Skip to main content
CVE-2025-7045 MEDIUM This Month

The Cloud SAML SSO plugin for WordPress is vulnerable to Identity Provider Deletion due to a missing capability check on the delete_config action of the csso_handle_actions() function in all versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress PHP
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2025-7040 HIGH This Month

The Cloud SAML SSO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'set_organization_settings' action of the csso_handle_actions(). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress CSRF PHP
NVD
CVSS 3.1
8.2
EPSS
0.1%
CVE-2025-9853 MEDIUM This Month

The Optio Dentistry plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'optio-lightbox' shortcode in all versions up to, and including, 2.2 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-9085 MEDIUM Monitor

The User Registration & Membership plugin for WordPress is vulnerable to SQL Injection via the 's' parameter in version 4.3.0. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi PHP
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-8360 MEDIUM This Month

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's widgets in all versions up to, and including, 1.5.5.1 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-8359 CRITICAL This Week

The AdForest theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 6.0.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress PHP
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-58912 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-58911 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-58910 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-58909 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-58908 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-58907 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-58906 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-58905 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-58904 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-58374 HIGH This Month

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Node.js Roo Code
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-10003 MEDIUM This Month

The UsersWP - Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi PHP
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-7368 MEDIUM This Month

The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme theme for WordPress is vulnerable to Information Exposure in all versions up to, and including, 19.9.7 via the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure PHP
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-6067 MEDIUM This Month

The Easy Social Feed - Social Photos Gallery - Post Feed - Like Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `data-caption` and `data-linktext` parameters in all. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-58439 HIGH This Month

ERP is a free and open source Enterprise Resource Planning tool. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Erpnext
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-58375 Awaiting Data

Rejected reason: This CVE is a duplicate of another CVE. No vendor patch available.

Information Disclosure
NVD
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy