Authorization vulnerability in PickPlugins Job Board Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Job Board Manager: from n/a through 2.1.60. | medium |
CVE-2025-31861 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPOrbit Support Perfect Font Awesome Integration allows Stored XSS. This issue affects Perfect Font Awesome Integration: from n/a through 2.2. | medium |
CVE-2025-31860 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPeka WP AdCenter allows Stored XSS. This issue affects WP AdCenter: from n/a through 2.5.9. | medium |
CVE-2025-31859 | Cross-Site Request Forgery (CSRF) vulnerability in Feedbucket Feedbucket – Website Feedback Tool allows Cross Site Request Forgery. This issue affects Feedbucket – Website Feedback Tool: from n/a through 1.0.6. | medium |
CVE-2025-31857 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpWax Directorist AddonsKit for Elementor allows Stored XSS. This issue affects Directorist AddonsKit for Elementor: from n/a through 1.1.6. | medium |
CVE-2025-31856 | Missing Authorization vulnerability in brainvireinfo Export All Post Meta allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Export All Post Meta: from n/a through 1.2.1. | medium |
CVE-2025-31855 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in softnwords SMM API allows Stored XSS. This issue affects SMM API: from n/a through 6.0.27. | medium |
CVE-2025-31854 | Missing Authorization vulnerability in Sharaz Shahid Simple Sticky Add To Cart For WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Simple Sticky Add To Cart For WooCommerce: from n/a through 1.4.5. | medium |
CVE-2025-31853 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Erez Hadas-Sonnenschein Smartarget Popup allows Stored XSS. This issue affects Smartarget Popup: from n/a through 1.4. | medium |
CVE-2025-31852 | Cross-Site Request Forgery (CSRF) vulnerability in N-Media Bulk Product Sync allows Cross Site Request Forgery. This issue affects Bulk Product Sync: from n/a through 8.6. | medium |
CVE-2025-31851 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in markkinchin Beds24 Online Booking allows Stored XSS. This issue affects Beds24 Online Booking: from n/a through 2.0.26. | medium |
CVE-2025-31850 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RedefiningTheWeb PDF Generator Addon for Elementor Page Builder allows Stored XSS. This issue affects PDF Generator Addon for Elementor Page Builder: from n/a through 1.7.5. | medium |
CVE-2025-31849 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fbtemplates Nemesis All-in-One allows Stored XSS. This issue affects Nemesis All-in-One: from n/a through 1.1.0. | medium |
CVE-2025-31848 | Missing Authorization vulnerability in WPFactory WordPress Adverts Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordPress Adverts Plugin: from n/a through 1.4. | medium |
CVE-2025-31847 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themelooks mFolio Lite allows DOM-Based XSS. This issue affects mFolio Lite: from n/a through 1.2.2. | medium |
CVE-2025-31846 | Missing Authorization vulnerability in Jeroen Schmit Theater for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Theater for WordPress: from n/a through 0.18.7. | medium |