{"id":1409,"date":"2025-04-24T09:32:47","date_gmt":"2025-04-24T09:32:47","guid":{"rendered":"http:\/\/localhost\/?p=1409"},"modified":"2025-04-24T09:32:47","modified_gmt":"2025-04-24T09:32:47","slug":"wordfence-intelligence-weekly-wordpress-vulnerability-report-april-14-2025-to-april-20-2025","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=1409","title":{"rendered":"Wordfence Intelligence Weekly WordPress Vulnerability Report (April 14, 2025 to April 20, 2025)"},"content":{"rendered":"
\n

Vulnerability Details<\/h2>\n
\n

Basic Information<\/h3>\n\n\n\n\n\n\n
Title<\/th>\nWordfence Intelligence Weekly WordPress Vulnerability Report (April 14, 2025 to April 20, 2025)<\/td>\n<\/tr>\n
Type<\/th>\nwordfence<\/td>\n<\/tr>\n
Published<\/th>\n2025-04-24T13:46:39<\/td>\n<\/tr>\n
Last Seen<\/th>\n2025-04-24T13:53:27<\/td>\n<\/tr>\n
CVSS Score<\/th>\n10.0 (CRITICAL)<\/td>\n<\/tr>\n<\/table><\/div>\n
\n

CVSS v3 Details<\/h3>\n\n\n\n\n\n\n\n\n\n
Attack Vector<\/th>\nNETWORK<\/td>\n<\/tr>\n
Attack Complexity<\/th>\nLOW<\/td>\n<\/tr>\n
Privileges Required<\/th>\nNONE<\/td>\n<\/tr>\n
User Interaction<\/th>\nNONE<\/td>\n<\/tr>\n
Scope<\/th>\nCHANGED<\/td>\n<\/tr>\n
Confidentiality Impact<\/th>\nHIGH<\/td>\n<\/tr>\n
Integrity Impact<\/th>\nHIGH<\/td>\n<\/tr>\n
Availability Impact<\/th>\nHIGH<\/td>\n<\/tr>\n<\/table><\/div>\n
\n

CVE Information<\/h3>\n\n\n\n\n
CVE IDs<\/th>\nCVE-2024-13452, CVE-2024-13650, CVE-2025-1093, CVE-2025-1457, CVE-2025-2010, CVE-2025-2083, CVE-2025-2111, CVE-2025-2225, CVE-2025-22774, CVE-2025-2314, CVE-2025-23958, CVE-2025-2613, CVE-2025-26730, CVE-2025-26735, CVE-2025-26872, CVE-2025-26889, CVE-2025-26892, CVE-2025-26942, CVE-2025-26944, CVE-2025-26953, CVE-2025-26954, CVE-2025-26958, CVE-2025-26968, CVE-2025-26992, CVE-2025-26996, CVE-2025-27008, CVE-2025-27009, CVE-2025-27010, CVE-2025-3056, CVE-2025-3077, CVE-2025-30960, CVE-2025-3103, CVE-2025-3104, CVE-2025-3106, CVE-2025-3247, CVE-2025-32486, CVE-2025-32507, CVE-2025-32508, CVE-2025-32513, CVE-2025-32527, CVE-2025-32540, CVE-2025-32545, CVE-2025-32546, CVE-2025-32561, CVE-2025-32571, CVE-2025-32572, CVE-2025-32573, CVE-2025-32583, CVE-2025-32592, CVE-2025-32596, CVE-2025-32602, CVE-2025-32605, CVE-2025-32608, CVE-2025-32609, CVE-2025-32622, CVE-2025-32626, CVE-2025-32634, CVE-2025-32635, CVE-2025-32636, CVE-2025-32637, CVE-2025-32638, CVE-2025-32647, CVE-2025-32648, CVE-2025-32657, CVE-2025-32658, CVE-2025-32660, CVE-2025-32662, CVE-2025-32665, CVE-2025-32666, CVE-2025-32682, CVE-2025-32686, CVE-2025-32688, CVE-2025-3275, CVE-2025-3278, CVE-2025-3284, CVE-2025-32923, CVE-2025-32929, CVE-2025-3294, CVE-2025-3295, CVE-2025-3404, CVE-2025-3453, CVE-2025-3470, CVE-2025-3479, CVE-2025-3487, CVE-2025-3520, CVE-2025-3598, CVE-2025-3615, CVE-2025-3661, CVE-2025-3809, CVE-2025-39351, CVE-2025-39353, CVE-2025-39381, CVE-2025-39385, CVE-2025-39388, CVE-2025-39390, CVE-2025-39392, CVE-2025-39394, CVE-2025-39395, CVE-2025-39396, CVE-2025-39401, CVE-2025-39402, CVE-2025-39403, CVE-2025-39404, CVE-2025-39405, CVE-2025-39406, CVE-2025-39407, CVE-2025-39408, CVE-2025-39409, CVE-2025-39410, CVE-2025-39411, CVE-2025-39412, CVE-2025-39413, CVE-2025-39414, CVE-2025-39415, CVE-2025-39416, CVE-2025-39418, CVE-2025-39419, CVE-2025-39420, CVE-2025-39421, CVE-2025-39422, CVE-2025-39423, CVE-2025-39424, CVE-2025-39425, CVE-2025-39426, CVE-2025-39427, CVE-2025-39428, CVE-2025-39429, CVE-2025-39430, CVE-2025-39431, CVE-2025-39432, CVE-2025-39433, CVE-2025-39434, CVE-2025-39435, CVE-2025-39436, CVE-2025-39437, CVE-2025-39438, CVE-2025-39439, CVE-2025-39440, CVE-2025-39441, CVE-2025-39442, CVE-2025-39443, CVE-2025-39444, CVE-2025-39445, CVE-2025-39446, CVE-2025-39447, CVE-2025-39448, CVE-2025-39449, CVE-2025-39450, CVE-2025-39451, CVE-2025-39452, CVE-2025-39453, CVE-2025-39454, CVE-2025-39455, CVE-2025-39456, CVE-2025-39457, CVE-2025-39458, CVE-2025-39459, CVE-2025-39460, CVE-2025-39461, CVE-2025-39462, CVE-2025-39463, CVE-2025-39464, CVE-2025-39465, CVE-2025-39466, CVE-2025-39467, CVE-2025-39468, CVE-2025-39469, CVE-2025-39470, CVE-2025-39471, CVE-2025-39472, CVE-2025-39512, CVE-2025-39513, CVE-2025-39514, CVE-2025-39515, CVE-2025-39516, CVE-2025-39517, CVE-2025-39518, CVE-2025-39519, CVE-2025-39520, CVE-2025-39521, CVE-2025-39522, CVE-2025-39523, CVE-2025-39524, CVE-2025-39525, CVE-2025-39526, CVE-2025-39527, CVE-2025-39528, CVE-2025-39529, CVE-2025-39530, CVE-2025-39533, CVE-2025-39535, CVE-2025-39538, CVE-2025-39540, CVE-2025-39541, CVE-2025-39542, CVE-2025-39543, CVE-2025-39544, CVE-2025-39545, CVE-2025-39546, CVE-2025-39547, CVE-2025-39548, CVE-2025-39549, CVE-2025-39550, CVE-2025-39551, CVE-2025-39553, CVE-2025-39554, CVE-2025-39555, CVE-2025-39556, CVE-2025-39557, CVE-2025-39558, CVE-2025-39559, CVE-2025-39560, CVE-2025-39562, CVE-2025-39563, CVE-2025-39564, CVE-2025-39565, CVE-2025-39566, CVE-2025-39567, CVE-2025-39568, CVE-2025-39569, CVE-2025-39570, CVE-2025-39571, CVE-2025-39572, CVE-2025-39573, CVE-2025-39574, CVE-2025-39575, CVE-2025-39576, CVE-2025-39577, CVE-2025-39578, CVE-2025-39579, CVE-2025-39580, CVE-2025-39581, CVE-2025-39582, CVE-2025-39583, CVE-2025-39584, CVE-2025-39585, CVE-2025-39586, CVE-2025-39587, CVE-2025-39588, CVE-2025-39589, CVE-2025-39590, CVE-2025-39592, CVE-2025-39593, CVE-2025-39594, CVE-2025-39595, CVE-2025-39596, CVE-2025-39597, CVE-2025-39598, CVE-2025-39599, CVE-2025-39600, CVE-2025-39601<\/td>\n<\/tr>\n
CWE<\/th>\n<\/td>\n<\/tr>\n
Bulletin Family<\/th>\ninfo<\/td>\n<\/tr>\n<\/table><\/div>\n
\n

Description<\/h3>\n
\n * * *<\/p>\n

_![\ud83d\udce2](https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72×72\/1f4e2.png)**In case you missed it, Wordfence just published itsannual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond. **_<\/p>\n

* * *<\/p>\n

Last week, there were 252 vulnerabilities disclosed in 215 WordPress Plugins and 15 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 56 Vulnerability Researchers that contributed to WordPress Security last week. **Review those vulnerabilities in this report now to ensure your site is not affected.**<\/p>\n

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data**to implement layered security, aligning with our overarching mission to secure WordPress with defense in depth strategies.** That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.<\/p>\n

Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our **database of over 25,000 vulnerabilities** and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, **all for free**.<\/p>\n

_Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published._<\/p>\n

* * *<\/p>\n

### New Firewall Rules Deployed Last Week<\/p>\n

The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.<\/p>\n

The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:<\/p>\n

* WAF-RULE-821 – Data redacted while we work with the vendor on a patch.<\/p>\n

Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.<\/p>\n

* * *<\/p>\n

### Total Unpatched & Patched Vulnerabilities Last Week<\/p>\n

Patch Status | Number of Vulnerabilities
\n—|—
\nPatched | 137
\nUnpatched | 115 <\/p>\n

* * *<\/p>\n

### Total Vulnerabilities by CVSS Severity Last Week<\/p>\n

Severity Rating | Number of Vulnerabilities
\n—|—
\nLow Severity | 1
\nMedium Severity | 179
\nHigh Severity | 42
\nCritical Severity | 30 <\/p>\n

* * *<\/p>\n

### Total Vulnerabilities by CWE Type Last Week<\/p>\n

Vulnerability Type by CWE | Number of Vulnerabilities
\n—|—
\nImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) | 79
\nCross-Site Request Forgery (CSRF) | 44
\nMissing Authorization | 35
\nImproper Control of Filename for Include\/Require Statement in PHP Program (‘PHP Remote File Inclusion’) | 21
\nImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) | 17
\nDeserialization of Untrusted Data | 12
\nUnrestricted Upload of File with Dangerous Type | 10
\nExposure of Sensitive Information to an Unauthorized Actor | 8
\nImproper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) | 6
\nImproper Privilege Management | 6
\nImproper Control of Generation of Code (‘Code Injection’) | 4
\nURL Redirection to Untrusted Site (‘Open Redirect’) | 4
\nAuthorization Bypass Through User-Controlled Key | 2
\nImproper Validation of Integrity Check Value | 2
\nExternal Control of File Name or Path | 1
\nIncorrect Authorization | 1 <\/p>\n

* * *<\/p>\n

### Researchers That Contributed to WordPress Security Last Week<\/p>\n

Researcher Name | Number of Vulnerabilities
\n—|—
\n![](https:\/\/www.gravatar.com\/avatar\/343456e443c863409724aa97bcfa6e3e.jpg?s=32&d=mp&r=g) johska | 22
\n![](https:\/\/www.gravatar.com\/avatar\/f894d5600bcba5e947d6dde37a3cec1b.jpg?s=32&d=mp&r=g) stealthcopter | 18
\n![](https:\/\/www.gravatar.com\/avatar\/97a1f88460217867f45b925b3af1bb6a.jpg?s=32&d=mp&r=g) muhammad yudha | 17
\n![](https:\/\/www.gravatar.com\/avatar\/15c7bc3e71963fdd7c656346bcf8b159.jpg?s=32&d=mp&r=g) Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac (truonghuuphuc) | 17
\n![](https:\/\/www.gravatar.com\/avatar\/e37bf2a629b6924efb95f289b0a7f7e4.jpg?s=32&d=mp&r=g) Nguyen Xuan Chien | 14
\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g) LVT-tholv2k | 13
\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g) Bonds | 13
\n![](https:\/\/www.gravatar.com\/avatar\/2a1b4c1c638eb4f66b0677e71058a830.jpg?s=32&d=mp&r=g) 0xd4rk5id3 | 11
\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g) astra.r3verii | 9
\n![](https:\/\/www.gravatar.com\/avatar\/86a1429aeb8e473ec62cf8dd3d4e4571.jpg?s=32&d=mp&r=g) Nabil Irawan | 8
\n![](https:\/\/www.gravatar.com\/avatar\/385d41daf781fbf4dbac2a1ff894d7fc.jpg?s=32&d=mp&r=g) Le Ngoc Anh | 8
\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g) Ananda Dhakal | 7
\n![](https:\/\/www.gravatar.com\/avatar\/01dce303f1fab51371215f21992679d9.jpg?s=32&d=mp&r=g) theviper17y | 6
\n![](https:\/\/www.gravatar.com\/avatar\/585bd77d4bbe100a43b04223fd09a74f.jpg?s=32&d=mp&r=g) Jo\u00e3o Pedro Soares de Alc\u00e2ntara | 6
\n![](https:\/\/www.gravatar.com\/avatar\/b5bd58d8a8029c69877dc8a75d7889fd.jpg?s=32&d=mp&r=g) K\u00e9vin Mosbahi (Mika) | 6
\n![](https:\/\/www.gravatar.com\/avatar\/f1b68a12f61846b7fbcd7f1338106a1f.jpg?s=32&d=mp&r=g) Dimas Maulana | 5
\n![](https:\/\/www.gravatar.com\/avatar\/258c774aecd81b7d1fa67abf3b576b33.jpg?s=32&d=mp&r=g) Peter Thaleikis | 5
\n![](https:\/\/www.gravatar.com\/avatar\/11dfabc58a06f06c9123a7e17a41cecb.jpg?s=32&d=mp&r=g) Aiden (Th\u00e1i An) | 5
\n![](https:\/\/www.gravatar.com\/avatar\/e4a8b174c9f284d94094cf7722e1ec31.jpg?s=32&d=mp&r=g) Asaf Mozes | 4
\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g) Phan Trong Quan | 4
\n![](https:\/\/www.gravatar.com\/avatar\/ef74f4dbe7907a62f177592f647c1afa.jpg?s=32&d=mp&r=g) Webbernaut | 4
\n![](https:\/\/www.gravatar.com\/avatar\/54d48d97cbd2b84eb914943109eb7d14.jpg?s=32&d=mp&r=g) Nguy\u1ec5n Trung Ki\u00ean | 4
\n![](https:\/\/www.gravatar.com\/avatar\/4c2bd6964b38518385c4e8d1791fd762.jpg?s=32&d=mp&r=g) zaim | 3
\n![](https:\/\/www.gravatar.com\/avatar\/c36a7211a54c34d3d52be3b1bd8d253e.jpg?s=32&d=mp&r=g) lucky_buddy | 3
\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g) Skalucy | 3
\n![](https:\/\/www.gravatar.com\/avatar\/c070414ac7706c1f7345b025f413df56.jpg?s=32&d=mp&r=g) Brian Sans-Souci (liardom) | 2
\n![](https:\/\/www.gravatar.com\/avatar\/5a1c57ff7dc66a0d8702f856ceb355fd.jpg?s=32&d=mp&r=g) the sneaky squirrel | 2
\n![](https:\/\/www.gravatar.com\/avatar\/c14731a0f8a0d24cbda30f561fc03441.jpg?s=32&d=mp&r=g) SOPROBRO | 2
\n![](https:\/\/www.gravatar.com\/avatar\/14c9ac0f163cbf6d8b0f77fce5836577.jpg?s=32&d=mp&r=g) wesley (wcraft) | 2
\n![](https:\/\/www.gravatar.com\/avatar\/37cc74b0e1957fee81825154abeae540.jpg?s=32&d=mp&r=g) nquangit | 2
\n![](https:\/\/www.gravatar.com\/avatar\/7b8cd550e860295a0dcf86632e3c79be.jpg?s=32&d=mp&r=g) Phat RiO – BlueRock | 2
\n![](https:\/\/www.gravatar.com\/avatar\/dfc42784669accf02da36cb658a6a355.jpg?s=32&d=mp&r=g) ch4r0n | 2
\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g) chuck | 2
\n![](https:\/\/www.gravatar.com\/avatar\/9d46e040922297c1834a9af4e8278abe.jpg?s=32&d=mp&r=g) khanhhnahk1 | 1
\n![](https:\/\/www.gravatar.com\/avatar\/0c476cecff9cf0286378f2943694146f.jpg?s=32&d=mp&r=g) Foxyyy | 1
\n![](https:\/\/www.gravatar.com\/avatar\/4f335379e6c22b34c96df34218ac155f.jpg?s=32&d=mp&r=g) broccoli | 1
\n![](https:\/\/www.gravatar.com\/avatar\/a964068aac6d7229783a0ea643877251.jpg?s=32&d=mp&r=g) zer0gh0st | 1
\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g) Doan Dinh Van | 1
\n![](https:\/\/www.gravatar.com\/avatar\/d30e6a858b269fc0c2ddccf3c3327313.jpg?s=32&d=mp&r=g) haidv35 | 1
\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g) Deltree | 1
\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g) Tran Nguyen Bao Khanh | 1
\n![](https:\/\/www.gravatar.com\/avatar\/80711f5dab8609bebef4ab99b37e869a.jpg?s=32&d=mp&r=g) Carlos Ferreira | 1
\n![](https:\/\/www.gravatar.com\/avatar\/faefcd06abcb00b4db5324b629c6424e.jpg?s=32&d=mp&r=g) Muhamad Visat | 1
\n![](https:\/\/www.gravatar.com\/avatar\/2b99835f57008d2a5ee94f41555327d4.jpg?s=32&d=mp&r=g) Alyudin Nafiie | 1
\n![](https:\/\/www.gravatar.com\/avatar\/697aca1b58dce62b53c47e23b571f54c.jpg?s=32&d=mp&r=g) ayato | 1
\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g) Pham Van Phuoc | 1
\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g) domiee13 | 1
\n![](https:\/\/www.gravatar.com\/avatar\/b20f9553188fa04cbd937e5df1e718af.jpg?s=32&d=mp&r=g) Tim Coen | 1
\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g) Abdi Pranata | 1
\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g) tahu.datar | 1
\n![](https:\/\/www.gravatar.com\/avatar\/1c6327bca62253f0bec06a3d18c37f2a.jpg?s=32&d=mp&r=g) Yassine Neggaoui (Y45NG) | 1
\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g) Affan Ali | 1
\n![](https:\/\/www.gravatar.com\/avatar\/7d4a68019ac73014fd7a41bf4de262d6.jpg?s=32&d=mp&r=g) Arshid KV | 1
\n![](https:\/\/www.gravatar.com\/avatar\/4c8e47602daa5f66a49fdf2c7555c730.jpg?s=32&d=mp&r=g) siavashvafshar | 1
\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g) Rafie Muhammad | 1
\n![](https:\/\/www.gravatar.com\/avatar\/eb428a7b41bcec038cb1bd520e1bc384.jpg?s=32&d=mp&r=g) Prissy | 1 <\/p>\n

_Are you a security researcher who would like to be featured in our weekly vulnerability report?_ You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.<\/p>\n

* * *<\/p>\n

### WordPress Plugins with Reported Vulnerabilities Last Week<\/p>\n

Software Name | Software Slug
\n—|—
\nActiveDEMAND | activedemand
\nAdd to Header | add-to-header
\nAdministrator Z | administrator-z
\nAdminQuickbar | adminquickbar
\nAdvanced Dynamic Pricing for WooCommerce | advanced-dynamic-pricing-for-woocommerce
\nAI Text to Speech \u2013 TTS Plugin For WordPress | ai-text-to-speech
\nAll push notification for WP | all-push-notification
\nAmazon Showcase WordPress Plugin | amazon-showcase-wordpress-widget
\nAnalyticsWP | analyticswp
\nAnthologize | anthologize
\nArigato Autoresponder and Newsletter | bft-autoresponder
\nAsgaros Forum | asgaros-forum
\nAttendance Manager | attendance-manager
\nAuthor WIP Progress Bar | author-work-in-progress-bar
\nAvatar | avatar
\nBarcode Generator for WooCommerce \u2013 Show barcodes on products, orders, invoices and other pages | embedding-barcodes-into-product-pages-and-orders
\nBasic Interactive World Map | basic-interactive-world-map
\nbbPress2 shortcode whitelist | bbpress2-shortcode-whitelist
\nBERTHA AI. Your AI co-pilot for WordPress and Chrome | bertha-ai-free
\nBknewsticker | bknewsticker
\nBMA Lite \u2013 Appointment Booking and Scheduling Plugin | bma-lite-appointment-booking-and-scheduling
\nBooking and Rental Manager for Bike | Car | Resort | Appointment | Dress | Equipment | booking-and-rental-manager-for-woocommerce
\nBooster Plus for WooCommerce | booster-plus-for-woocommerce
\nBring Fraktguiden for WooCommerce | bring-fraktguiden-for-woocommerce
\nBroken Links Remover | broken-links-remover
\nBruteGuard \u2013 Brute Force Login Protection | bruteguard
\nBulk Page Stub Creator | bulk-page-stub-creator
\nBulk Term Editor | bulk-term-editor
\nCheckout Files Upload for WooCommerce | checkout-files-upload-woocommerce
\nCheckout for PayPal | checkout-for-paypal
\nChurch Admin | church-admin
\nCLEVER – HTML5 Radio Player With History – Shoutcast and Icecast – Elementor Widget Addon | elementor_widget_clever_radio_player
\nCloak Front End Email | cloak-front-end-email
\nConditional Payments for WooCommerce | conditional-payments-for-woocommerce
\nConditional Shipping for WooCommerce | conditional-shipping-for-woocommerce
\nContact Form 7 | contact-form-7
\nContact Form by Supsystic | contact-form-by-supsystic
\nContact Form vCard Generator | contact-form-vcard-generator
\nContact Form, Drag and Drop Form Builder Plugin \u2013 Live Forms | liveforms
\nCost Calculator Builder | cost-calculator-builder
\nCoupon Affiliates \u2013 Affiliate Plugin for WooCommerce | woo-coupon-usage
\nCourse Booking System | course-booking-system
\nCRM Perks \u2013 WordPress HelpDesk Integration \u2013 Zendesk, Freshdesk, HelpScout | support-x
\nCRUDLab Scroll to Top | crudlab-scroll-to-top
\nCustom CSS, JS & PHP | custom-css
\nDashboard Notepads | dashboard-notepads
\nDashi | dashi
\nDebug Log Manager | debug-log-manager
\nDirectory Listings WordPress plugin \u2013 uListing | ulisting
\nDocket Cache \u2013 Object Cache Accelerator | docket-cache
\nDownload Manager | download-manager
\nDynamic Post | dynamic-post
\nEditor Wysiwyg Background Color | editor-wysiwyg-background-color
\nElement Pack Addons for Elementor \u2013 Best Elementor addons with Ready Templates, Blocks, Widgets and WooCommerce Builder | bdthemes-element-pack-lite
\nElementsReady Addons for Elementor | element-ready-lite
\nEssential Addons for Elementor \u2013 Popular Elementor Addon With Ready Templates, Advanced Widgets, Kits & WooCommerce Builders | essential-addons-for-elementor-lite
\nEvent Espresso \u2013 Custom Email Template Shortcode | email-shortcode
\nEvent Manager, Events Calendar, Tickets, Registrations \u2013 Eventin | wp-event-solution
\nEver Accounting \u2013 WordPress Accounting and Invoice Plugin | wp-ever-accounting
\nFast eBay Listings | fast-ebay-listings
\nFeedify \u2013 Web Push Notifications | push-notification-by-feedify
\nFluent Forms \u2013 Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder | fluentform
\nFluentBoards \u2013 Project Management, Task Management, Goal Tracking, Kanban Board, and, Team Collaboration | fluent-boards
\nFluentCommunity \u2013 Ultra-Fast High-Performance Social Network, Community, LMS & Online Courses Plugin | fluent-community
\nForminator Forms \u2013 Contact Form, Payment Form & Custom Form Builder | forminator
\nFS Poster – WordPress Social media Auto Poster & Scheduler [Facebook, Instagram, Twitter, Pinterest] | fs-poster
\nGoodBarber | goodbarber
\nGravity Forms CSS Themes with Fontawesome and Placeholders | gravity-forms-css-themes-with-fontawesome-and-placeholder-support
\nHelpGent \u2013 The Ultimate Form Builder & TypeForm Alternative on WordPress | Craft Conversational Multi Step Form with Video, Voice, Screen Recording, & Text Messaging | helpgent
\nHive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress | hive-support
\nhockeydata LOS | hockeydata-los
\nHostel | hostel
\nHotel Booking | nd-booking
\nHTML5 Audio Player- Best WordPress Audio Player Plugin | html5-audio-player
\nI Draw | idraw
\nillow \u2013 Cookies Consent | lgpd-compliant-cookie-banner
\nInsert Headers And Footers | wp-headers-and-footers
\nIntegration for WooCommerce and QuickBooks | wp-woocommerce-quickbooks
\nIP2Location Variables | ip2location-variables
\nJetBlocks for Elementor | jet-blocks
\nJetBlog for Elementor | jet-blog
\nJetElements | jet-elements
\nJetMenu for Elementor | jet-menu
\nJetPopup | jet-popup
\nJetReviews for Elementor | jet-reviews
\nJetTabs for Elementor | jet-tabs
\nJetTricks for Elementor | jet-tricks
\nJetWooBuilder for Elementor | jet-woo-builder
\nJobWP \u2013 Job Board, Job Listing, Career Page and Recruitment Plugin | jobwp
\nJS Job Manager | js-jobs
\nKadence WooCommerce Email Designer | kadence-woocommerce-email-designer
\nKata Plus \u2013 Addons for Elementor \u2013 Widgets, Extensions and Templates | kata-plus
\nKiotViet Sync | kiotvietsync
\nLA-Studio Element Kit for Elementor | lastudio-element-kit
\nLanding Page Cat \u2013 Coming Soon Page, Maintenance Page & Squeeze Pages | landing-page-cat
\nListdom \u2013 Business Directory and Classified Ads Listings WordPress Plugin | listdom
\nLocal Magic | local-magic
\nLogin Manager \u2013 Design Login Page, View Login Activity, Limit Login Attempts | customized-login
\nLogo Carousel Gutenberg Block | awesome-logo-carousel-block
\nLogo Carousel Slider | logo-carousel-slider
\nMacro Calculator with Admin Email Optin & Data | macro-admin-email-data-optin-calculator
\nMapSVG \u2013 Vector maps, Image maps, Google Maps | mapsvg-lite-interactive-vector-maps
\nMaster Slider \u2013 Responsive Touch Slider | master-slider
\nMaterial Dashboard | material-dashboard
\nMediavine Control Panel | mediavine-control-panel
\nMelaPress Login Security | melapress-login-security
\nMemberpress | memberpress
\nMembership For WooCommerce | membership-for-woocommerce
\nmLanguage | mlanguage
\nmodal-survey | modal-survey
\nMost And Least Read Posts Widget | most-and-least-read-posts-widget
\nMovylo Marketing Automation | movylo-widget
\nMy auctions allegro | my-auctions-allegro-free-edition
\nMy Marginalia | my-marginalia
\nName Directory | name-directory
\nOffice Locator | office-locator
\nOTP-less one tap Sign in | otpless
\nPassword Protected \u2013 Password Protect your WordPress Site, Pages, & WooCommerce Products \u2013 Restrict Content, Protect WooCommerce Category and more | password-protected
\nPayment Form for PayPal Pro | payment-form-for-paypal-pro
\nPDF 2 Post | pdf2post
\nPiotnet Addons For Elementor | piotnet-addons-for-elementor
\nProfileGrid \u2013 User Profiles, Groups and Communities | profilegrid-user-profiles-groups-and-communities
\nProjectopia \u2013 WordPress Project Management | projectopia-core
\nProperty Hive | propertyhive
\nQuentn WP | quentn-wp
\nQuestion Answer | question-answer
\nRating by BestWebSoft | rating-bws
\nReal Estate Manager \u2013 Property Listing and Agent Management | real-estate-manager
\nRescue Shortcodes | rescue-shortcodes
\nResponsive Addons for Elementor \u2013 Free Elementor Addons Plugin and Elementor Templates | responsive-addons-for-elementor
\nResponsive Blocks \u2013 WordPress Gutenberg Blocks | responsive-block-editor-addons
\nReview Wave \u2013 Google Places Reviews | review-wave-google-places-reviews
\nRevision Diet | revision-diet
\nRight Click Disable OR Ban | right-click-disable-or-ban
\nRoyal Elementor Addons and Templates | royal-elementor-addons
\nRSS Manager | rss-manager
\nRun Contests, Raffles, and Giveaways with ContestsWP | contest-code-checker
\nSB Chart block | sb-chart-block
\nScriptless Social Sharing | scriptless-social-sharing
\nSell access, Automate, and add Engaging Exclusive Discord Access: Introducing the MemberPress Discord Addon \u2014 Elevate Your Community! | expresstechsoftwares-memberpress-discord-add-on
\nShopApper: Mobile App for WooCommerce | mobile-app-for-woocommerce
\nSign-up Sheets | sign-up-sheets
\nSimple Maps | interactive-maps
\nSimple Sitemap \u2013 Create a Responsive HTML Sitemap | simple-sitemap
\nSite Search 360 | site-search-360
\nSmart Agreements | smart-agreements
\nSocial Media Links | social-media-links
\nSocial Sharing Plugin \u2013 Sassy Social Share | sassy-social-share
\nspam-stopper | spam-stopper
\nStarfish Review Generation & Marketing for WordPress | starfish-reviews
\nStoreContrl Woocommerce | storecontrl-wp-connection
\nStyle Manager \u2013 Auto-magical system to style your entire WordPress site | style-manager
\nSubscribe to Unlock Lite \u2013 Opt In Content Locker Plugin for WordPress | subscribe-to-unlock-lite
\nSuper Store Finder | superstorefinder-wp
\nSz\u00e9chenyi 2020 Logo | szechenyi-2020-logo
\nT&P Gallery Slider | tp-gallery-slider
\nTableOn \u2013 WordPress Posts Table Filterable | posts-table-filterable
\nTarget Video Easy Publish | brid-video-easy-publish
\nTaskbuilder \u2013 WordPress Project & Task Management plugin | taskbuilder
\nTeam Members \u2013 Best WordPress Team Plugin with Team Slider, Team Showcase & Team Builder | wps-team
\nTestimonial Slider And Showcase Pro | testimonial-slider-showcase-pro
\nTheme Changer | theme-changer
\nThemesflat Addons For Elementor | themesflat-addons-for-elementor
\nThemify Shortcodes | themify-shortcodes
\nTotal processing card payments for WooCommerce | totalprocessing-card-payments
\nTour Master – Tour Booking, Travel, Hotel | tourmaster
\nTourfic Toolkit | travelfic-toolkit
\ntranslit it! | translit-it
\nTS Poll \u2013 Survey, Versus Poll, Image Poll, Video Poll | poll-wp
\nTuriTop Booking System | turitop-booking-system
\nUix Shortcodes | uix-shortcodes
\nUltimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | ultimate-member
\nUltimate Store Kit \u2013 Elementor powered WooCommerce Builder, 80+ Widgets and Template Builder | ultimate-store-kit
\nUnlimited Timeline | unlimited-timeline
\nUrbanGo Membership | urbango-membership
\nUser Profile Builder \u2013 Beautiful User Registration Forms, User Profiles & User Role Editor | profile-builder
\nUser Registration PRO \u2013 Custom Registration Form, Login Form, and User Profile WordPress Plugin | user-registration-pro
\nVerge3D Publishing and E-Commerce | verge3d
\nVerowa Connect | verowa-connect
\nvisucom-smart-sections | visucom-smart-sections
\nVitepos \u2013 Point of sale (POS) plugin for WooCommerce | vitepos-lite
\nWeb Directory Free | web-directory-free
\nWooCommerce – Social Login | woo-social-login
\nWooCommerce Builder & Gutenberg WooCommerce Blocks \u2013 WowStore | product-blocks
\nWooCommerce Products without featured images | woocommerce-products-without-featured-images
\nWooMS | wooms
\nWordPress Button Plugin MaxButtons | maxbuttons
\nWordPress Internal Link Optimiser | internal-link-finder
\nWordPress REST API Authentication | wp-rest-api-authentication
\nWordPress Video Robot – The Ultimate Video Importer | wp-video-robot
\nWordPress WP-Advanced-Search | wp-advanced-search
\nWP Data Access \u2013 App, Table, Form, Chart & Map Builder plugin | wp-data-access
\nWP Donate | wp-donate
\nWP Editor | wp-editor
\nWP Flipclock | wp-flipclock
\nWP Logger | wp-data-logger
\nWP Post to PDF Enhanced | wp-post-to-pdf-enhanced
\nWP Posts Carousel | wp-posts-carousel
\nWP Simple Booking Calendar | wp-simple-booking-calendar
\nWP Social Bookmarking | wp-social-bookmarking
\nWP STAGING Pro WordPress Backup Plugin | wp-staging-pro
\nWP Sticky Side Buttons | wp-sticky-side-buttons
\nWP Tools Increase Maximum Limits, Repair, Server PHP Info, Javascript errors, File Permissions, Transients, Error Log | wptools
\nWP Twitter Button | wp-twitter-button
\nwp-google-map-gold | wp-google-map-gold
\nWP_DEBUG Toggle | enable-wp-debug-toggle
\nWPAdverts \u2013 Classifieds Plugin | wpadverts
\nWPAMS – Apartment Management System for wordpress | apartment-management
\nWPCafe: Food Menu, Ordering, Reservation, and Delivery Solution \u2013 All in One Place! | wp-cafe
\nWPCasa | wpcasa
\nWPCOM Member | wpcom-member
\nwpLike2Get | wplike2get
\nwpt-whatsapp | wpt-whatsapp
\nXelion Webchat | xelion-webchat
\nZooEffect Plugin for Video player, Photo Gallery Slideshow jQuery and audio \/ music \/ podcast \u2013 HTML5 | 1-jquery-photo-gallery-slideshow-flash <\/p>\n

* * *<\/p>\n

### WordPress Themes with Reported Vulnerabilities Last Week<\/p>\n

Software Name | Software Slug
\n—|—
\nAI Hub – Startup & Technology WordPress Theme | aihub
\nBetheme | betheme
\nCelestial Aura | celestial-aura
\nDessau – Contemporary Theme for Architects and Interior Designers | dessau
\nD\u00f8r – Modern Architecture and Interior Design Theme | dor
\nEduma | eduma
\nEximius | eximius
\nFoton – Software and App Landing Page Theme | foton
\nGrand Restaurant WordPress | grandrestaurant
\nGrip | grip
\nIvyPrep – Education & School WordPress Theme | ivy-school
\nReal Estate 7 WordPress | realestate-7
\nSirat | sirat
\nTastyc – Cafe Restaurant Theme | tastyc
\nWanderland – Travel Blog | wanderland <\/p>\n

* * *<\/p>\n

### Vulnerability Details<\/p>\n

Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should\u2019ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.<\/p>\n

#### AIHub <= 1.3.7 - Unauthenticated Arbitrary File Upload in generate_image\n\n9.8\n\nCVSS Rating \n**Critical (9.8)**\n\nCVE-ID \n**CVE-2025-1093**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 18, 2025**\n\n**Affected Software** \nAI Hub - Startup & Technology WordPress Theme\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/0c476cecff9cf0286378f2943694146f.jpg?s=32&d=mp&r=g)Foxyyy\n\nMore Details ><\/p>\n

#### Dessau < 1.9 - Unauthenticated Local File Inclusion\n\n9.8\n\nCVSS Rating \n**Critical (9.8)**\n\nCVE-ID \n**CVE-2025-39463**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nDessau - Contemporary Theme for Architects and Interior Designers\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g)Bonds\n\nMore Details ><\/p>\n

#### Docket Cache <= 24.07.02 - Unauthenticated Local File Inclusion\n\n9.8\n\nCVSS Rating \n**Critical (9.8)**\n\nCVE-ID \n**CVE-2025-39461**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nDocket Cache \u2013 Object Cache Accelerator\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/f1b68a12f61846b7fbcd7f1338106a1f.jpg?s=32&d=mp&r=g)Dimas Maulana\n\nMore Details ><\/p>\n

#### D\u00f8r <= 2.4 - Unauthenticated Local File Inclusion\n\n9.8\n\nCVSS Rating \n**Critical (9.8)**\n\nCVE-ID \n**CVE-2025-39466**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nD\u00f8r - Modern Architecture and Interior Design Theme\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g)Bonds\n\nMore Details ><\/p>\n

#### FluentBoards <= 1.47 - Unauthenticated PHP Object Injection\n\n9.8\n\nCVSS Rating \n**Critical (9.8)**\n\nCVE-ID \n**CVE-2025-39551**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nFluentBoards \u2013 Project Management, Task Management, Goal Tracking, Kanban Board, and, Team Collaboration\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/15c7bc3e71963fdd7c656346bcf8b159.jpg?s=32&d=mp&r=g)Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac (truonghuuphuc)\n\nMore Details ><\/p>\n

#### FluentCommunity <= 1.2.15 - Unauthenticated PHP Object Injection\n\n9.8\n\nCVSS Rating \n**Critical (9.8)**\n\nCVE-ID \n**CVE-2025-39550**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nFluentCommunity \u2013 Ultra-Fast High-Performance Social Network, Community, LMS & Online Courses Plugin\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/15c7bc3e71963fdd7c656346bcf8b159.jpg?s=32&d=mp&r=g)Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac (truonghuuphuc)\n\nMore Details ><\/p>\n

#### Foton <= 2.5.2 - Unauthenticated Local File Inclusion\n\n9.8\n\nCVSS Rating \n**Critical (9.8)**\n\nCVE-ID \n**CVE-2025-39458**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nFoton - Software and App Landing Page Theme\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g)Bonds\n\nMore Details ><\/p>\n

#### Grip <= 1.0.9 - Unauthenticated Local File Inclusion\n\n9.8\n\nCVSS Rating \n**Critical (9.8)**\n\nCVE-ID \n**CVE-2025-26735**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 14, 2025**\n\n**Affected Software** \nGrip\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g)tahu.datar\n\nMore Details ><\/p>\n

#### HelpGent <= 2.2.4 - Unauthenticated PHP Object Injection\n\n9.8\n\nCVSS Rating \n**Critical (9.8)**\n\nCVE-ID \n**CVE-2025-32658**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nHelpGent \u2013 The Ultimate Form Builder & TypeForm Alternative on WordPress | Craft Conversational Multi Step Form with Video, Voice, Screen Recording, & Text Messaging\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g)LVT-tholv2k\n\nMore Details ><\/p>\n

#### hockeydata LOS <= 1.2.4 - Unauthenticated Local File Inclusion\n\n9.8\n\nCVSS Rating \n**Critical (9.8)**\n\nCVE-ID \n**CVE-2025-26889**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 15, 2025**\n\n**Affected Software** \nhockeydata LOS\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/f1b68a12f61846b7fbcd7f1338106a1f.jpg?s=32&d=mp&r=g)Dimas Maulana\n\nMore Details ><\/p>\n

#### Hotel Booking <= 3.6 - Unauthenticated Local File Inclusion\n\n9.8\n\nCVSS Rating \n**Critical (9.8)**\n\nCVE-ID \n**CVE-2025-39526**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nHotel Booking\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g)LVT-tholv2k\n\nMore Details ><\/p>\n

#### IvyPrep <= 1.6.0 - Unauthenticated Local File Inclusion\n\n9.8\n\nCVSS Rating \n**Critical (9.8)**\n\nCVE-ID \n**CVE-2025-39470**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nIvyPrep - Education & School WordPress Theme\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g)Bonds\n\nMore Details ><\/p>\n

#### JS Job Manager <= 2.0.2 - Unauthenticated Arbitrary File Upload\n\n9.8\n\nCVSS Rating \n**Critical (9.8)**\n\nCVE-ID \n**CVE-2025-32660**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 14, 2025**\n\n**Affected Software** \nJS Job Manager\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g)LVT-tholv2k\n\nMore Details ><\/p>\n

#### Kata Plus <= 1.5.2 - Unauthenticated PHP Object Injection\n\n9.8\n\nCVSS Rating \n**Critical (9.8)**\n\nCVE-ID \n**CVE-2025-32572**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 15, 2025**\n\n**Affected Software** \nKata Plus \u2013 Addons for Elementor \u2013 Widgets, Extensions and Templates\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/385d41daf781fbf4dbac2a1ff894d7fc.jpg?s=32&d=mp&r=g)Le Ngoc Anh\n\nMore Details ><\/p>\n

#### Material Dashboard <= 1.4.6 - Unauthenticated Privilege Escalation\n\n9.8\n\nCVSS Rating \n**Critical (9.8)**\n\nCVE-ID \n**CVE-2025-32486**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 14, 2025**\n\n**Affected Software** \nMaterial Dashboard\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g)astra.r3verii\n\nMore Details ><\/p>\n

#### Modal Survey <= 2.0.2.0.1 - Unauthenticated Local File Inclusion\n\n9.8\n\nCVSS Rating \n**Critical (9.8)**\n\nCVE-ID \n**CVE-2025-39468**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nmodal-survey\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g)Bonds\n\nMore Details ><\/p>\n

#### Projectopia <= 5.1.16 - Unauthenticated Privilege Escalation via Account Takeover\n\n9.8\n\nCVSS Rating \n**Critical (9.8)**\n\nCVE-ID \n**CVE-2025-32648**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 14, 2025**\n\n**Affected Software** \nProjectopia \u2013 WordPress Project Management\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g)astra.r3verii\n\nMore Details ><\/p>\n

#### Quentn WP <= 1.2.8 - Unauthenticated Privilege Escalation\n\n9.8\n\nCVSS Rating \n**Critical (9.8)**\n\nCVE-ID \n**CVE-2025-39596**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nQuentn WP\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/385d41daf781fbf4dbac2a1ff894d7fc.jpg?s=32&d=mp&r=g)Le Ngoc Anh\n\nMore Details ><\/p>\n

#### Real Estate 7 <= 3.5.2 - Unauthenticated Privilege Escalation\n\n9.8\n\nCVSS Rating \n**Critical (9.8)**\n\nCVE-ID \n**CVE-2025-39459**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nReal Estate 7 WordPress\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g)Ananda Dhakal\n\nMore Details ><\/p>\n

#### Real Estate Manager <= 7.3 - Unauthenticated Remote Code Execution\n\n9.8\n\nCVSS Rating \n**Critical (9.8)**\n\nCVE-ID \n**CVE-2025-32596**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 15, 2025**\n\n**Affected Software** \nReal Estate Manager \u2013 Property Listing and Agent Management\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/01dce303f1fab51371215f21992679d9.jpg?s=32&d=mp&r=g)theviper17y\n\nMore Details ><\/p>\n

#### Smart Agreements <= 1.0.3 - Unauthenticated Local File Inclusion\n\n9.8\n\nCVSS Rating \n**Critical (9.8)**\n\nCVE-ID \n**CVE-2025-39462**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nSmart Agreements\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/f1b68a12f61846b7fbcd7f1338106a1f.jpg?s=32&d=mp&r=g)Dimas Maulana\n\nMore Details ><\/p>\n

#### Smart Sections Theme Builder – WPBakery Page Builder Addon <= 1.7.8 - Unauthenticated PHP Object Injection\n\n9.8\n\nCVSS Rating \n**Critical (9.8)**\n\nCVE-ID \n**CVE-2025-39410**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nvisucom-smart-sections\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g)Bonds\n\nMore Details ><\/p>\n

#### Sz\u00e9chenyi 2020 Logo <= 1.1 - Unauthenticated Local File Inclusion\n\n9.8\n\nCVSS Rating \n**Critical (9.8)**\n\nCVE-ID \n**CVE-2025-39429**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nSz\u00e9chenyi 2020 Logo\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/e37bf2a629b6924efb95f289b0a7f7e4.jpg?s=32&d=mp&r=g)Nguyen Xuan Chien\n\nMore Details ><\/p>\n

#### Tastyc < 2.5.2 - Unauthenticated Local File Inclusion\n\n9.8\n\nCVSS Rating \n**Critical (9.8)**\n\nCVE-ID \n**CVE-2025-27010**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 15, 2025**\n\n**Affected Software** \nTastyc - Cafe Restaurant Theme\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g)Bonds\n\nMore Details ><\/p>\n

#### Ultimate Store Kit Elementor Addons <= 2.4.0 - Unauthenticated PHP Object Injection\n\n9.8\n\nCVSS Rating \n**Critical (9.8)**\n\nCVE-ID \n**CVE-2025-39588**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nUltimate Store Kit \u2013 Elementor powered WooCommerce Builder, 80+ Widgets and Template Builder\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g)domiee13\n\nMore Details ><\/p>\n

#### UrbanGo Membership <= 1.0.4 - Unauthenticated Privilege Escalation\n\n9.8\n\nCVSS Rating \n**Critical (9.8)**\n\nCVE-ID \n**CVE-2025-3278**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 18, 2025**\n\n**Affected Software** \nUrbanGo Membership\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/2b99835f57008d2a5ee94f41555327d4.jpg?s=32&d=mp&r=g)Alyudin Nafiie\n\nMore Details ><\/p>\n

#### Wanderland <= 1.7.1 - Unauthenticated Local File Inclusion\n\n9.8\n\nCVSS Rating \n**Critical (9.8)**\n\nCVE-ID \n**CVE-2025-39467**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nWanderland - Travel Blog\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g)Bonds\n\nMore Details ><\/p>\n

#### WhatsApp Click to Chat Plugin for WordPress <= 2.2.12 - Unauthenticated Local File Inclusion\n\n9.8\n\nCVSS Rating \n**Critical (9.8)**\n\nCVE-ID \n**CVE-2025-39411**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nwpt-whatsapp\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g)Bonds\n\nMore Details ><\/p>\n

#### WPAMS <= 44.0 - Unauthenticated Local File Inclusion\n\n9.8\n\nCVSS Rating \n**Critical (9.8)**\n\nCVE-ID \n**CVE-2025-39406**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nWPAMS - Apartment Management System for wordpress\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/11dfabc58a06f06c9123a7e17a41cecb.jpg?s=32&d=mp&r=g)Aiden (Th\u00e1i An)\n\nMore Details ><\/p>\n

#### WPAMS <= 44.0 (17-08-2023) - Unauthenticated Arbitrary File Upload\n\n9.8\n\nCVSS Rating \n**Critical (9.8)**\n\nCVE-ID \n**CVE-2025-39401**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nWPAMS - Apartment Management System for wordpress\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/15c7bc3e71963fdd7c656346bcf8b159.jpg?s=32&d=mp&r=g)Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac (truonghuuphuc)\n\nMore Details ><\/p>\n

#### Celestial Aura <= 2.2 - Authenticated (Subscriber+) Arbitrary File Upload\n\n8.8\n\nCVSS Rating \n**High (8.8)**\n\nCVE-ID \n**CVE-2025-26892**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 14, 2025**\n\n**Affected Software** \nCelestial Aura\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/f894d5600bcba5e947d6dde37a3cec1b.jpg?s=32&d=mp&r=g)stealthcopter\n\nMore Details ><\/p>\n

#### Custom CSS, JS & PHP <= 2.4.1 - Cross-Site Request Forgery to Remote Code Exectuiron\n\n8.8\n\nCVSS Rating \n**High (8.8)**\n\nCVE-ID \n**CVE-2025-39601**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nCustom CSS, JS & PHP\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/e37bf2a629b6924efb95f289b0a7f7e4.jpg?s=32&d=mp&r=g)Nguyen Xuan Chien\n\nMore Details ><\/p>\n

#### Download Manager <= 3.3.12 - Authenticated (Author+) Arbitrary File Deletion\n\n8.8\n\nCVSS Rating \n**High (8.8)**\n\nCVE-ID \n**CVE-2025-3404**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 18, 2025**\n\n**Affected Software** \nDownload Manager\n\n**Researchers** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/c070414ac7706c1f7345b025f413df56.jpg?s=32&d=mp&r=g)Brian Sans-Souci (liardom)\n\n![](https:\/\/www.gravatar.com\/avatar\/5a1c57ff7dc66a0d8702f856ceb355fd.jpg?s=32&d=mp&r=g)the sneaky squirrel\n\nMore Details ><\/p>\n

#### Eventin <= 4.0.25 - Authenticated (Contributor+) Local File Inclusion\n\n8.8\n\nCVSS Rating \n**High (8.8)**\n\nCVE-ID \n**CVE-2025-39584**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nEvent Manager, Events Calendar, Tickets, Registrations \u2013 Eventin\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/01dce303f1fab51371215f21992679d9.jpg?s=32&d=mp&r=g)theviper17y\n\nMore Details ><\/p>\n

#### Eximius <= 2.2 - Authenticated (Subscriber+) Arbitrary File Upload\n\n8.8\n\nCVSS Rating \n**High (8.8)**\n\nCVE-ID \n**CVE-2025-26872**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 14, 2025**\n\n**Affected Software** \nEximius\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/f894d5600bcba5e947d6dde37a3cec1b.jpg?s=32&d=mp&r=g)stealthcopter\n\nMore Details ><\/p>\n

#### I Draw <= 1.0 - Authenticated (Author+) Arbitrary File Upload\n\n8.8\n\nCVSS Rating \n**High (8.8)**\n\nCVE-ID \n**CVE-2025-39436**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nI Draw\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/343456e443c863409724aa97bcfa6e3e.jpg?s=32&d=mp&r=g)johska\n\nMore Details ><\/p>\n

#### JetReviews <= 2.3.6 - Authenticated (Contributor+) Local File Inclusion\n\n8.8\n\nCVSS Rating \n**High (8.8)**\n\nCVE-ID \n**CVE-2025-39396**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 18, 2025**\n\n**Affected Software** \nJetReviews for Elementor\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/f894d5600bcba5e947d6dde37a3cec1b.jpg?s=32&d=mp&r=g)stealthcopter\n\nMore Details ><\/p>\n

#### MapSVG Lite <= 8.5.34 - Authenticated (Contributor+) Arbitrary File Upload\n\n8.8\n\nCVSS Rating \n**High (8.8)**\n\nCVE-ID \n**CVE-2025-32682**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 15, 2025**\n\n**Affected Software** \nMapSVG \u2013 Vector maps, Image maps, Google Maps\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/54d48d97cbd2b84eb914943109eb7d14.jpg?s=32&d=mp&r=g)Nguy\u1ec5n Trung Ki\u00ean\n\nMore Details ><\/p>\n

#### PDF 2 Post <= 2.4.0 - Authenticated (Subscriber+) Remote Code Execution\n\n8.8\n\nCVSS Rating \n**High (8.8)**\n\nCVE-ID \n**CVE-2025-32583**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 15, 2025**\n\n**Affected Software** \nPDF 2 Post\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/385d41daf781fbf4dbac2a1ff894d7fc.jpg?s=32&d=mp&r=g)Le Ngoc Anh\n\nMore Details ><\/p>\n

#### Question Answer <= 1.2.70 - Authenticated (Subscriber+) PHP Object Injection\n\n8.8\n\nCVSS Rating \n**High (8.8)**\n\nCVE-ID \n**CVE-2025-32647**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 14, 2025**\n\n**Affected Software** \nQuestion Answer\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g)LVT-tholv2k\n\nMore Details ><\/p>\n

#### Rating by BestWebSoft <= 1.7 - Authenticated (Subscriber+) PHP Object Injection\n\n8.8\n\nCVSS Rating \n**High (8.8)**\n\nCVE-ID \n**CVE-2025-39527**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nRating by BestWebSoft\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/385d41daf781fbf4dbac2a1ff894d7fc.jpg?s=32&d=mp&r=g)Le Ngoc Anh\n\nMore Details ><\/p>\n

#### Starfish Review Generation & Marketing <= 3.1.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update\n\n8.8\n\nCVSS Rating \n**High (8.8)**\n\nCVE-ID \n**CVE-2025-39533**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nStarfish Review Generation & Marketing for WordPress\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g)LVT-tholv2k\n\nMore Details ><\/p>\n

#### Subscribe to Unlock Lite <= 1.3.0 - Authenticated (Contributor+) Local File Inclusion\n\n8.8\n\nCVSS Rating \n**High (8.8)**\n\nCVE-ID \n**CVE-2025-39592**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nSubscribe to Unlock Lite \u2013 Opt In Content Locker Plugin for WordPress\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g)LVT-tholv2k\n\nMore Details ><\/p>\n

#### Team Members <= 3.4.1 - Authenticated (Contributor+) PHP Object Injection\n\n8.8\n\nCVSS Rating \n**High (8.8)**\n\nCVE-ID \n**CVE-2025-32686**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 15, 2025**\n\n**Affected Software** \nTeam Members \u2013 Best WordPress Team Plugin with Team Slider, Team Showcase & Team Builder\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/7b8cd550e860295a0dcf86632e3c79be.jpg?s=32&d=mp&r=g)Phat RiO - BlueRock\n\nMore Details ><\/p>\n

#### Testimonial Slider And Showcase Pro <= 2.1.7 - Authenticated (Subscriber+) Local File Inclusion\n\n8.8\n\nCVSS Rating \n**High (8.8)**\n\nCVE-ID \n**CVE-2025-32657**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 14, 2025**\n\n**Affected Software** \nTestimonial Slider And Showcase Pro\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g)LVT-tholv2k\n\nMore Details ><\/p>\n

#### TuriTop Booking System <= 1.0.10 - Authenticated (Subscriber+) PHP Object Injection\n\n8.8\n\nCVSS Rating \n**High (8.8)**\n\nCVE-ID \n**CVE-2025-32571**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 14, 2025**\n\n**Affected Software** \nTuriTop Booking System\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g)LVT-tholv2k\n\nMore Details ><\/p>\n

#### uListing <= 2.2.0 - Authenticated (Subscriber+) PHP Object Injection\n\n8.8\n\nCVSS Rating \n**High (8.8)**\n\nCVE-ID \n**CVE-2025-32662**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 15, 2025**\n\n**Affected Software** \nDirectory Listings WordPress plugin \u2013 uListing\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/7b8cd550e860295a0dcf86632e3c79be.jpg?s=32&d=mp&r=g)Phat RiO - BlueRock\n\nMore Details ><\/p>\n

#### WPAMS <= 44.0 (17-08-2023) - Authenticated (Subscriber+) Arbitrary File Upload\n\n8.8\n\nCVSS Rating \n**High (8.8)**\n\nCVE-ID \n**CVE-2025-39402**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nWPAMS - Apartment Management System for wordpress\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/15c7bc3e71963fdd7c656346bcf8b159.jpg?s=32&d=mp&r=g)Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac (truonghuuphuc)\n\nMore Details ><\/p>\n

#### WPAMS <= 44.0 (17-08-2023) - Authenticated (Subscriber+) Privilege Escalation\n\n8.8\n\nCVSS Rating \n**High (8.8)**\n\nCVE-ID \n**CVE-2025-39405**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nWPAMS - Apartment Management System for wordpress\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/11dfabc58a06f06c9123a7e17a41cecb.jpg?s=32&d=mp&r=g)Aiden (Th\u00e1i An)\n\nMore Details ><\/p>\n

#### WPCafe <= 2.2.32 - Authenticated (Contributor+) Local File Inclusion\n\n8.8\n\nCVSS Rating \n**High (8.8)**\n\nCVE-ID \n**CVE-2025-39452**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nWPCafe: Food Menu, Ordering, Reservation, and Delivery Solution \u2013 All in One Place!\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/01dce303f1fab51371215f21992679d9.jpg?s=32&d=mp&r=g)theviper17y\n\nMore Details ><\/p>\n

#### WPCOM Member <= 1.7.7 - Authenticated (Contributor+) Local File Inclusion\n\n8.8\n\nCVSS Rating \n**High (8.8)**\n\nCVE-ID \n**CVE-2025-39570**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nWPCOM Member\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g)astra.r3verii\n\nMore Details ><\/p>\n

#### Xelion Webchat <= 9.1.0 - Authenticated (Subscriber+) Privilege Escalation\n\n8.8\n\nCVSS Rating \n**High (8.8)**\n\nCVE-ID \n**CVE-2025-39542**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nXelion Webchat\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g)LVT-tholv2k\n\nMore Details ><\/p>\n

#### Avatar <= 0.1.4 - Authenticated (Subscriber+) Arbitrary File Deletion\n\n8.1\n\nCVSS Rating \n**High (8.1)**\n\nCVE-ID \n**CVE-2025-3520**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nAvatar\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/01dce303f1fab51371215f21992679d9.jpg?s=32&d=mp&r=g)theviper17y\n\nMore Details ><\/p>\n

#### CLEVER – HTML5 Radio Player With History – Shoutcast and Icecast – Elementor Widget Addon <= 2.4 - Unauthenticated Arbitrary File Read\n\n7.5\n\nCVSS Rating \n**High (7.5)**\n\nCVE-ID \n**CVE-2025-3103**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 18, 2025**\n\n**Affected Software** \nCLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/9d46e040922297c1834a9af4e8278abe.jpg?s=32&d=mp&r=g)khanhhnahk1\n\nMore Details ><\/p>\n

#### Cost Calculator Builder <= 3.2.65 - Unauthenticated SQL Injection\n\n7.5\n\nCVSS Rating \n**High (7.5)**\n\nCVE-ID \n**CVE-2025-39587**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nCost Calculator Builder\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/15c7bc3e71963fdd7c656346bcf8b159.jpg?s=32&d=mp&r=g)Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac (truonghuuphuc)\n\nMore Details ><\/p>\n

#### JobWP \u2013 Job Board, Job Listing, Career Page and Recruitment Plugin <= 2.3.9 - Unauthenticated SQL Injection\n\n7.5\n\nCVSS Rating \n**High (7.5)**\n\nCVE-ID \n**CVE-2025-2010**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 18, 2025**\n\n**Affected Software** \nJobWP \u2013 Job Board, Job Listing, Career Page and Recruitment Plugin\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/f894d5600bcba5e947d6dde37a3cec1b.jpg?s=32&d=mp&r=g)stealthcopter\n\nMore Details ><\/p>\n

#### JS Job Manager <= 2.0.2 - Unauthenticated SQL Injection\n\n7.5\n\nCVSS Rating \n**High (7.5)**\n\nCVE-ID \n**CVE-2025-32626**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 15, 2025**\n\n**Affected Software** \nJS Job Manager\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/15c7bc3e71963fdd7c656346bcf8b159.jpg?s=32&d=mp&r=g)Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac (truonghuuphuc)\n\nMore Details ><\/p>\n

#### Local Magic <= 2.6.0 - Unauthenticated SQL Injection\n\n7.5\n\nCVSS Rating \n**High (7.5)**\n\nCVE-ID \n**CVE-2025-32636**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 14, 2025**\n\n**Affected Software** \nLocal Magic\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g)LVT-tholv2k\n\nMore Details ><\/p>\n

#### Modal Survey <= 2.0.2.0.1 - Unauthenticated SQL Injection\n\n7.5\n\nCVSS Rating \n**High (7.5)**\n\nCVE-ID \n**CVE-2025-39471**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nmodal-survey\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g)Bonds\n\nMore Details ><\/p>\n

#### Office Locator <= 1.3.0 - Unauthenticated SQL Injection\n\n7.5\n\nCVSS Rating \n**High (7.5)**\n\nCVE-ID \n**CVE-2025-32665**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 15, 2025**\n\n**Affected Software** \nOffice Locator\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/15c7bc3e71963fdd7c656346bcf8b159.jpg?s=32&d=mp&r=g)Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac (truonghuuphuc)\n\nMore Details ><\/p>\n

#### Quentn WP <= 1.2.8 - Unauthenticated SQL Injection\n\n7.5\n\nCVSS Rating \n**High (7.5)**\n\nCVE-ID \n**CVE-2025-39595**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nQuentn WP\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/385d41daf781fbf4dbac2a1ff894d7fc.jpg?s=32&d=mp&r=g)Le Ngoc Anh\n\nMore Details ><\/p>\n

#### StoreContrl Woocommerce <= 4.1.3 - Unauthenticated Arbitrary File Download\n\n7.5\n\nCVSS Rating \n**High (7.5)**\n\nCVE-ID \n**CVE-2025-39568**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nStoreContrl Woocommerce\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g)astra.r3verii\n\nMore Details ><\/p>\n

#### Super Store Finder <= 7.2 - Unauthenticated SQL Injection\n\n7.5\n\nCVSS Rating \n**High (7.5)**\n\nCVE-ID \n**CVE-2025-39445**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nSuper Store Finder\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/54d48d97cbd2b84eb914943109eb7d14.jpg?s=32&d=mp&r=g)Nguy\u1ec5n Trung Ki\u00ean\n\nMore Details ><\/p>\n

#### Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin <= 2.10.1 - Unauthenticated Blind SQL Injection\n\n7.5\n\nCVSS Rating \n**High (7.5)**\n\nCVE-ID \n**Unknown**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nUltimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/faefcd06abcb00b4db5324b629c6424e.jpg?s=32&d=mp&r=g)Muhamad Visat\n\nMore Details ><\/p>\n

#### WP Headers And Footers <= 3.1.1 - Cross-Site Request Forgery to Arbitrary Options Update\n\n7.5\n\nCVSS Rating \n**High (7.5)**\n\nCVE-ID \n**CVE-2025-2111**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 18, 2025**\n\n**Affected Software** \nInsert Headers And Footers\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/80711f5dab8609bebef4ab99b37e869a.jpg?s=32&d=mp&r=g)Carlos Ferreira\n\nMore Details ><\/p>\n

#### WPAMS <= 44.0 (17-08-2023) - Unauthenticated SQL Injection\n\n7.5\n\nCVSS Rating \n**High (7.5)**\n\nCVE-ID \n**CVE-2025-39395**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nWPAMS - Apartment Management System for wordpress\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/11dfabc58a06f06c9123a7e17a41cecb.jpg?s=32&d=mp&r=g)Aiden (Th\u00e1i An)\n\nMore Details ><\/p>\n

#### Debug Log Manager <= 2.3.4 - Unauthenticated Stored Cross-Site Scripting\n\n7.2\n\nCVSS Rating \n**High (7.2)**\n\nCVE-ID \n**CVE-2025-3809**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 18, 2025**\n\n**Affected Software** \nDebug Log Manager\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/1c6327bca62253f0bec06a3d18c37f2a.jpg?s=32&d=mp&r=g)Yassine Neggaoui (Y45NG)\n\nMore Details ><\/p>\n

#### Kadence WooCommerce Email Designer <= 1.5.14 - Authenticated (Admin+) Arbitrary File Upload\n\n7.2\n\nCVSS Rating \n**High (7.2)**\n\nCVE-ID \n**CVE-2025-39557**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nKadence WooCommerce Email Designer\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g)Phan Trong Quan\n\nMore Details ><\/p>\n

#### MelaPress Login Security <= 2.1.0 - Authenticated (Administrator+) PHP Object Injection\n\n7.2\n\nCVSS Rating \n**High (7.2)**\n\nCVE-ID \n**CVE-2025-39565**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nMelaPress Login Security\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g)Phan Trong Quan\n\nMore Details ><\/p>\n

#### T&P Gallery Slider <= 1.2 - Unauthenticated Stored Cross-Site Scripting\n\n7.2\n\nCVSS Rating \n**High (7.2)**\n\nCVE-ID \n**CVE-2025-32527**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 14, 2025**\n\n**Affected Software** \nT&P Gallery Slider\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/b5bd58d8a8029c69877dc8a75d7889fd.jpg?s=32&d=mp&r=g)K\u00e9vin Mosbahi (Mika)\n\nMore Details ><\/p>\n

#### WP Editor <= 1.2.9.1 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Update\n\n7.2\n\nCVSS Rating \n**High (7.2)**\n\nCVE-ID \n**CVE-2025-3294**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nWP Editor\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/37cc74b0e1957fee81825154abeae540.jpg?s=32&d=mp&r=g)nquangit\n\nMore Details ><\/p>\n

#### WP-Advanced-Search <= 3.3.9.3 - Authenticated (Admin+) Arbitrary File Upload\n\n7.2\n\nCVSS Rating \n**High (7.2)**\n\nCVE-ID \n**CVE-2025-39538**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nWordPress WP-Advanced-Search\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/86a1429aeb8e473ec62cf8dd3d4e4571.jpg?s=32&d=mp&r=g)Nabil Irawan\n\nMore Details ><\/p>\n

#### Editor Wysiwyg Background Color <= 1.0 - Missing Authorization\n\n6.5\n\nCVSS Rating \n**Medium (6.5)**\n\nCVE-ID \n**CVE-2025-23958**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nEditor Wysiwyg Background Color\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/b5bd58d8a8029c69877dc8a75d7889fd.jpg?s=32&d=mp&r=g)K\u00e9vin Mosbahi (Mika)\n\nMore Details ><\/p>\n

#### KiotViet Sync <= 1.8.3 - Authenticated (Subscriber+) SQL Injection\n\n6.5\n\nCVSS Rating \n**Medium (6.5)**\n\nCVE-ID \n**CVE-2025-32573**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 15, 2025**\n\n**Affected Software** \nKiotViet Sync\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/385d41daf781fbf4dbac2a1ff894d7fc.jpg?s=32&d=mp&r=g)Le Ngoc Anh\n\nMore Details ><\/p>\n

#### ProfileGrid <= 5.9.4.8 - Authenticated (Subscriber+) SQL Injection\n\n6.5\n\nCVSS Rating \n**Medium (6.5)**\n\nCVE-ID \n**CVE-2025-39586**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nProfileGrid \u2013 User Profiles, Groups and Communities\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/15c7bc3e71963fdd7c656346bcf8b159.jpg?s=32&d=mp&r=g)Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac (truonghuuphuc)\n\nMore Details ><\/p>\n

#### Sign-up Sheets <= 2.3.0.1 - Unauthenticated Arbitrary Shortcode Execution\n\n6.5\n\nCVSS Rating \n**Medium (6.5)**\n\nCVE-ID \n**CVE-2025-26996**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 15, 2025**\n\n**Affected Software** \nSign-up Sheets\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g)Phan Trong Quan\n\nMore Details ><\/p>\n

#### Taskbuilder <= 4.0.1 - Authenticated (Subscriber+) SQL Injection\n\n6.5\n\nCVSS Rating \n**Medium (6.5)**\n\nCVE-ID \n**CVE-2025-39569**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nTaskbuilder \u2013 WordPress Project & Task Management plugin\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g)astra.r3verii\n\nMore Details ><\/p>\n

#### WP Tools <= 5.18 - Cross-Site Request Forgery to Arbitrary File Renaming\n\n6.5\n\nCVSS Rating \n**Medium (6.5)**\n\nCVE-ID \n**CVE-2025-39544**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nWP Tools Increase Maximum Limits, Repair, Server PHP Info, Javascript errors, File Permissions, Transients, Error Log\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g)chuck\n\nMore Details ><\/p>\n

#### WPAMS <= 44.0 (17-08-2023) - Authenticated (Subscriber+) SQL Injection\n\n6.5\n\nCVSS Rating \n**Medium (6.5)**\n\nCVE-ID \n**CVE-2025-39403**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nWPAMS - Apartment Management System for wordpress\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/11dfabc58a06f06c9123a7e17a41cecb.jpg?s=32&d=mp&r=g)Aiden (Th\u00e1i An)\n\nMore Details ><\/p>\n

#### Asgaros Forum <= 3.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting\n\n6.4\n\nCVSS Rating \n**Medium (6.4)**\n\nCVE-ID \n**CVE-2025-39514**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nAsgaros Forum\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/97a1f88460217867f45b925b3af1bb6a.jpg?s=32&d=mp&r=g)muhammad yudha\n\nMore Details ><\/p>\n

#### Attendance Manager <= 0.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting\n\n6.4\n\nCVSS Rating \n**Medium (6.4)**\n\nCVE-ID \n**CVE-2025-39515**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nAttendance Manager\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/97a1f88460217867f45b925b3af1bb6a.jpg?s=32&d=mp&r=g)muhammad yudha\n\nMore Details ><\/p>\n

#### Author WIP Progress Bar <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting\n\n6.4\n\nCVSS Rating \n**Medium (6.4)**\n\nCVE-ID \n**CVE-2025-39516**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nAuthor WIP Progress Bar\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/97a1f88460217867f45b925b3af1bb6a.jpg?s=32&d=mp&r=g)muhammad yudha\n\nMore Details ><\/p>\n

#### Betheme <= 28.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting\n\n6.4\n\nCVSS Rating \n**Medium (6.4)**\n\nCVE-ID \n**CVE-2025-3077**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 15, 2025**\n\n**Affected Software** \nBetheme\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/ef74f4dbe7907a62f177592f647c1afa.jpg?s=32&d=mp&r=g)Webbernaut\n\nMore Details ><\/p>\n

#### Checkout Files Upload for WooCommerce <= 2.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting\n\n6.4\n\nCVSS Rating \n**Medium (6.4)**\n\nCVE-ID \n**CVE-2025-39520**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nCheckout Files Upload for WooCommerce\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/97a1f88460217867f45b925b3af1bb6a.jpg?s=32&d=mp&r=g)muhammad yudha\n\nMore Details ><\/p>\n

#### Checkout for PayPal <= 1.0.38 - Authenticated (Contributor+) Stored Cross-Site Scripting\n\n6.4\n\nCVSS Rating \n**Medium (6.4)**\n\nCVE-ID \n**CVE-2025-39572**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nCheckout for PayPal\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/97a1f88460217867f45b925b3af1bb6a.jpg?s=32&d=mp&r=g)muhammad yudha\n\nMore Details ><\/p>\n

#### Church Admin <= 5.0.23 - Authenticated (Contributor+) Stored Cross-Site Scripting\n\n6.4\n\nCVSS Rating \n**Medium (6.4)**\n\nCVE-ID \n**CVE-2025-39555**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nChurch Admin\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/4c2bd6964b38518385c4e8d1791fd762.jpg?s=32&d=mp&r=g)zaim\n\nMore Details ><\/p>\n

#### Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) <= 5.10.28 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting\n\n6.4\n\nCVSS Rating \n**Medium (6.4)**\n\nCVE-ID \n**CVE-2025-1457**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 18, 2025**\n\n**Affected Software** \nElement Pack Addons for Elementor \u2013 Best Elementor addons with Ready Templates, Blocks, Widgets and WooCommerce Builder\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/ef74f4dbe7907a62f177592f647c1afa.jpg?s=32&d=mp&r=g)Webbernaut\n\nMore Details ><\/p>\n

#### Essential Addons for Elementor <= 6.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting\n\n6.4\n\nCVSS Rating \n**Medium (6.4)**\n\nCVE-ID \n**CVE-2025-39590**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nEssential Addons for Elementor \u2013 Popular Elementor Addon With Ready Templates, Advanced Widgets, Kits & WooCommerce Builders\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/f894d5600bcba5e947d6dde37a3cec1b.jpg?s=32&d=mp&r=g)stealthcopter\n\nMore Details ><\/p>\n

#### Fluent Forms <= 6.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting\n\n6.4\n\nCVSS Rating \n**Medium (6.4)**\n\nCVE-ID \n**CVE-2025-3615**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nFluent Forms \u2013 Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/e4a8b174c9f284d94094cf7722e1ec31.jpg?s=32&d=mp&r=g)Asaf Mozes\n\nMore Details ><\/p>\n

#### Forminator <= 1.42.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'limit'\n\n6.4\n\nCVSS Rating \n**Medium (6.4)**\n\nCVE-ID \n**CVE-2025-3487**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nForminator Forms \u2013 Contact Form, Payment Form & Custom Form Builder\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/e4a8b174c9f284d94094cf7722e1ec31.jpg?s=32&d=mp&r=g)Asaf Mozes\n\nMore Details ><\/p>\n

#### Html5 Audio Player <= 2.2.28 - Authenticated (Contributor+) Stored Cross-Site Scripting\n\n6.4\n\nCVSS Rating \n**Medium (6.4)**\n\nCVE-ID \n**CVE-2025-39524**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nHTML5 Audio Player- Best WordPress Audio Player Plugin\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/97a1f88460217867f45b925b3af1bb6a.jpg?s=32&d=mp&r=g)muhammad yudha\n\nMore Details ><\/p>\n

#### JetElements For Elementor <= 2.7.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting\n\n6.4\n\nCVSS Rating \n**Medium (6.4)**\n\nCVE-ID \n**CVE-2025-39448**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nJetElements\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/f894d5600bcba5e947d6dde37a3cec1b.jpg?s=32&d=mp&r=g)stealthcopter\n\nMore Details ><\/p>\n

#### JetTabs <= 2.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting\n\n6.4\n\nCVSS Rating \n**Medium (6.4)**\n\nCVE-ID \n**CVE-2025-39450**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nJetTabs for Elementor\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/f894d5600bcba5e947d6dde37a3cec1b.jpg?s=32&d=mp&r=g)stealthcopter\n\nMore Details ><\/p>\n

#### LA-Studio Element Kit for Elementor <= 1.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Table of Contents Widget\n\n6.4\n\nCVSS Rating \n**Medium (6.4)**\n\nCVE-ID \n**CVE-2025-3106**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nLA-Studio Element Kit for Elementor\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/ef74f4dbe7907a62f177592f647c1afa.jpg?s=32&d=mp&r=g)Webbernaut\n\nMore Details ><\/p>\n

#### Logo Carousel Gutenberg Block <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via sliderId Parameter\n\n6.4\n\nCVSS Rating \n**Medium (6.4)**\n\nCVE-ID \n**CVE-2025-2083**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 14, 2025**\n\n**Affected Software** \nLogo Carousel Gutenberg Block\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/258c774aecd81b7d1fa67abf3b576b33.jpg?s=32&d=mp&r=g)Peter Thaleikis\n\nMore Details ><\/p>\n

#### Logo Carousel Slider <= 2.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting\n\n6.4\n\nCVSS Rating \n**Medium (6.4)**\n\nCVE-ID \n**CVE-2025-39525**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nLogo Carousel Slider\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/97a1f88460217867f45b925b3af1bb6a.jpg?s=32&d=mp&r=g)muhammad yudha\n\nMore Details ><\/p>\n

#### Membership For WooCommerce <= 2.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting\n\n6.4\n\nCVSS Rating \n**Medium (6.4)**\n\nCVE-ID \n**CVE-2025-39579**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nMembership For WooCommerce\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/4c2bd6964b38518385c4e8d1791fd762.jpg?s=32&d=mp&r=g)zaim\n\nMore Details ><\/p>\n

#### Most And Least Read Posts Widget <= 2.5.20 - Authenticated (Contributor+) Stored Cross-Site Scripting\n\n6.4\n\nCVSS Rating \n**Medium (6.4)**\n\nCVE-ID \n**CVE-2025-39549**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nMost And Least Read Posts Widget\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/97a1f88460217867f45b925b3af1bb6a.jpg?s=32&d=mp&r=g)muhammad yudha\n\nMore Details ><\/p>\n

#### Piotnet Addons For Elementor <= 2.4.34 - Authenticated (Contributor+) Stored Cross-Site Scripting\n\n6.4\n\nCVSS Rating \n**Medium (6.4)**\n\nCVE-ID \n**CVE-2024-13650**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nPiotnet Addons For Elementor\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/a964068aac6d7229783a0ea643877251.jpg?s=32&d=mp&r=g)zer0gh0st\n\nMore Details ><\/p>\n

#### PropertyHive <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting\n\n6.4\n\nCVSS Rating \n**Medium (6.4)**\n\nCVE-ID \n**CVE-2025-39577**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nProperty Hive\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/97a1f88460217867f45b925b3af1bb6a.jpg?s=32&d=mp&r=g)muhammad yudha\n\nMore Details ><\/p>\n

#### Rescue Shortcodes <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting\n\n6.4\n\nCVSS Rating \n**Medium (6.4)**\n\nCVE-ID \n**CVE-2025-39528**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nRescue Shortcodes\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/97a1f88460217867f45b925b3af1bb6a.jpg?s=32&d=mp&r=g)muhammad yudha\n\nMore Details ><\/p>\n

#### Responsive Addons for Elementor \u2013 Free Elementor Addons Plugin and Elementor Templates <= 1.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'rael_title_tag'\n\n6.4\n\nCVSS Rating \n**Medium (6.4)**\n\nCVE-ID \n**CVE-2025-2225**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 14, 2025**\n\n**Affected Software** \nResponsive Addons for Elementor \u2013 Free Elementor Addons Plugin and Elementor Templates\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/eb428a7b41bcec038cb1bd520e1bc384.jpg?s=32&d=mp&r=g)Prissy\n\nMore Details ><\/p>\n

#### Responsive Blocks <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting\n\n6.4\n\nCVSS Rating \n**Medium (6.4)**\n\nCVE-ID \n**CVE-2025-39578**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nResponsive Blocks \u2013 WordPress Gutenberg Blocks\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/4c2bd6964b38518385c4e8d1791fd762.jpg?s=32&d=mp&r=g)zaim\n\nMore Details ><\/p>\n

#### Royal Elementor Addons <= 1.3.977 - Authenticated (Contributor+) Stored Cross-Site Scripting\n\n6.4\n\nCVSS Rating \n**Medium (6.4)**\n\nCVE-ID \n**CVE-2025-39543**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nRoyal Elementor Addons and Templates\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/f894d5600bcba5e947d6dde37a3cec1b.jpg?s=32&d=mp&r=g)stealthcopter\n\nMore Details ><\/p>\n

#### SB Chart block <= 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via className Parameter\n\n6.4\n\nCVSS Rating \n**Medium (6.4)**\n\nCVE-ID \n**CVE-2025-3661**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 18, 2025**\n\n**Affected Software** \nSB Chart block\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/258c774aecd81b7d1fa67abf3b576b33.jpg?s=32&d=mp&r=g)Peter Thaleikis\n\nMore Details ><\/p>\n

#### Scriptless Social Sharing <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting\n\n6.4\n\nCVSS Rating \n**Medium (6.4)**\n\nCVE-ID \n**CVE-2025-39529**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nScriptless Social Sharing\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/97a1f88460217867f45b925b3af1bb6a.jpg?s=32&d=mp&r=g)muhammad yudha\n\nMore Details ><\/p>\n

#### Themesflat Addons For Elementor <= 2.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting\n\n6.4\n\nCVSS Rating \n**Medium (6.4)**\n\nCVE-ID \n**CVE-2025-3275**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 18, 2025**\n\n**Affected Software** \nThemesflat Addons For Elementor\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/ef74f4dbe7907a62f177592f647c1afa.jpg?s=32&d=mp&r=g)Webbernaut\n\nMore Details ><\/p>\n

#### Themify Shortcodes <= 2.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting\n\n6.4\n\nCVSS Rating \n**Medium (6.4)**\n\nCVE-ID \n**CVE-2025-39581**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nThemify Shortcodes\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/258c774aecd81b7d1fa67abf3b576b33.jpg?s=32&d=mp&r=g)Peter Thaleikis\n\nMore Details ><\/p>\n

#### Travelfic Toolkit <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting\n\n6.4\n\nCVSS Rating \n**Medium (6.4)**\n\nCVE-ID \n**CVE-2025-39585**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nTourfic Toolkit\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/585bd77d4bbe100a43b04223fd09a74f.jpg?s=32&d=mp&r=g)Jo\u00e3o Pedro Soares de Alc\u00e2ntara\n\nMore Details ><\/p>\n

#### Uix Shortcodes <= 2.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting\n\n6.4\n\nCVSS Rating \n**Medium (6.4)**\n\nCVE-ID \n**CVE-2025-39574**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nUix Shortcodes\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/97a1f88460217867f45b925b3af1bb6a.jpg?s=32&d=mp&r=g)muhammad yudha\n\nMore Details ><\/p>\n

#### User Profile Builder \u2013 Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.13.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode\n\n6.4\n\nCVSS Rating \n**Medium (6.4)**\n\nCVE-ID \n**CVE-2025-2314**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 15, 2025**\n\n**Affected Software** \nUser Profile Builder \u2013 Beautiful User Registration Forms, User Profiles & User Role Editor\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/97a1f88460217867f45b925b3af1bb6a.jpg?s=32&d=mp&r=g)muhammad yudha\n\nMore Details ><\/p>\n

#### WP Data Access <= 5.5.36 - Authenticated (Contributor+) Stored Cross-Site Scripting\n\n6.4\n\nCVSS Rating \n**Medium (6.4)**\n\nCVE-ID \n**CVE-2025-39582**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nWP Data Access \u2013 App, Table, Form, Chart & Map Builder plugin\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/258c774aecd81b7d1fa67abf3b576b33.jpg?s=32&d=mp&r=g)Peter Thaleikis\n\nMore Details ><\/p>\n

#### WP Flipclock <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting\n\n6.4\n\nCVSS Rating \n**Medium (6.4)**\n\nCVE-ID \n**CVE-2025-39540**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nWP Flipclock\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/01dce303f1fab51371215f21992679d9.jpg?s=32&d=mp&r=g)theviper17y\n\nMore Details ><\/p>\n

#### WP Posts Carousel <= 1.3.10 - Authenticated (Contributor+) Stored Cross-Site Scripting\n\n6.4\n\nCVSS Rating \n**Medium (6.4)**\n\nCVE-ID \n**CVE-2025-39573**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nWP Posts Carousel\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/97a1f88460217867f45b925b3af1bb6a.jpg?s=32&d=mp&r=g)muhammad yudha\n\nMore Details ><\/p>\n

#### WPAdverts <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting\n\n6.4\n\nCVSS Rating \n**Medium (6.4)**\n\nCVE-ID \n**CVE-2025-39576**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nWPAdverts \u2013 Classifieds Plugin\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/97a1f88460217867f45b925b3af1bb6a.jpg?s=32&d=mp&r=g)muhammad yudha\n\nMore Details ><\/p>\n

#### WPCasa <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting\n\n6.4\n\nCVSS Rating \n**Medium (6.4)**\n\nCVE-ID \n**CVE-2025-39575**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nWPCasa\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/97a1f88460217867f45b925b3af1bb6a.jpg?s=32&d=mp&r=g)muhammad yudha\n\nMore Details ><\/p>\n

#### Add to Header <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting\n\n6.1\n\nCVSS Rating \n**Medium (6.1)**\n\nCVE-ID \n**CVE-2025-39423**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nAdd to Header\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/343456e443c863409724aa97bcfa6e3e.jpg?s=32&d=mp&r=g)johska\n\nMore Details ><\/p>\n

#### AdminQuickbar <= 1.9.1 - Reflected Cross-Site Scripting\n\n6.1\n\nCVSS Rating \n**Medium (6.1)**\n\nCVE-ID \n**CVE-2025-39464**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nAdminQuickbar\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/f1b68a12f61846b7fbcd7f1338106a1f.jpg?s=32&d=mp&r=g)Dimas Maulana\n\nMore Details ><\/p>\n

#### All push notification for WP <= 1.5.3 - Reflected Cross-Site Scripting\n\n6.1\n\nCVSS Rating \n**Medium (6.1)**\n\nCVE-ID \n**CVE-2025-32546**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 14, 2025**\n\n**Affected Software** \nAll push notification for WP\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/2a1b4c1c638eb4f66b0677e71058a830.jpg?s=32&d=mp&r=g)0xd4rk5id3\n\nMore Details ><\/p>\n

#### Amazon Showcase WordPress Plugin <= 2.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting\n\n6.1\n\nCVSS Rating \n**Medium (6.1)**\n\nCVE-ID \n**CVE-2025-39431**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nAmazon Showcase WordPress Plugin\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/343456e443c863409724aa97bcfa6e3e.jpg?s=32&d=mp&r=g)johska\n\nMore Details ><\/p>\n

#### Arigato Autoresponder and Newsletter <= 2.7.2.4 - Reflected Cross-Site Scripting\n\n6.1\n\nCVSS Rating \n**Medium (6.1)**\n\nCVE-ID \n**CVE-2025-39594**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nArigato Autoresponder and Newsletter\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/385d41daf781fbf4dbac2a1ff894d7fc.jpg?s=32&d=mp&r=g)Le Ngoc Anh\n\nMore Details ><\/p>\n

#### Booster Plus for WooCommerce <= 7.2.4 - Reflected Cross-Site Scripting\n\n6.1\n\nCVSS Rating \n**Medium (6.1)**\n\nCVE-ID \n**CVE-2025-39446**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nBooster Plus for WooCommerce\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/15c7bc3e71963fdd7c656346bcf8b159.jpg?s=32&d=mp&r=g)Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac (truonghuuphuc)\n\nMore Details ><\/p>\n

#### Broken Links Remover <= 1.2.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting\n\n6.1\n\nCVSS Rating \n**Medium (6.1)**\n\nCVE-ID \n**CVE-2025-39440**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nBroken Links Remover\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/343456e443c863409724aa97bcfa6e3e.jpg?s=32&d=mp&r=g)johska\n\nMore Details ><\/p>\n

#### BruteGuard \u2013 Brute Force Login Protection <= 0.1.4 - Reflected Cross-Site Scripting\n\n6.1\n\nCVSS Rating \n**Medium (6.1)**\n\nCVE-ID \n**CVE-2025-39408**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nBruteGuard \u2013 Brute Force Login Protection\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/2a1b4c1c638eb4f66b0677e71058a830.jpg?s=32&d=mp&r=g)0xd4rk5id3\n\nMore Details ><\/p>\n

#### Bulk Page Stub Creator <= 1.1 - Reflected Cross-Site Scripting\n\n6.1\n\nCVSS Rating \n**Medium (6.1)**\n\nCVE-ID \n**CVE-2025-39519**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nBulk Page Stub Creator\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/e37bf2a629b6924efb95f289b0a7f7e4.jpg?s=32&d=mp&r=g)Nguyen Xuan Chien\n\nMore Details ><\/p>\n

#### Contact Form by Supsystic <= 1.7.29 - Cross-Site Request Forgery to Stored Cross-Site Scripting via saveAsCopy AJAX Action\n\n6.1\n\nCVSS Rating \n**Medium (6.1)**\n\nCVE-ID \n**CVE-2024-13452**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 15, 2025**\n\n**Affected Software** \nContact Form by Supsystic\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/b20f9553188fa04cbd937e5df1e718af.jpg?s=32&d=mp&r=g)Tim Coen\n\nMore Details ><\/p>\n

#### Contact Form vCard Generator <= 2.4 - Reflected Cross-Site Scripting\n\n6.1\n\nCVSS Rating \n**Medium (6.1)**\n\nCVE-ID \n**CVE-2025-39521**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nContact Form vCard Generator\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/e37bf2a629b6924efb95f289b0a7f7e4.jpg?s=32&d=mp&r=g)Nguyen Xuan Chien\n\nMore Details ><\/p>\n

#### Coupon Affiliates \u2013 Affiliate Plugin for WooCommerce <= 6.3.0 - Reflected Cross-Site Scripting via 'commission_summary' Parameter\n\n6.1\n\nCVSS Rating \n**Medium (6.1)**\n\nCVE-ID \n**CVE-2025-3598**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nCoupon Affiliates \u2013 Affiliate Plugin for WooCommerce\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/14c9ac0f163cbf6d8b0f77fce5836577.jpg?s=32&d=mp&r=g)wesley (wcraft)\n\nMore Details ><\/p>\n

#### Course Booking System <= 6.1 - Reflected Cross-Site Scripting\n\n6.1\n\nCVSS Rating \n**Medium (6.1)**\n\nCVE-ID \n**CVE-2025-32508**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 14, 2025**\n\n**Affected Software** \nCourse Booking System\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g)LVT-tholv2k\n\nMore Details ><\/p>\n

#### CRM Perks <= 1.1.7 - Reflected Cross-Site Scripting\n\n6.1\n\nCVSS Rating \n**Medium (6.1)**\n\nCVE-ID \n**CVE-2025-39558**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nCRM Perks \u2013 WordPress HelpDesk Integration \u2013 Zendesk, Freshdesk, HelpScout\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/2a1b4c1c638eb4f66b0677e71058a830.jpg?s=32&d=mp&r=g)0xd4rk5id3\n\nMore Details ><\/p>\n

#### CRUDLab Scroll to Top <= 1.0.1 - Reflected Cross-Site Scripting\n\n6.1\n\nCVSS Rating \n**Medium (6.1)**\n\nCVE-ID \n**CVE-2025-22774**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 14, 2025**\n\n**Affected Software** \nCRUDLab Scroll to Top\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/585bd77d4bbe100a43b04223fd09a74f.jpg?s=32&d=mp&r=g)Jo\u00e3o Pedro Soares de Alc\u00e2ntara\n\nMore Details ><\/p>\n

#### Dashboard Notepads <= 1.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting\n\n6.1\n\nCVSS Rating \n**Medium (6.1)**\n\nCVE-ID \n**CVE-2025-39441**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nDashboard Notepads\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/343456e443c863409724aa97bcfa6e3e.jpg?s=32&d=mp&r=g)johska\n\nMore Details ><\/p>\n

#### Event Espresso \u2013 Custom Email Template Shortcode <= 1.0.0 - Reflected Cross-Site Scripting\n\n6.1\n\nCVSS Rating \n**Medium (6.1)**\n\nCVE-ID \n**CVE-2025-32507**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 14, 2025**\n\n**Affected Software** \nEvent Espresso \u2013 Custom Email Template Shortcode\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/585bd77d4bbe100a43b04223fd09a74f.jpg?s=32&d=mp&r=g)Jo\u00e3o Pedro Soares de Alc\u00e2ntara\n\nMore Details ><\/p>\n

#### Fast eBay Listings <= 2.12.15 - Open Redirect\n\n6.1\n\nCVSS Rating \n**Medium (6.1)**\n\nCVE-ID \n**CVE-2025-39597**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nFast eBay Listings\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/e37bf2a629b6924efb95f289b0a7f7e4.jpg?s=32&d=mp&r=g)Nguyen Xuan Chien\n\nMore Details ><\/p>\n

#### Feedify \u2013 Web Push Notifications <= 2.4.5 - Reflected Cross-Site Scripting\n\n6.1\n\nCVSS Rating \n**Medium (6.1)**\n\nCVE-ID \n**CVE-2025-32540**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 15, 2025**\n\n**Affected Software** \nFeedify \u2013 Web Push Notifications\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/585bd77d4bbe100a43b04223fd09a74f.jpg?s=32&d=mp&r=g)Jo\u00e3o Pedro Soares de Alc\u00e2ntara\n\nMore Details ><\/p>\n

#### GoodBarber <= 1.0.26 - Open Redirect\n\n6.1\n\nCVSS Rating \n**Medium (6.1)**\n\nCVE-ID \n**CVE-2025-39523**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nGoodBarber\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/385d41daf781fbf4dbac2a1ff894d7fc.jpg?s=32&d=mp&r=g)Le Ngoc Anh\n\nMore Details ><\/p>\n

#### Hive Support <= 1.2.2 - Reflected Cross-Site Scripting\n\n6.1\n\nCVSS Rating \n**Medium (6.1)**\n\nCVE-ID \n**CVE-2025-32666**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 15, 2025**\n\n**Affected Software** \nHive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/15c7bc3e71963fdd7c656346bcf8b159.jpg?s=32&d=mp&r=g)Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac (truonghuuphuc)\n\nMore Details ><\/p>\n

#### Internal Link Optimiser <= 5.1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting\n\n6.1\n\nCVSS Rating \n**Medium (6.1)**\n\nCVE-ID \n**CVE-2025-39547**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nWordPress Internal Link Optimiser\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/343456e443c863409724aa97bcfa6e3e.jpg?s=32&d=mp&r=g)johska\n\nMore Details ><\/p>\n

#### KiotViet Sync <= 1.8.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting\n\n6.1\n\nCVSS Rating \n**Medium (6.1)**\n\nCVE-ID \n**CVE-2025-39381**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 18, 2025**\n\n**Affected Software** \nKiotViet Sync\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/e37bf2a629b6924efb95f289b0a7f7e4.jpg?s=32&d=mp&r=g)Nguyen Xuan Chien\n\nMore Details ><\/p>\n

#### Landing Page Cat <= 1.7.8 - Reflected Cross-Site Scripting\n\n6.1\n\nCVSS Rating \n**Medium (6.1)**\n\nCVE-ID \n**CVE-2025-26992**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 14, 2025**\n\n**Affected Software** \nLanding Page Cat \u2013 Coming Soon Page, Maintenance Page & Squeeze Pages\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/e37bf2a629b6924efb95f289b0a7f7e4.jpg?s=32&d=mp&r=g)Nguyen Xuan Chien\n\nMore Details ><\/p>\n

#### Listdom <= 4.0.0 - Open Redirect\n\n6.1\n\nCVSS Rating \n**Medium (6.1)**\n\nCVE-ID \n**CVE-2025-39599**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nListdom \u2013 Business Directory and Classified Ads Listings WordPress Plugin\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/e37bf2a629b6924efb95f289b0a7f7e4.jpg?s=32&d=mp&r=g)Nguyen Xuan Chien\n\nMore Details ><\/p>\n

#### Memberpress <= 1.11.37 - Reflected Cross-Site Scripting\n\n6.1\n\nCVSS Rating \n**Medium (6.1)**\n\nCVE-ID \n**CVE-2025-39407**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nMemberpress\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/2a1b4c1c638eb4f66b0677e71058a830.jpg?s=32&d=mp&r=g)0xd4rk5id3\n\nMore Details ><\/p>\n

#### MemberPress Discord Addon <= 1.1.1 - Reflected Cross-Site Scripting\n\n6.1\n\nCVSS Rating \n**Medium (6.1)**\n\nCVE-ID \n**CVE-2025-32605**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 14, 2025**\n\n**Affected Software** \nSell access, Automate, and add Engaging Exclusive Discord Access: Introducing the MemberPress Discord Addon \u2014 Elevate Your Community!\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/2a1b4c1c638eb4f66b0677e71058a830.jpg?s=32&d=mp&r=g)0xd4rk5id3\n\nMore Details ><\/p>\n

#### Modal Survey <= 2.0.2.0.1 - Reflected Cross-Site Scripting\n\n6.1\n\nCVSS Rating \n**Medium (6.1)**\n\nCVE-ID \n**CVE-2025-39469**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nmodal-survey\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g)Bonds\n\nMore Details ><\/p>\n

#### Movylo Marketing Automation <= 2.0.7 - Reflected Cross-Site Scripting\n\n6.1\n\nCVSS Rating \n**Medium (6.1)**\n\nCVE-ID \n**CVE-2025-32608**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 14, 2025**\n\n**Affected Software** \nMovylo Marketing Automation\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/2a1b4c1c638eb4f66b0677e71058a830.jpg?s=32&d=mp&r=g)0xd4rk5id3\n\nMore Details ><\/p>\n

#### My Marginalia <= 1.0.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting\n\n6.1\n\nCVSS Rating \n**Medium (6.1)**\n\nCVE-ID \n**CVE-2025-39435**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nMy Marginalia\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/343456e443c863409724aa97bcfa6e3e.jpg?s=32&d=mp&r=g)johska\n\nMore Details ><\/p>\n

#### Nomupay Payment Processing Gateway <= 7.1.6 - Reflected Cross-Site Scripting\n\n6.1\n\nCVSS Rating \n**Medium (6.1)**\n\nCVE-ID \n**CVE-2025-32513**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 14, 2025**\n\n**Affected Software** \nTotal processing card payments for WooCommerce\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/585bd77d4bbe100a43b04223fd09a74f.jpg?s=32&d=mp&r=g)Jo\u00e3o Pedro Soares de Alc\u00e2ntara\n\nMore Details ><\/p>\n

#### OTP-less one tap Sign in <= 2.0.58 - Reflected Cross-Site Scripting\n\n6.1\n\nCVSS Rating \n**Medium (6.1)**\n\nCVE-ID \n**CVE-2025-32622**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 14, 2025**\n\n**Affected Software** \nOTP-less one tap Sign in\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/2a1b4c1c638eb4f66b0677e71058a830.jpg?s=32&d=mp&r=g)0xd4rk5id3\n\nMore Details ><\/p>\n

#### Revision Diet <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting\n\n6.1\n\nCVSS Rating \n**Medium (6.1)**\n\nCVE-ID \n**CVE-2025-39419**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nRevision Diet\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/343456e443c863409724aa97bcfa6e3e.jpg?s=32&d=mp&r=g)johska\n\nMore Details ><\/p>\n

#### Right Click Disable OR Ban <= 1.1.17 - Cross-Site Request Forgery to Stored Cross-Site Scripting\n\n6.1\n\nCVSS Rating \n**Medium (6.1)**\n\nCVE-ID \n**CVE-2025-39548**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nRight Click Disable OR Ban\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/343456e443c863409724aa97bcfa6e3e.jpg?s=32&d=mp&r=g)johska\n\nMore Details ><\/p>\n

#### RSS Manager <= 0.06 - Cross-Site Request Forgery to Stored Cross-Site Scripting\n\n6.1\n\nCVSS Rating \n**Medium (6.1)**\n\nCVE-ID \n**CVE-2025-39418**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nRSS Manager\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/343456e443c863409724aa97bcfa6e3e.jpg?s=32&d=mp&r=g)johska\n\nMore Details ><\/p>\n

#### Run Contests, Raffles, and Giveaways with ContestsWP <= 2.0.6 - Reflected Cross-Site Scripting\n\n6.1\n\nCVSS Rating \n**Medium (6.1)**\n\nCVE-ID \n**CVE-2025-32634**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 15, 2025**\n\n**Affected Software** \nRun Contests, Raffles, and Giveaways with ContestsWP\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/585bd77d4bbe100a43b04223fd09a74f.jpg?s=32&d=mp&r=g)Jo\u00e3o Pedro Soares de Alc\u00e2ntara\n\nMore Details ><\/p>\n

#### Sassy Social Share <= 3.3.73 - Open Redirect\n\n6.1\n\nCVSS Rating \n**Medium (6.1)**\n\nCVE-ID \n**CVE-2025-39404**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nSocial Sharing Plugin \u2013 Sassy Social Share\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g)Affan Ali\n\nMore Details ><\/p>\n

#### ShopApper <= 0.4.39 - Unauthenticated Stored Cross-Site Scripting\n\n6.1\n\nCVSS Rating \n**Medium (6.1)**\n\nCVE-ID \n**CVE-2025-32638**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 14, 2025**\n\n**Affected Software** \nShopApper: Mobile App for WooCommerce\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/f894d5600bcba5e947d6dde37a3cec1b.jpg?s=32&d=mp&r=g)stealthcopter\n\nMore Details ><\/p>\n

#### Site Search 360 <= 2.1.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting\n\n6.1\n\nCVSS Rating \n**Medium (6.1)**\n\nCVE-ID \n**CVE-2025-39530**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nSite Search 360\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/e37bf2a629b6924efb95f289b0a7f7e4.jpg?s=32&d=mp&r=g)Nguyen Xuan Chien\n\nMore Details ><\/p>\n

#### Social Media Links <= 1.0.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting\n\n6.1\n\nCVSS Rating \n**Medium (6.1)**\n\nCVE-ID \n**CVE-2025-39415**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nSocial Media Links\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/343456e443c863409724aa97bcfa6e3e.jpg?s=32&d=mp&r=g)johska\n\nMore Details ><\/p>\n

#### spam-stopper <= 3.1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting\n\n6.1\n\nCVSS Rating \n**Medium (6.1)**\n\nCVE-ID \n**CVE-2025-39414**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nspam-stopper\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/343456e443c863409724aa97bcfa6e3e.jpg?s=32&d=mp&r=g)johska\n\nMore Details ><\/p>\n

#### TableOn \u2013 WordPress Posts Table Filterable <= 1.0.3 - Unauthenticated Stored Cross-Site Scripting\n\n6.1\n\nCVSS Rating \n**Medium (6.1)**\n\nCVE-ID \n**CVE-2025-32592**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 14, 2025**\n\n**Affected Software** \nTableOn \u2013 WordPress Posts Table Filterable \n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g)Abdi Pranata\n\nMore Details ><\/p>\n

#### Tourmaster < 5.4.1 - Reflected Cross-Site Scripting\n\n6.1\n\nCVSS Rating \n**Medium (6.1)**\n\nCVE-ID \n**CVE-2025-32923**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 15, 2025**\n\n**Affected Software** \nTour Master - Tour Booking, Travel, Hotel\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g)Bonds\n\nMore Details ><\/p>\n

#### translit it! <= 1.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting\n\n6.1\n\nCVSS Rating \n**Medium (6.1)**\n\nCVE-ID \n**CVE-2025-39416**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \ntranslit it!\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/343456e443c863409724aa97bcfa6e3e.jpg?s=32&d=mp&r=g)johska\n\nMore Details ><\/p>\n

#### Verowa Connect <= 3.0.4 - Reflected Cross-Site Scripting\n\n6.1\n\nCVSS Rating \n**Medium (6.1)**\n\nCVE-ID \n**CVE-2025-32609**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 14, 2025**\n\n**Affected Software** \nVerowa Connect\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/2a1b4c1c638eb4f66b0677e71058a830.jpg?s=32&d=mp&r=g)0xd4rk5id3\n\nMore Details ><\/p>\n

#### Web Directory Free <= 1.7.8 - Reflected Cross-Site Scripting\n\n6.1\n\nCVSS Rating \n**Medium (6.1)**\n\nCVE-ID \n**CVE-2025-39567**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nWeb Directory Free\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g)astra.r3verii\n\nMore Details ><\/p>\n

#### WooMS <= 9.12 - Reflected Cross-Site Scripting\n\n6.1\n\nCVSS Rating \n**Medium (6.1)**\n\nCVE-ID \n**CVE-2025-32602**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 15, 2025**\n\n**Affected Software** \nWooMS\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/2a1b4c1c638eb4f66b0677e71058a830.jpg?s=32&d=mp&r=g)0xd4rk5id3\n\nMore Details ><\/p>\n

#### WordPress Video Robot – The Ultimate Video Importer <= 1.20.0 - Reflected Cross-Site Scripting\n\n6.1\n\nCVSS Rating \n**Medium (6.1)**\n\nCVE-ID \n**CVE-2025-39409**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nWordPress Video Robot - The Ultimate Video Importer\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g)Bonds\n\nMore Details ><\/p>\n

#### WP Donate <= 2.0 - Unauthenticated Stored Cross-Site Scripting\n\n6.1\n\nCVSS Rating \n**Medium (6.1)**\n\nCVE-ID \n**CVE-2025-32637**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 15, 2025**\n\n**Affected Software** \nWP Donate\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/343456e443c863409724aa97bcfa6e3e.jpg?s=32&d=mp&r=g)johska\n\nMore Details ><\/p>\n

#### WP_DEBUG Toggle <= 1.1 - Reflected Cross-Site Scripting\n\n6.1\n\nCVSS Rating \n**Medium (6.1)**\n\nCVE-ID \n**CVE-2025-32561**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 14, 2025**\n\n**Affected Software** \nWP_DEBUG Toggle\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/c14731a0f8a0d24cbda30f561fc03441.jpg?s=32&d=mp&r=g)SOPROBRO\n\nMore Details ><\/p>\n

#### WPAMS <= 44.0 (17-08-2023) - Unauthenticated Stored Cross-Site Scripting\n\n6.1\n\nCVSS Rating \n**Medium (6.1)**\n\nCVE-ID \n**CVE-2025-39392**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nWPAMS - Apartment Management System for wordpress\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/11dfabc58a06f06c9123a7e17a41cecb.jpg?s=32&d=mp&r=g)Aiden (Th\u00e1i An)\n\nMore Details ><\/p>\n

#### ZooEffect <= 1.11 - Reflected Cross-Site Scripting\n\n6.1\n\nCVSS Rating \n**Medium (6.1)**\n\nCVE-ID \n**CVE-2025-26954**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 14, 2025**\n\n**Affected Software** \nZooEffect Plugin for Video player, Photo Gallery Slideshow jQuery and audio \/ music \/ podcast \u2013 HTML5\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/f1b68a12f61846b7fbcd7f1338106a1f.jpg?s=32&d=mp&r=g)Dimas Maulana\n\nMore Details ><\/p>\n

#### Gravity Forms CSS Themes with Fontawesome and Placeholders <= 8.5 - Authenticated (Administrator+) Stored Cross-Site Scripting\n\n5.5\n\nCVSS Rating \n**Medium (5.5)**\n\nCVE-ID \n**CVE-2025-39428**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nGravity Forms CSS Themes with Fontawesome and Placeholders\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/86a1429aeb8e473ec62cf8dd3d4e4571.jpg?s=32&d=mp&r=g)Nabil Irawan\n\nMore Details ><\/p>\n

#### Download Manager <= 3.3.12 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload\n\n5.4\n\nCVSS Rating \n**Medium (5.4)**\n\nCVE-ID \n**CVE-2025-3056**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nDownload Manager\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/4c8e47602daa5f66a49fdf2c7555c730.jpg?s=32&d=mp&r=g)siavashvafshar\n\nMore Details ><\/p>\n

#### Target Video Easy Publish <= 3.8.5 - Authenticated (Subscriber+) Arbitrary Shortcode Execution\n\n5.4\n\nCVSS Rating \n**Medium (5.4)**\n\nCVE-ID \n**CVE-2025-32688**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nTarget Video Easy Publish\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g)Phan Trong Quan\n\nMore Details ><\/p>\n

#### ActiveDEMAND <= 0.2.46 - Missing Authorization\n\n5.3\n\nCVSS Rating \n**Medium (5.3)**\n\nCVE-ID \n**CVE-2025-39513**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nActiveDEMAND\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/15c7bc3e71963fdd7c656346bcf8b159.jpg?s=32&d=mp&r=g)Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac (truonghuuphuc)\n\nMore Details ><\/p>\n

#### AI Text to Speech <= 3.0.3 - Missing Authorization\n\n5.3\n\nCVSS Rating \n**Medium (5.3)**\n\nCVE-ID \n**CVE-2025-39554**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nAI Text to Speech \u2013 TTS Plugin For WordPress\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/b5bd58d8a8029c69877dc8a75d7889fd.jpg?s=32&d=mp&r=g)K\u00e9vin Mosbahi (Mika)\n\nMore Details ><\/p>\n

#### AnalyticsWP <= 2.0.0 - Missing Authorization\n\n5.3\n\nCVSS Rating \n**Medium (5.3)**\n\nCVE-ID \n**CVE-2025-39388**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 18, 2025**\n\n**Affected Software** \nAnalyticsWP\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/15c7bc3e71963fdd7c656346bcf8b159.jpg?s=32&d=mp&r=g)Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac (truonghuuphuc)\n\nMore Details ><\/p>\n

#### AnalyticsWP <= 2.1.2 - Unauthenticated Sensitive Information Exposure\n\n5.3\n\nCVSS Rating \n**Medium (5.3)**\n\nCVE-ID \n**CVE-2025-39394**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 18, 2025**\n\n**Affected Software** \nAnalyticsWP\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/15c7bc3e71963fdd7c656346bcf8b159.jpg?s=32&d=mp&r=g)Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac (truonghuuphuc)\n\nMore Details ><\/p>\n

#### Booking and Rental Manager <= 2.2.8 - Missing Authorization\n\n5.3\n\nCVSS Rating \n**Medium (5.3)**\n\nCVE-ID \n**CVE-2025-39457**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nBooking and Rental Manager for Bike | Car | Resort | Appointment | Dress | Equipment\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g)LVT-tholv2k\n\nMore Details ><\/p>\n

#### Booking and Rental Manager <= 2.3.8 - Missing Authorization\n\n5.3\n\nCVSS Rating \n**Medium (5.3)**\n\nCVE-ID \n**CVE-2025-39390**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 18, 2025**\n\n**Affected Software** \nBooking and Rental Manager for Bike | Car | Resort | Appointment | Dress | Equipment\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g)LVT-tholv2k\n\nMore Details ><\/p>\n

#### Church Admin <= 5.0.9 - Unauthenticated Information Disclosure\n\n5.3\n\nCVSS Rating \n**Medium (5.3)**\n\nCVE-ID \n**CVE-2025-39553**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nChurch Admin\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/b5bd58d8a8029c69877dc8a75d7889fd.jpg?s=32&d=mp&r=g)K\u00e9vin Mosbahi (Mika)\n\nMore Details ><\/p>\n

#### Cloak Front End Email <= 1.9.5 - Missing Authorization\n\n5.3\n\nCVSS Rating \n**Medium (5.3)**\n\nCVE-ID \n**CVE-2025-26968**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nCloak Front End Email\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/97a1f88460217867f45b925b3af1bb6a.jpg?s=32&d=mp&r=g)muhammad yudha\n\nMore Details ><\/p>\n

#### Contact Form 7 <= 6.0.5 - Order Replay Vulnerability\n\n5.3\n\nCVSS Rating \n**Medium (5.3)**\n\nCVE-ID \n**CVE-2025-3247**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 15, 2025**\n\n**Affected Software** \nContact Form 7\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/e4a8b174c9f284d94094cf7722e1ec31.jpg?s=32&d=mp&r=g)Asaf Mozes\n\nMore Details ><\/p>\n

#### Dashi <= 3.1.8 - Missing Authorization\n\n5.3\n\nCVSS Rating \n**Medium (5.3)**\n\nCVE-ID \n**CVE-2025-39580**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nDashi\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/2a1b4c1c638eb4f66b0677e71058a830.jpg?s=32&d=mp&r=g)0xd4rk5id3\n\nMore Details ><\/p>\n

#### Eduma <= 5.6.4 - Missing Authorization\n\n5.3\n\nCVSS Rating \n**Medium (5.3)**\n\nCVE-ID \n**CVE-2025-39460**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nEduma\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g)Ananda Dhakal\n\nMore Details ><\/p>\n

#### Forminator <= 1.42.0 - Order Replay Vulnerability\n\n5.3\n\nCVSS Rating \n**Medium (5.3)**\n\nCVE-ID \n**CVE-2025-3479**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nForminator Forms \u2013 Contact Form, Payment Form & Custom Form Builder\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/e4a8b174c9f284d94094cf7722e1ec31.jpg?s=32&d=mp&r=g)Asaf Mozes\n\nMore Details ><\/p>\n

#### Grand Restaurant WordPress <= 7.0 - Missing Authorization\n\n5.3\n\nCVSS Rating \n**Medium (5.3)**\n\nCVE-ID \n**CVE-2025-39353**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 18, 2025**\n\n**Affected Software** \nGrand Restaurant WordPress\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g)Ananda Dhakal\n\nMore Details ><\/p>\n

#### Hive Support <= 1.2.2 - Unauthenticated Sensitive Information Exposure\n\n5.3\n\nCVSS Rating \n**Medium (5.3)**\n\nCVE-ID \n**CVE-2025-32635**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 15, 2025**\n\n**Affected Software** \nHive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/f894d5600bcba5e947d6dde37a3cec1b.jpg?s=32&d=mp&r=g)stealthcopter\n\nMore Details ><\/p>\n

#### JetBlocks For Elementor <= 1.3.16 - Missing Authorization\n\n5.3\n\nCVSS Rating \n**Medium (5.3)**\n\nCVE-ID \n**CVE-2025-39451**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nJetBlocks for Elementor\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/f894d5600bcba5e947d6dde37a3cec1b.jpg?s=32&d=mp&r=g)stealthcopter\n\nMore Details ><\/p>\n

#### JetBlog <= 2.4.3 - Missing Authorization\n\n5.3\n\nCVSS Rating \n**Medium (5.3)**\n\nCVE-ID \n**CVE-2025-26958**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 15, 2025**\n\n**Affected Software** \nJetBlog for Elementor\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/f894d5600bcba5e947d6dde37a3cec1b.jpg?s=32&d=mp&r=g)stealthcopter\n\nMore Details ><\/p>\n

#### JetElements For Elementor <= 2.7.4.1 - Missing Authorization\n\n5.3\n\nCVSS Rating \n**Medium (5.3)**\n\nCVE-ID \n**CVE-2025-39447**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nJetElements\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/f894d5600bcba5e947d6dde37a3cec1b.jpg?s=32&d=mp&r=g)stealthcopter\n\nMore Details ><\/p>\n

#### JetMenu <= 2.4.9 - Missing Authorization\n\n5.3\n\nCVSS Rating \n**Medium (5.3)**\n\nCVE-ID \n**CVE-2025-26953**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 15, 2025**\n\n**Affected Software** \nJetMenu for Elementor\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/f894d5600bcba5e947d6dde37a3cec1b.jpg?s=32&d=mp&r=g)stealthcopter\n\nMore Details ><\/p>\n

#### JetPopup <= 2.0.11 - Missing Authorization\n\n5.3\n\nCVSS Rating \n**Medium (5.3)**\n\nCVE-ID \n**CVE-2025-26944**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 15, 2025**\n\n**Affected Software** \nJetPopup\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/f894d5600bcba5e947d6dde37a3cec1b.jpg?s=32&d=mp&r=g)stealthcopter\n\nMore Details ><\/p>\n

#### JetTricks <= 1.5.1 - Missing Authorization\n\n5.3\n\nCVSS Rating \n**Medium (5.3)**\n\nCVE-ID \n**CVE-2025-26942**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 15, 2025**\n\n**Affected Software** \nJetTricks for Elementor\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/f894d5600bcba5e947d6dde37a3cec1b.jpg?s=32&d=mp&r=g)stealthcopter\n\nMore Details ><\/p>\n

#### JetWooBuilder <= 2.1.18 - Missing Authorization\n\n5.3\n\nCVSS Rating \n**Medium (5.3)**\n\nCVE-ID \n**CVE-2025-39449**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nJetWooBuilder for Elementor\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/f894d5600bcba5e947d6dde37a3cec1b.jpg?s=32&d=mp&r=g)stealthcopter\n\nMore Details ><\/p>\n

#### Macro Calculator with Admin Email Optin & Data <= 1.0 - Unauthenticated Information Disclosure\n\n5.3\n\nCVSS Rating \n**Medium (5.3)**\n\nCVE-ID \n**CVE-2025-26730**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 15, 2025**\n\n**Affected Software** \nMacro Calculator with Admin Email Optin & Data\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g)Deltree\n\nMore Details ><\/p>\n

#### Mediavine Control Panel <= 2.10.6 - Unauthenticated Information Exposure\n\n5.3\n\nCVSS Rating \n**Medium (5.3)**\n\nCVE-ID \n**CVE-2025-39556**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nMediavine Control Panel\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/54d48d97cbd2b84eb914943109eb7d14.jpg?s=32&d=mp&r=g)Nguy\u1ec5n Trung Ki\u00ean\n\nMore Details ><\/p>\n

#### Password Protected \u2013 Password Protect your WordPress Site, Pages, & WooCommerce Products <= 2.7.7 - Unauthenticated Sensitive Information Exposure\n\n5.3\n\nCVSS Rating \n**Medium (5.3)**\n\nCVE-ID \n**CVE-2025-3453**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nPassword Protected \u2013 Password Protect your WordPress Site, Pages, & WooCommerce Products \u2013 Restrict Content, Protect WooCommerce Category and more\n\n**Researchers** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/c070414ac7706c1f7345b025f413df56.jpg?s=32&d=mp&r=g)Brian Sans-Souci (liardom)\n\n![](https:\/\/www.gravatar.com\/avatar\/5a1c57ff7dc66a0d8702f856ceb355fd.jpg?s=32&d=mp&r=g)the sneaky squirrel\n\nMore Details ><\/p>\n

#### Unlimited Timeline < 1.6.1 - Missing Authorization\n\n5.3\n\nCVSS Rating \n**Medium (5.3)**\n\nCVE-ID \n**CVE-2025-27008**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 15, 2025**\n\n**Affected Software** \nUnlimited Timeline\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g)Tran Nguyen Bao Khanh\n\nMore Details ><\/p>\n

#### WP Staging Pro <= 6.1.2 - Unauthenticated Information Exposure via getOutdatedPluginsRequest Function\n\n5.3\n\nCVSS Rating \n**Medium (5.3)**\n\nCVE-ID \n**CVE-2025-3104**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 15, 2025**\n\n**Affected Software** \nWP STAGING Pro WordPress Backup Plugin\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/d30e6a858b269fc0c2ddccf3c3327313.jpg?s=32&d=mp&r=g)haidv35\n\nMore Details ><\/p>\n

#### wpLike2Get <= 1.2.9 - Unauthenticated Information Exposure\n\n5.3\n\nCVSS Rating \n**Medium (5.3)**\n\nCVE-ID \n**CVE-2025-39439**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nwpLike2Get\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/dfc42784669accf02da36cb658a6a355.jpg?s=32&d=mp&r=g)ch4r0n\n\nMore Details ><\/p>\n

#### BMA Lite <= 1.4.2 - Authenticated (Administrator+) SQL Injection\n\n4.9\n\nCVSS Rating \n**Medium (4.9)**\n\nCVE-ID \n**CVE-2025-39518**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nBMA Lite \u2013 Appointment Booking and Scheduling Plugin\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g)Pham Van Phuoc\n\nMore Details ><\/p>\n

#### Hostel <= 1.1.5.6 - Authenticated (Administrator+) SQL Injection\n\n4.9\n\nCVSS Rating \n**Medium (4.9)**\n\nCVE-ID \n**CVE-2025-39566**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nHostel\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g)astra.r3verii\n\nMore Details ><\/p>\n

#### TS Poll \u2013 Survey, Versus Poll, Image Poll, Video Poll <= 2.4.6 - Authenticated (Administrator+) SQL Injection via 's' Parameter\n\n4.9\n\nCVSS Rating \n**Medium (4.9)**\n\nCVE-ID \n**CVE-2025-3470**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 14, 2025**\n\n**Affected Software** \nTS Poll \u2013 Survey, Versus Poll, Image Poll, Video Poll\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/4f335379e6c22b34c96df34218ac155f.jpg?s=32&d=mp&r=g)broccoli\n\nMore Details ><\/p>\n

#### WP Editor <= 1.2.9.1 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Read\n\n4.9\n\nCVSS Rating \n**Medium (4.9)**\n\nCVE-ID \n**CVE-2025-3295**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nWP Editor\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/37cc74b0e1957fee81825154abeae540.jpg?s=32&d=mp&r=g)nquangit\n\nMore Details ><\/p>\n

#### Login Manager \u2013 Design Login Page, View Login Activity, Limit Login Attempts <= 2.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via Custom URL\n\n4.4\n\nCVSS Rating \n**Medium (4.4)**\n\nCVE-ID \n**CVE-2025-2613**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nLogin Manager \u2013 Design Login Page, View Login Activity, Limit Login Attempts\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/7d4a68019ac73014fd7a41bf4de262d6.jpg?s=32&d=mp&r=g)Arshid KV\n\nMore Details ><\/p>\n

#### MaxButtons <= 9.8.3 - Authenticated (Administrator+) Stored Cross-Site Scripting\n\n4.4\n\nCVSS Rating \n**Medium (4.4)**\n\nCVE-ID \n**CVE-2025-39444**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nWordPress Button Plugin MaxButtons\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/697aca1b58dce62b53c47e23b571f54c.jpg?s=32&d=mp&r=g)ayato\n\nMore Details ><\/p>\n

#### Payment Form for PayPal Pro <= 1.1.72 - Authenticated (Administrator+) Stored Cross-Site Scripting\n\n4.4\n\nCVSS Rating \n**Medium (4.4)**\n\nCVE-ID \n**CVE-2025-39562**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nPayment Form for PayPal Pro\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g)Doan Dinh Van\n\nMore Details ><\/p>\n

#### WP Post to PDF Enhanced <= 1.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting\n\n4.4\n\nCVSS Rating \n**Medium (4.4)**\n\nCVE-ID \n**CVE-2025-39427**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nWP Post to PDF Enhanced\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/86a1429aeb8e473ec62cf8dd3d4e4571.jpg?s=32&d=mp&r=g)Nabil Irawan\n\nMore Details ><\/p>\n

#### Advanced Dynamic Pricing for WooCommerce <= 4.9.3 - Cross-Site Request Forgery to Settings Update\n\n4.3\n\nCVSS Rating \n**Medium (4.3)**\n\nCVE-ID \n**CVE-2025-39453**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nAdvanced Dynamic Pricing for WooCommerce\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/c36a7211a54c34d3d52be3b1bd8d253e.jpg?s=32&d=mp&r=g)lucky_buddy\n\nMore Details ><\/p>\n

#### Advanced Google Maps <= 5.8.4 - Missing Authorization\n\n4.3\n\nCVSS Rating \n**Medium (4.3)**\n\nCVE-ID \n**CVE-2025-39465**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nwp-google-map-gold\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/54d48d97cbd2b84eb914943109eb7d14.jpg?s=32&d=mp&r=g)Nguy\u1ec5n Trung Ki\u00ean\n\nMore Details ><\/p>\n

#### Anthologize <= 0.8.3 - Cross-Site Request Forgery\n\n4.3\n\nCVSS Rating \n**Medium (4.3)**\n\nCVE-ID \n**CVE-2025-39437**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nAnthologize\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/86a1429aeb8e473ec62cf8dd3d4e4571.jpg?s=32&d=mp&r=g)Nabil Irawan\n\nMore Details ><\/p>\n

#### Avatar <= 0.1.4 - Authenticated (Subscriber+) Insecure Direct Object Reference\n\n4.3\n\nCVSS Rating \n**Medium (4.3)**\n\nCVE-ID \n**CVE-2025-39434**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nAvatar\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/e37bf2a629b6924efb95f289b0a7f7e4.jpg?s=32&d=mp&r=g)Nguyen Xuan Chien\n\nMore Details ><\/p>\n

#### Barcode Generator for WooCommerce <= 2.0.4 - Authenticated (Subscriber+) Arbitrary Content Deletion\n\n4.3\n\nCVSS Rating \n**Medium (4.3)**\n\nCVE-ID \n**CVE-2025-32929**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 15, 2025**\n\n**Affected Software** \nBarcode Generator for WooCommerce \u2013 Show barcodes on products, orders, invoices and other pages\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/b5bd58d8a8029c69877dc8a75d7889fd.jpg?s=32&d=mp&r=g)K\u00e9vin Mosbahi (Mika)\n\nMore Details ><\/p>\n

#### Basic Interactive World Map <= 2.7 - Cross-Site Request Forgery to Settings Update\n\n4.3\n\nCVSS Rating \n**Medium (4.3)**\n\nCVE-ID \n**CVE-2025-39517**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nBasic Interactive World Map\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/e37bf2a629b6924efb95f289b0a7f7e4.jpg?s=32&d=mp&r=g)Nguyen Xuan Chien\n\nMore Details ><\/p>\n

#### bbPress2 shortcode whitelist <= 2.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting\n\n4.3\n\nCVSS Rating \n**Medium (4.3)**\n\nCVE-ID \n**CVE-2025-39432**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nbbPress2 shortcode whitelist\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/343456e443c863409724aa97bcfa6e3e.jpg?s=32&d=mp&r=g)johska\n\nMore Details ><\/p>\n

#### BERTHA AI <= 1.12.10.2 - Authenticated (Subscriber+) Arbitrary Content Deletion\n\n4.3\n\nCVSS Rating \n**Medium (4.3)**\n\nCVE-ID \n**CVE-2025-39583**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nBERTHA AI. Your AI co-pilot for WordPress and Chrome\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/01dce303f1fab51371215f21992679d9.jpg?s=32&d=mp&r=g)theviper17y\n\nMore Details ><\/p>\n

#### Bknewsticker <= 1.0.5 - Cross-Site Request Forgery\n\n4.3\n\nCVSS Rating \n**Medium (4.3)**\n\nCVE-ID \n**CVE-2025-39433**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nBknewsticker\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/343456e443c863409724aa97bcfa6e3e.jpg?s=32&d=mp&r=g)johska\n\nMore Details ><\/p>\n

#### Bring Fraktguiden for WooCommerce <= 1.11.4 - Missing Authorization\n\n4.3\n\nCVSS Rating \n**Medium (4.3)**\n\nCVE-ID \n**CVE-2025-39559**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nBring Fraktguiden for WooCommerce\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/15c7bc3e71963fdd7c656346bcf8b159.jpg?s=32&d=mp&r=g)Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac (truonghuuphuc)\n\nMore Details ><\/p>\n

#### Bulk Term Editor <= 1.1.4 - Cross-Site Request Forgery\n\n4.3\n\nCVSS Rating \n**Medium (4.3)**\n\nCVE-ID \n**CVE-2025-39512**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nBulk Term Editor\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g)Skalucy\n\nMore Details ><\/p>\n

#### Conditional Payments for WooCommerce <= 3.3.0 - Cross-Site Request Forgery\n\n4.3\n\nCVSS Rating \n**Medium (4.3)**\n\nCVE-ID \n**CVE-2025-39563**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nConditional Payments for WooCommerce\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/c36a7211a54c34d3d52be3b1bd8d253e.jpg?s=32&d=mp&r=g)lucky_buddy\n\nMore Details ><\/p>\n

#### Conditional Shipping for WooCommerce <= 3.4.0 - Cross-Site Request Forgery\n\n4.3\n\nCVSS Rating \n**Medium (4.3)**\n\nCVE-ID \n**CVE-2025-39564**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nConditional Shipping for WooCommerce\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/c36a7211a54c34d3d52be3b1bd8d253e.jpg?s=32&d=mp&r=g)lucky_buddy\n\nMore Details ><\/p>\n

#### Dynamic Post <= 4.10 - Missing Authorization to Authenticated (Subscriber+) Settings Update\n\n4.3\n\nCVSS Rating \n**Medium (4.3)**\n\nCVE-ID \n**CVE-2025-39522**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nDynamic Post\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/15c7bc3e71963fdd7c656346bcf8b159.jpg?s=32&d=mp&r=g)Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac (truonghuuphuc)\n\nMore Details ><\/p>\n

#### ElementsReady Addons for Elementor <= 6.6.2 - Cross-Site Request Forgery\n\n4.3\n\nCVSS Rating \n**Medium (4.3)**\n\nCVE-ID \n**CVE-2025-39546**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nElementsReady Addons for Elementor\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/86a1429aeb8e473ec62cf8dd3d4e4571.jpg?s=32&d=mp&r=g)Nabil Irawan\n\nMore Details ><\/p>\n

#### Essential Addons for Elementor <= 6.1.9 - Authenticated (Contributor+) Information Disclosure\n\n4.3\n\nCVSS Rating \n**Medium (4.3)**\n\nCVE-ID \n**CVE-2025-39589**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nEssential Addons for Elementor \u2013 Popular Elementor Addon With Ready Templates, Advanced Widgets, Kits & WooCommerce Builders\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/f894d5600bcba5e947d6dde37a3cec1b.jpg?s=32&d=mp&r=g)stealthcopter\n\nMore Details ><\/p>\n

#### Ever Accounting <= 2.1.5 - Cross-Site Request Forgery\n\n4.3\n\nCVSS Rating \n**Medium (4.3)**\n\nCVE-ID \n**CVE-2025-39593**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nEver Accounting \u2013 WordPress Accounting and Invoice Plugin\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g)Skalucy\n\nMore Details ><\/p>\n

#### FS Poster <= 6.5.8 - Missing Authorization\n\n4.3\n\nCVSS Rating \n**Medium (4.3)**\n\nCVE-ID \n**CVE-2025-30960**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 15, 2025**\n\n**Affected Software** \nFS Poster - WordPress Social media Auto Poster & Scheduler [Facebook, Instagram, Twitter, Pinterest]\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g)Rafie Muhammad\n\nMore Details ><\/p>\n

#### Grand Restaurant WordPress <= 7.0 - Cross-Site Request Forgery\n\n4.3\n\nCVSS Rating \n**Medium (4.3)**\n\nCVE-ID \n**CVE-2025-39351**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 18, 2025**\n\n**Affected Software** \nGrand Restaurant WordPress\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g)Ananda Dhakal\n\nMore Details ><\/p>\n

#### illow \u2013 Cookies Consent <= 0.2.0 - Cross-Site Request Forgery\n\n4.3\n\nCVSS Rating \n**Medium (4.3)**\n\nCVE-ID \n**CVE-2025-39426**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nillow \u2013 Cookies Consent\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g)Skalucy\n\nMore Details ><\/p>\n

#### Integration for WooCommerce and QuickBooks <= 1.3.1 - Cross-Site Request Forgery\n\n4.3\n\nCVSS Rating \n**Medium (4.3)**\n\nCVE-ID \n**CVE-2025-39600**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nIntegration for WooCommerce and QuickBooks\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/e37bf2a629b6924efb95f289b0a7f7e4.jpg?s=32&d=mp&r=g)Nguyen Xuan Chien\n\nMore Details ><\/p>\n

#### IP2Location Variables <= 2.9.5 - Cross-Site Request Forgery\n\n4.3\n\nCVSS Rating \n**Medium (4.3)**\n\nCVE-ID \n**CVE-2025-39455**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nIP2Location Variables\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/c14731a0f8a0d24cbda30f561fc03441.jpg?s=32&d=mp&r=g)SOPROBRO\n\nMore Details ><\/p>\n

#### Live Forms <= 4.8.4 - Missing Authorization\n\n4.3\n\nCVSS Rating \n**Medium (4.3)**\n\nCVE-ID \n**CVE-2025-39560**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nContact Form, Drag and Drop Form Builder Plugin \u2013 Live Forms\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/e37bf2a629b6924efb95f289b0a7f7e4.jpg?s=32&d=mp&r=g)Nguyen Xuan Chien\n\nMore Details ><\/p>\n

#### Master Slider <= 3.10.7 - Missing Authorization\n\n4.3\n\nCVSS Rating \n**Medium (4.3)**\n\nCVE-ID \n**CVE-2025-39412**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nMaster Slider \u2013 Responsive Touch Slider\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g)Ananda Dhakal\n\nMore Details ><\/p>\n

#### mLanguage <= 1.6.1 - Cross-Site Request Forgery\n\n4.3\n\nCVSS Rating \n**Medium (4.3)**\n\nCVE-ID \n**CVE-2025-39430**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nmLanguage\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/343456e443c863409724aa97bcfa6e3e.jpg?s=32&d=mp&r=g)johska\n\nMore Details ><\/p>\n

#### My auctions allegro <= 3.6.20 - Cross-Site Request Forgery\n\n4.3\n\nCVSS Rating \n**Medium (4.3)**\n\nCVE-ID \n**CVE-2025-27009**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 14, 2025**\n\n**Affected Software** \nMy auctions allegro\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/86a1429aeb8e473ec62cf8dd3d4e4571.jpg?s=32&d=mp&r=g)Nabil Irawan\n\nMore Details ><\/p>\n

#### Name Directory <= 1.30.0 - Missing Authorization\n\n4.3\n\nCVSS Rating \n**Medium (4.3)**\n\nCVE-ID \n**CVE-2025-39454**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nName Directory\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/15c7bc3e71963fdd7c656346bcf8b159.jpg?s=32&d=mp&r=g)Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac (truonghuuphuc)\n\nMore Details ><\/p>\n

#### Review Wave \u2013 Google Places Reviews <= 1.4.7 - Cross-Site Request Forgery\n\n4.3\n\nCVSS Rating \n**Medium (4.3)**\n\nCVE-ID \n**CVE-2025-39442**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nReview Wave \u2013 Google Places Reviews\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/343456e443c863409724aa97bcfa6e3e.jpg?s=32&d=mp&r=g)johska\n\nMore Details ><\/p>\n

#### Simple Maps <= 0.98 - Cross-Site Request Forgery\n\n4.3\n\nCVSS Rating \n**Medium (4.3)**\n\nCVE-ID \n**CVE-2025-39424**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nSimple Maps\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/343456e443c863409724aa97bcfa6e3e.jpg?s=32&d=mp&r=g)johska\n\nMore Details ><\/p>\n

#### Simple Sitemap \u2013 Create a Responsive HTML Sitemap <= 3.5.14 - Missing Authorization\n\n4.3\n\nCVSS Rating \n**Medium (4.3)**\n\nCVE-ID \n**CVE-2025-39413**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nSimple Sitemap \u2013 Create a Responsive HTML Sitemap\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g)Ananda Dhakal\n\nMore Details ><\/p>\n

#### Sirat <= 1.5.1 - Missing Authorization\n\n4.3\n\nCVSS Rating \n**Medium (4.3)**\n\nCVE-ID \n**CVE-2025-39385**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 18, 2025**\n\n**Affected Software** \nSirat\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/258c774aecd81b7d1fa67abf3b576b33.jpg?s=32&d=mp&r=g)Peter Thaleikis\n\nMore Details ><\/p>\n

#### Style Manager <= 2.2.7 - Cross-Site Request Forgery to Settings Update\n\n4.3\n\nCVSS Rating \n**Medium (4.3)**\n\nCVE-ID \n**CVE-2025-39425**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nStyle Manager \u2013 Auto-magical system to style your entire WordPress site\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/86a1429aeb8e473ec62cf8dd3d4e4571.jpg?s=32&d=mp&r=g)Nabil Irawan\n\nMore Details ><\/p>\n

#### Theme Changer <= 1.3 - Cross-Site Request Forgery\n\n4.3\n\nCVSS Rating \n**Medium (4.3)**\n\nCVE-ID \n**CVE-2025-39438**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nTheme Changer\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/dfc42784669accf02da36cb658a6a355.jpg?s=32&d=mp&r=g)ch4r0n\n\nMore Details ><\/p>\n

#### User Registration & Membership PRO \u2013 Custom Registration Form, Login Form, and User Profile <= 5.1.3 - Cross-Site Request Forgery to User Deletion\n\n4.3\n\nCVSS Rating \n**Medium (4.3)**\n\nCVE-ID \n**CVE-2025-3284**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 18, 2025**\n\n**Affected Software** \nUser Registration PRO \u2013 Custom Registration Form, Login Form, and User Profile WordPress Plugin\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/14c9ac0f163cbf6d8b0f77fce5836577.jpg?s=32&d=mp&r=g)wesley (wcraft)\n\nMore Details ><\/p>\n

#### Verge3D <= 4.9.0 - Cross-Site Request Forgery\n\n4.3\n\nCVSS Rating \n**Medium (4.3)**\n\nCVE-ID \n**CVE-2025-39443**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nVerge3D Publishing and E-Commerce\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/86a1429aeb8e473ec62cf8dd3d4e4571.jpg?s=32&d=mp&r=g)Nabil Irawan\n\nMore Details ><\/p>\n

#### Vitepos <= 3.1.7 - Missing Authorization\n\n4.3\n\nCVSS Rating \n**Medium (4.3)**\n\nCVE-ID \n**CVE-2025-39535**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nVitepos \u2013 Point of sale (POS) plugin for WooCommerce\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g)astra.r3verii\n\nMore Details ><\/p>\n

#### WooCommerce Products without featured images <= 0.1 - Cross-Site Request Forgery\n\n4.3\n\nCVSS Rating \n**Medium (4.3)**\n\nCVE-ID \n**CVE-2025-32545**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 14, 2025**\n\n**Affected Software** \nWooCommerce Products without featured images\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/2a1b4c1c638eb4f66b0677e71058a830.jpg?s=32&d=mp&r=g)0xd4rk5id3\n\nMore Details ><\/p>\n

#### WooCommerce Social Login <= 2.8.2 - Cross-Site Request Forgery\n\n4.3\n\nCVSS Rating \n**Medium (4.3)**\n\nCVE-ID \n**CVE-2025-39472**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nWooCommerce - Social Login\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g)Ananda Dhakal\n\nMore Details ><\/p>\n

#### WordPress REST API Authentication <= 3.6.3 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update\n\n4.3\n\nCVSS Rating \n**Medium (4.3)**\n\nCVE-ID \n**CVE-2025-39545**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nWordPress REST API Authentication\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g)chuck\n\nMore Details ><\/p>\n

#### WowStore <= 4.2.4 - Missing Authorization\n\n4.3\n\nCVSS Rating \n**Medium (4.3)**\n\nCVE-ID \n**CVE-2025-39571**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nWooCommerce Builder & Gutenberg WooCommerce Blocks \u2013 WowStore\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/00000000000000000000000000000000.jpg?s=32&d=mp&r=g)astra.r3verii\n\nMore Details ><\/p>\n

#### WP Logger <= 2.2 - Missing Authorization\n\n4.3\n\nCVSS Rating \n**Medium (4.3)**\n\nCVE-ID \n**CVE-2025-39456**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nWP Logger\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/b5bd58d8a8029c69877dc8a75d7889fd.jpg?s=32&d=mp&r=g)K\u00e9vin Mosbahi (Mika)\n\nMore Details ><\/p>\n

#### WP Simple Booking Calendar <= 2.0.13 - Missing Authorization\n\n4.3\n\nCVSS Rating \n**Medium (4.3)**\n\nCVE-ID \n**CVE-2025-39541**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nWP Simple Booking Calendar\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/15c7bc3e71963fdd7c656346bcf8b159.jpg?s=32&d=mp&r=g)Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac (truonghuuphuc)\n\nMore Details ><\/p>\n

#### WP Social Bookmarking <= 3.6 - Cross-Site Request Forgery\n\n4.3\n\nCVSS Rating \n**Medium (4.3)**\n\nCVE-ID \n**CVE-2025-39422**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nWP Social Bookmarking\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/343456e443c863409724aa97bcfa6e3e.jpg?s=32&d=mp&r=g)johska\n\nMore Details ><\/p>\n

#### WP Sticky Side Buttons <= 2.1 - Cross-Site Request Forgery\n\n4.3\n\nCVSS Rating \n**Medium (4.3)**\n\nCVE-ID \n**CVE-2025-39421**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nWP Sticky Side Buttons\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/343456e443c863409724aa97bcfa6e3e.jpg?s=32&d=mp&r=g)johska\n\nMore Details ><\/p>\n

#### WP Twitter Button <= 1.4.1 - Cross-Site Request Forgery\n\n4.3\n\nCVSS Rating \n**Medium (4.3)**\n\nCVE-ID \n**CVE-2025-39420**\n\nPatch Status \n**Unpatched**\n\nPublished \n**Apr 17, 2025**\n\n**Affected Software** \nWP Twitter Button\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/343456e443c863409724aa97bcfa6e3e.jpg?s=32&d=mp&r=g)johska\n\nMore Details ><\/p>\n

#### Administrator Z <= 2025.03.28 - Authenticated (Admin+) Directory Traversal\n\n2.7\n\nCVSS Rating \n**Low (2.7)**\n\nCVE-ID \n**CVE-2025-39598**\n\nPatch Status \n**Patched**\n\nPublished \n**Apr 16, 2025**\n\n**Affected Software** \nAdministrator Z\n\n**Researcher** \n\n\n![](https:\/\/www.gravatar.com\/avatar\/e37bf2a629b6924efb95f289b0a7f7e4.jpg?s=32&d=mp&r=g)Nguyen Xuan Chien\n\nMore Details ><\/p>\n

* * *<\/p>\n

_As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence._<\/p>\n

This database is continuously updated, maintained, and populated by Wordfence\u2019s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.<\/p>\n

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.<\/p>\n

The post Wordfence Intelligence Weekly WordPress Vulnerability Report (April 14, 2025 to April 20, 2025) appeared first on Wordfence.\n <\/p><\/div>\n<\/p><\/div>\n

\n

Impact Assessment<\/h3>\n\n\n\n
Base Score<\/th>\n10.0<\/td>\n<\/tr>\n
Severity<\/th>\nCRITICAL<\/td>\n<\/tr>\n<\/table><\/div>\n
\n

View full CVE details<\/a><\/p>\n<\/p><\/div>\n<\/div>\n