| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2025-39201 | A vulnerability exists in MicroSCADA X SYS600 product. If exploited this could allow a local unauthe... | | |
| CVE-2025-39202 | A vulnerability exists in in the Monitor Pro interface of the MicroSCADA X SYS600 product. An authen... | | |
| CVE-2025-39203 | A vulnerability exists in the IEC 61850 of the MicroSCADA X SYS600 product. An IEC 61850-8 crafted m... | | |
| CVE-2025-39204 | A vulnerability exists in the Web interface of the MicroSCADA X SYS600 product. The filtering query ... | | |
| CVE-2025-39205 | A vulnerability exists in the IEC 61850 in MicroSCADA X SYS600 product. The certificate validation o... | | |
| CVE-2025-39240 | Some Hikvision Wireless Access Point are vulnerable to authenticated remote command execution due to... | | |
| CVE-2025-39348 | WordPress Grand Restaurant WordPress theme <= 7.0 - PHP Object Injection vulnerability | | |
| CVE-2025-39349 | WordPress CiyaShop theme <= 4.18.0 - PHP Object Injection vulnerability | | |
| CVE-2025-39350 | WordPress wProject theme < 5.8.0 - Unauthenticated Post/Comment/Attachment Modification/Deletion vulnerability | S | |
| CVE-2025-39351 | WordPress Grand Restaurant WordPress theme <= 7.0 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-39352 | WordPress Grand Restaurant WordPress theme <= 7.0 - Arbitrary Options Deletion vulnerability | | |
| CVE-2025-39353 | WordPress Grand Restaurant WordPress theme <= 7.0 - Broken Access Control vulnerability | | |
| CVE-2025-39354 | WordPress Grand Conference theme <= 5.2 - PHP Object Injection vulnerability | | |
| CVE-2025-39355 | WordPress FAT Services Booking plugin <= 5.6 - SQL Injection vulnerability | | |
| CVE-2025-39356 | WordPress Foodbakery Sticky Cart plugin <= 3.2 - PHP Object Injection vulnerability | | |
| CVE-2025-39357 | WordPress Hospital Management System plugin <= 47.0(20-11-2023) - SQL Injection vulnerability | | |
| CVE-2025-39358 | WordPress WP Posts Carousel <= 1.3.12 - PHP Object Injection Vulnerability | S | |
| CVE-2025-39359 | WordPress CWW Portfolio theme <= 1.3.1 - Local File Inclusion vulnerability | | |
| CVE-2025-39360 | WordPress Grace Mag theme <= 1.1.5 - Local File Inclusion vulnerability | | |
| CVE-2025-39361 | WordPress Royal Elementor Addons plugin <= 1.7.1017 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-39362 | WordPress Mollie Payments for WooCommerce plugin <= 8.0.2 - Insecure Direct Object References (IDOR) vulnerability | | |
| CVE-2025-39363 | WordPress Custom Login and Registration <= 1.0.0 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-39364 | WordPress Product Category Slider for WooCommerce plugin <= 4.3.4 - Local File Inclusion vulnerability | S | |
| CVE-2025-39365 | WordPress wProject theme < 5.8.0 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-39366 | WordPress wProject theme < 5.8.0 - Subscriber+ Privilege Escalation vulnerability | S | |
| CVE-2025-39367 | WordPress Kleo theme < 5.4.4 - Broken Access Control vulnerability | S | |
| CVE-2025-39368 | WordPress Rootspersona plugin <= 3.7.5 - Broken Access Control vulnerability | | |
| CVE-2025-39369 | WordPress Posts for Page plugin <= 2.1 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-39370 | WordPress iCafe Library plugin <= 1.8.3 - SQL Injection vulnerability | | |
| CVE-2025-39371 | WordPress Author Box Plugin With Different Description plugin <= 1.3.5 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-39372 | WordPress WordPress Events Calendar Registration & Tickets plugin <= 2.6.0 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-39373 | WordPress JNews theme <= 11.6.5 - Broken Access Control vulnerability | | |
| CVE-2025-39374 | WordPress Best Posts Summary plugin <= 1.0 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-39375 | WordPress Easy Child Theme Creator plugin <= 1.3.1 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-39376 | WordPress Car Park Booking System for WordPress plugin <= 2.6 - Broken Access Control vulnerability | | |
| CVE-2025-39377 | WordPress Appsero Helper plugin <= 1.3.4 - SQL Injection vulnerability | | |
| CVE-2025-39378 | WordPress Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light plugin <= 2.4.37 - Local File Inclusion vulnerability | | |
| CVE-2025-39379 | WordPress Capturly plugin <= 2.0.1 - Local File Inclusion vulnerability | | |
| CVE-2025-39380 | WordPress Hospital Management System plugin <= 47.0(20-11-2023) - Arbitrary File Upload vulnerability | | |
| CVE-2025-39381 | WordPress KiotViet Sync plugin <= 1.8.4 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-39382 | WordPress ACF: Google Font Selector plugin <= 3.0.1 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-39383 | WordPress Xews Lite plugin <= 1.0.9 - Local File Inclusion vulnerability | | |
| CVE-2025-39384 | WordPress Product Lister for eBay plugin <= 2.0.9 - Local File Inclusion vulnerability | | |
| CVE-2025-39385 | WordPress Sirat theme <= 1.5.1 - Broken Access Control vulnerability | | |
| CVE-2025-39386 | WordPress Hospital Management System plugin <= 47.0(20-11-2023) - SQL Injection vulnerability | | |
| CVE-2025-39387 | WordPress Opstore theme <= 1.4.5 - Local File Inclusion vulnerability | | |
| CVE-2025-39388 | WordPress AnalyticsWP plugin <= 2.0.0 - Broken Access Control vulnerability | | |
| CVE-2025-39389 | WordPress AnalyticsWP <= 2.1.2 - SQL Injection Vulnerability | S | |
| CVE-2025-39390 | WordPress Booking and Rental Manager plugin <= 2.3.8 - Broken Access Control vulnerability | | |
| CVE-2025-39391 | WordPress Checkout Field Visibility for WooCommerce plugin <= 1.2.3 - Local File Inclusion vulnerability | | |
| CVE-2025-39392 | WordPress WPAMS plugin <= 44.0 (17-08-2023) - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-39393 | WordPress Hospital Management System plugin <= 47.0 (20-11-2023) - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-39394 | WordPress AnalyticsWP plugin <= 2.1.2 - Sensitive Data Exposure vulnerability | | |
| CVE-2025-39395 | WordPress WPAMS plugin <= 44.0 (17-08-2023) - SQL Injection vulnerability | | |
| CVE-2025-39396 | WordPress JetReviews plugin <= 2.3.6 - Local File Inclusion vulnerability | S | |
| CVE-2025-39397 | WordPress Anything Popup plugin <= 7.3 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-39398 | WordPress Hotel + Bed and Breakfast Booking Calendar Theme | Bellevue theme <= 4.2.2 - Broken Access Control vulnerability | | |
| CVE-2025-39399 | WordPress License For Envato plugin <= 1.0.0 - Local File Inclusion vulnerability | | |
| CVE-2025-39400 | WordPress User Registration plugin < 4.2.0 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-39401 | WordPress WPAMS plugin <= 44.0 (17-08-2023) - Arbitrary File Upload vulnerability | | |
| CVE-2025-39402 | WordPress WPAMS plugin <= 44.0 (17-08-2023) - Arbitrary File Upload vulnerability | | |
| CVE-2025-39403 | WordPress WPAMS plugin <= 44.0 (17-08-2023) - SQL Injection vulnerability | | |
| CVE-2025-39404 | WordPress Sassy Social Share plugin <= 3.3.73 - Open Redirection vulnerability | S | |
| CVE-2025-39405 | WordPress WPAMS plugin <= 44.0 (17-08-2023) - Privilege Escalation vulnerability | | |
| CVE-2025-39406 | WordPress WPAMS plugin <= 44.0 - Local File Inclusion to Privilege Escalation vulnerability | | |
| CVE-2025-39407 | WordPress Memberpress plugin < 1.12.0 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-39408 | WordPress BruteGuard – Brute Force Login Protection plugin <= 0.1.4 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-39409 | WordPress WordPress Video Robot - The Ultimate Video Importer plugin <= 1.20.0 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-39410 | WordPress Smart Sections Theme Builder - WPBakery Page Builder Addon plugin <= 1.7.8 - PHP Object Injection vulnerability | | |
| CVE-2025-39411 | WordPress WhatsApp Click to Chat Plugin for WordPress plugin <= 2.2.12 - Local File Inclusion vulnerability | | |
| CVE-2025-39412 | WordPress Master Slider plugin <= 3.10.8 - Broken Access Control vulnerability | | |
| CVE-2025-39413 | WordPress Simple Sitemap – Create a Responsive HTML Sitemap plugin <= 3.5.14 - Broken Access Control vulnerability | | |
| CVE-2025-39414 | WordPress spam-stopper plugin <= 3.1.3 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-39415 | WordPress Social Media Links plugin <= 1.0.3 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-39416 | WordPress translit it! plugin <= 1.6 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-39417 | WordPress Redirect wordpress to welcome or landing page plugin <= 2.0 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-39418 | WordPress RSS Manager plugin <= 0.06 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-39419 | WordPress Revision Diet plugin <= 1.0.1 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-39420 | WordPress WP Twitter Button plugin <= 1.4.1 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-39421 | WordPress WP Sticky Side Buttons plugin <= 2.1 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-39422 | WordPress WP Social Bookmarking plugin <= 3.6 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-39423 | WordPress Add to Header plugin <= 1.0 - CSRF to XSS vulnerability | | |
| CVE-2025-39424 | WordPress Simple Maps plugin <= 0.98 - CSRF to XSS vulnerability | | |
| CVE-2025-39425 | WordPress Style Manager plugin <= 2.2.7 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability | | |
| CVE-2025-39426 | WordPress illow – Cookies Consent plugin <= 0.2.0 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-39427 | WordPress WP Post to PDF Enhanced plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-39428 | WordPress Gravity Forms CSS Themes with Fontawesome and Placeholders plugin <= 8.5 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-39429 | WordPress Széchenyi 2020 Logo <= 1.1 - Local File Inclusion Vulnerability | | |
| CVE-2025-39430 | WordPress mLanguage plugin <= 1.6.1 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-39431 | WordPress Amazon Showcase WordPress Plugin plugin <= 2.2 - CSRF to XSS vulnerability | | |
| CVE-2025-39432 | WordPress bbPress2 shortcode whitelist plugin <= 2.2.1 - CSRF to XSS vulnerability | | |
| CVE-2025-39433 | WordPress Bknewsticker plugin <= 1.0.5 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-39434 | WordPress Avatar plugin <= 0.1.4 - Insecure Direct Object References (IDOR) vulnerability | | |
| CVE-2025-39435 | WordPress My Marginalia plugin <= 1.0.6 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-39436 | WordPress I Draw <= 1.0 - Arbitrary File Upload Vulnerability | | |
| CVE-2025-39437 | WordPress Anthologize plugin <= 0.8.3 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-39438 | WordPress Theme Changer plugin <= 1.3 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-39439 | WordPress wpLike2Get plugin <= 1.2.9 - Sensitive Data Exposure vulnerability | | |
| CVE-2025-39440 | WordPress Broken Links Remover plugin <= 1.2.2 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-39441 | WordPress Dashboard Notepads plugin <= 1.2.1 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-39442 | WordPress Review Wave – Google Places Reviews plugin <= 1.4.7 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-39443 | WordPress Verge3D plugin <= 4.9.0 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2025-39444 | WordPress MaxButtons plugin <= 9.8.3 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-39445 | WordPress Super Store Finder <= 7.2 - SQL Injection Vulnerability | S | |
| CVE-2025-39446 | WordPress Booster Plus for WooCommerce plugin <= 7.2.4 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-39447 | WordPress JetElements For Elementor <= 2.7.4.1 - Broken Access Control Vulnerability | S | |
| CVE-2025-39448 | WordPress JetElements For Elementor plugin <= 2.7.4.1 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-39449 | WordPress JetWooBuilder <= 2.1.18 - Broken Access Control Vulnerability | S | |
| CVE-2025-39450 | WordPress JetTabs plugin <= 2.2.7 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-39451 | WordPress JetBlocks For Elementor <= 1.3.16 - Broken Access Control Vulnerability | S | |
| CVE-2025-39452 | WordPress WPCafe plugin <= 2.2.32 - Local File Inclusion vulnerability | S | |
| CVE-2025-39453 | WordPress Advanced Dynamic Pricing for WooCommerce plugin <= 4.9.3 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability | S | |
| CVE-2025-39454 | WordPress Name Directory plugin <= 1.30.0 - Broken Access Control vulnerability | S | |
| CVE-2025-39455 | WordPress IP2Location Variables plugin <= 2.9.5 - CSRF to Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-39456 | WordPress WP Logger plugin <= 2.2 - Broken Access Control vulnerability | S | |
| CVE-2025-39457 | WordPress Booking and Rental Manager plugin <= 2.2.8 - Broken Access Control vulnerability | S | |
| CVE-2025-39458 | WordPress Foton theme <= 2.5.2 - Local File Inclusion vulnerability | S | |
| CVE-2025-39459 | WordPress Real Estate 7 theme <= 3.5.2 - Privilege Escalation vulnerability | S | |
| CVE-2025-39460 | WordPress Eduma theme <= 5.6.4 - Broken Access Control vulnerability | S | |
| CVE-2025-39461 | WordPress Docket Cache plugin <= 24.07.02 - Local File Inclusion vulnerability | S | |
| CVE-2025-39462 | WordPress Smart Agreements plugin <= 1.0.3 - Local File Inclusion vulnerability | S | |
| CVE-2025-39464 | WordPress AdminQuickbar plugin <= 1.9.1 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-39469 | WordPress Modal Survey plugin <= 2.0.2.0.1 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-39470 | WordPress Ivy School <= 1.6.0 - Local File Inclusion Vulnerability | S | |
| CVE-2025-39471 | WordPress Modal Survey plugin <= 2.0.2.0.1 - SQL Injection vulnerability | | |
| CVE-2025-39472 | WordPress WooCommerce Social Login plugin < 2.8.3 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2025-39473 | WordPress Seofy Core <= 1.4.5 - Local File Inclusion Vulnerability | | |
| CVE-2025-39474 | WordPress Amely theme <= 3.1.4 - SQL Injection vulnerability | S | |
| CVE-2025-39475 | WordPress Arlo <= 6.0.3 - Local File Inclusion Vulnerability | | |
| CVE-2025-39476 | WordPress Revo theme <= 4.0.26 - Local File Inclusion Vulnerability | | |
| CVE-2025-39478 | WordPress Smart Notification Plugin <= 10.3 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-39479 | WordPress Smart Notification Plugin <= 10.3 - SQL Injection vulnerability | | |
| CVE-2025-39480 | WordPress Car Dealer <= 1.6.6 - PHP Object Injection Vulnerability | | |
| CVE-2025-39481 | WordPress Eventer - WordPress Event & Booking Manager Plugin plugin <= 3.9.6 - SQL Injection vulnerability | | |
| CVE-2025-39482 | WordPress Eventer - WordPress Event & Booking Manager Plugin plugin <= 3.9.6 - Broken Access Control vulnerability | | |
| CVE-2025-39485 | WordPress GrandTour Theme <= 5.5.1 - PHP Object Injection vulnerability | | |
| CVE-2025-39486 | WordPress Rankie plugin < 1.8.2 - SQL Injection vulnerability | S | |
| CVE-2025-39487 | WordPress Rankie plugin <= 1.8.2 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-39488 | WordPress MagOne theme <= 8.5 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-39489 | WordPress CouponXL <= 4.5.0 - Privilege Escalation Vulnerability | | |
| CVE-2025-39490 | WordPress Backpack Traveler <= 2.7 - Local File Inclusion Vulnerability | | |
| CVE-2025-39491 | WordPress WHMpress plugin <= 6.2-revision-9 - Local File Inclusion vulnerability | | |
| CVE-2025-39492 | WordPress WHMpress plugin <= 6.2-revision-9 - Local File Inclusion vulnerability | | |
| CVE-2025-39493 | WordPress Rankie <= 1.8.0 - Broken Access Control Vulnerability | | |
| CVE-2025-39494 | WordPress Wilmër theme < 3.4.2 - Local File Inclusion Vulnerability | S | |
| CVE-2025-39495 | WordPress Avantage Theme <= 2.4.6 - PHP Object Injection vulnerability | | |
| CVE-2025-39498 | WordPress Spotlight - Social Media Feeds (Premium) plugin <= 1.7.1 - Sensitive Data Exposure vulnerability | S | |
| CVE-2025-39499 | WordPress Medicare Theme <= 2.1.0 - PHP Object Injection vulnerability | S | |
| CVE-2025-39500 | WordPress Goodlayers Hostel Plugin <= 3.1.2 - PHP Object Injection vulnerability | | |
| CVE-2025-39501 | WordPress Goodlayers Hostel Plugin <= 3.1.2 - SQL Injection vulnerability | | |
| CVE-2025-39502 | WordPress Goodlayers Hostel Plugin <= 3.1.2 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-39503 | WordPress Goodlayers Hotel plugin <= 3.1.4 - PHP Object Injection vulnerability | | |
| CVE-2025-39504 | WordPress Goodlayers Hotel plugin <= 3.1.4 - SQL Injection vulnerability | | |
| CVE-2025-39505 | WordPress Goodlayers Hotel plugin <= 3.1.4 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-39506 | WordPress Nasa Core Plugin <= 6.3.2 - Local File Inclusion vulnerability | | |
| CVE-2025-39507 | WordPress Nasa Core Plugin <= 6.3.2 - Local File Inclusion vulnerability | | |
| CVE-2025-39508 | WordPress Nasa Core Plugin <= 6.3.2 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-39509 | WordPress TNC FlipBook plugin <= 12.1.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-39511 | WordPress Pinterest Automatic Pin <= 4.18.2 - Broken Access Control Vulnerability | | |
| CVE-2025-39512 | WordPress Bulk Term Editor <= 1.1.4 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-39513 | WordPress ActiveDEMAND <= 0.2.46 - Broken Access Control Vulnerability | | |
| CVE-2025-39514 | WordPress Asgaros Forum <= 3.0.0 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-39515 | WordPress Attendance Manager <= 0.6.2 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-39516 | WordPress Author WIP Progress Bar <= 1.0 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-39517 | WordPress Basic Interactive World Map plugin <= 2.7 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability | | |
| CVE-2025-39518 | WordPress BMA Lite <= 1.4.2 - SQL Injection Vulnerability | | |
| CVE-2025-39519 | WordPress Bulk Page Stub Creator plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-39520 | WordPress Checkout Files Upload for WooCommerce <= 2.2.0 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-39521 | WordPress Contact Form vCard Generator plugin <= 2.4 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-39522 | WordPress Dynamic Post <= 4.10 - Settings Change Vulnerability | | |
| CVE-2025-39524 | WordPress Html5 Audio Player <= 2.2.28 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-39525 | WordPress Logo Carousel Slider <= 2.1.3 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-39526 | WordPress Hotel Booking Plugin <= 3.6 - Local File Inclusion vulnerability | | |
| CVE-2025-39527 | WordPress Rating by BestWebSoft <= 1.7 - PHP Object Injection Vulnerability | | |
| CVE-2025-39528 | WordPress Rescue Shortcodes plugin <= 3.1 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-39529 | WordPress Scriptless Social Sharing <= 3.2.4 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-39530 | WordPress Site Search 360 plugin <= 2.1.7 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability | | |
| CVE-2025-39531 | WordPress Slazzer Background Changer <= 3.14 - Broken Access Control Vulnerability | | |
| CVE-2025-39532 | WordPress Spice Blocks <= 2.0.7.1 - Broken Access Control Vulnerability | | |
| CVE-2025-39533 | WordPress Starfish Review Generation & Marketing plugin <= 3.1.14 - Arbitrary Option Update to Privilege Escalation vulnerability | | |
| CVE-2025-39535 | WordPress Vitepos <= 3.1.7 - Broken Authentication Vulnerability | | |
| CVE-2025-39536 | WordPress JobHunt Job Alerts <= 3.6 - Arbitrary Content Deletion Vulnerability | | |
| CVE-2025-39537 | WordPress WP JobHunt <= 7.1 - Insecure Direct Object References (IDOR) Vulnerability | | |
| CVE-2025-39538 | WordPress WP-Advanced-Search <= 3.3.9.3 - Arbitrary File Upload Vulnerability | | |
| CVE-2025-39539 | WordPress Soho Hotel <= 4.2.5 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-39540 | WordPress WP Flipclock plugin <= 1.9 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-39542 | WordPress Xelion Webchat <= 9.1.0 - Privilege Escalation Vulnerability | | |
| CVE-2025-39543 | WordPress Royal Elementor Addons plugin <= 1.3.977 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-39544 | WordPress WP Tools plugin <= 5.18 - CSRF to Arbitrary File Deletion vulnerability | S | |
| CVE-2025-39545 | WordPress WordPress REST API Authentication <= 3.6.3 - Settings Change Vulnerability | S | |
| CVE-2025-39546 | WordPress ElementsReady Addons for Elementor <= 6.6.2 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-39547 | WordPress Internal Link Optimiser plugin <= 5.1.3 - CSRF to XSS vulnerability | S | |
| CVE-2025-39548 | WordPress Right Click Disable OR Ban plugin <= 1.1.17 - CSRF to Stored XSS vulnerability | S | |
| CVE-2025-39549 | WordPress Most And Least Read Posts Widget <= 2.5.20 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-39550 | WordPress FluentCommunity <= 1.2.15 - PHP Object Injection Vulnerability | S | |
| CVE-2025-39551 | WordPress FluentBoards <= 1.47 - PHP Object Injection Vulnerability | S | |
| CVE-2025-39552 | WordPress Zephyr Project Manager <= 3.3.200 - Broken Access Control Vulnerability | S | |
| CVE-2025-39554 | WordPress AI Text to Speech plugin <= 3.0.3 - Broken Access Control vulnerability | S | |
| CVE-2025-39555 | WordPress Church Admin plugin <= 5.0.23 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-39556 | WordPress Mediavine Control Panel plugin <= 2.10.6 - Sensitive Data Exposure vulnerability | S | |
| CVE-2025-39557 | WordPress Kadence WooCommerce Email Designer plugin <= 1.5.14 - Arbitrary File Upload vulnerability | S | |
| CVE-2025-39558 | WordPress CRM Perks plugin <= 1.1.7 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-39559 | WordPress Bring Fraktguiden for WooCommerce plugin <= 1.11.4 - Broken Access Control vulnerability | S | |
| CVE-2025-39560 | WordPress Live Forms plugin <= 4.8.4 - Broken Access Control vulnerability | S | |
| CVE-2025-39562 | WordPress Payment Form for PayPal Pro <= 1.1.72 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-39563 | WordPress Conditional Payments for WooCommerce <= 3.3.0 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-39564 | WordPress Conditional Shipping for WooCommerce <= 3.4.0 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-39565 | WordPress MelaPress Login Security <= 2.1.0 - PHP Object Injection Vulnerability | S | |
| CVE-2025-39566 | WordPress Hostel <= 1.1.5.6 - SQL Injection Vulnerability | S | |
| CVE-2025-39567 | WordPress Web Directory Free plugin <= 1.7.8 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-39568 | WordPress StoreContrl Woocommerce <= 4.1.3 - Arbitrary File Download Vulnerability | S | |
| CVE-2025-39569 | WordPress Taskbuilder <= 4.0.1 - SQL Injection Vulnerability | S | |
| CVE-2025-39570 | WordPress WPCOM Member <= 1.7.7 - Local File Inclusion Vulnerability | S | |
| CVE-2025-39571 | WordPress WowStore <= 4.2.4 - Broken Access Control Vulnerability | S | |
| CVE-2025-39572 | WordPress Checkout for PayPal <= 1.0.38 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-39573 | WordPress WP Posts Carousel <= 1.3.10 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-39574 | WordPress Uix Shortcodes <= 2.0.4 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-39575 | WordPress WPCasa <= 1.3.2 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-39576 | WordPress WPAdverts <= 2.2.1 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-39577 | WordPress PropertyHive <= 2.1.2 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-39578 | WordPress Responsive Blocks <= 2.0.2 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-39579 | WordPress Membership For WooCommerce <= 2.8.0 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-39580 | WordPress Dashi <= 3.1.8 - Broken Access Control Vulnerability | S | |
| CVE-2025-39581 | WordPress Themify Shortcodes <= 2.1.3 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-39582 | WordPress WP Data Access <= 5.5.36 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-39583 | WordPress BERTHA AI <= 1.12.10.2 - Arbitrary Content Deletion Vulnerability | S | |
| CVE-2025-39584 | WordPress Eventin <= 4.0.25 - Local File Inclusion Vulnerability | S | |
| CVE-2025-39585 | WordPress Travelfic Toolkit <= 1.2.1 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-39586 | WordPress ProfileGrid <= 5.9.4.8 - SQL Injection Vulnerability | S | |
| CVE-2025-39587 | WordPress Cost Calculator Builder <= 3.2.65 - SQL Injection Vulnerability | S | |
| CVE-2025-39588 | WordPress Ultimate Store Kit Elementor Addons <= 2.4.0 - Deserialization of untrusted data Vulnerability | S | |
| CVE-2025-39589 | WordPress Essential Addons for Elementor <= 6.1.9 - Sensitive Data Exposure Vulnerability | S | |
| CVE-2025-39590 | WordPress Essential Addons for Elementor <= 6.1.9 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-39591 | WordPress WP Subscription Forms <= 1.2.3 - Broken Access Control Vulnerability | S | |
| CVE-2025-39592 | WordPress Subscribe to Unlock Lite <= 1.3.0 - Local File Inclusion Vulnerability | S | |
| CVE-2025-39593 | WordPress Ever Accounting <= 2.1.5 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-39594 | WordPress Arigato Autoresponder and Newsletter plugin <= 2.7.2.4 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-39595 | WordPress Quentn WP <= 1.2.8 - SQL Injection Vulnerability | S | |
| CVE-2025-39596 | WordPress Quentn WP <= 1.2.8 - Privilege Escalation Vulnerability | S | |
| CVE-2025-39597 | WordPress Fast eBay Listings <= 2.12.15 - Open Redirection Vulnerability | S | |
| CVE-2025-39598 | WordPress Administrator Z <= 2025.03.28 - Directory Traversal Vulnerability | S | |
| CVE-2025-39599 | WordPress Listdom <= 4.0.0 - Open Redirection Vulnerability | S | |
| CVE-2025-39600 | WordPress Integration for WooCommerce and QuickBooks <= 1.3.1 - Cross Site Request Forgery (CSRF) Vulnerability | S | |
| CVE-2025-39601 | WordPress Custom CSS, JS & PHP plugin <= 2.4.1 - CSRF to RCE vulnerability | S | |
| CVE-2025-39602 | WordPress WooCommerce Product Table Lite plugin <= 3.9.5 - Broken Access Control vulnerability | S | |
| CVE-2025-39688 | nfsd: allow SC_STATUS_FREEABLE when searching via nfs4_lookup_stateid() | | |
| CVE-2025-39728 | clk: samsung: Fix UBSAN panic in samsung_clk_init() | S | |
| CVE-2025-39735 | jfs: fix slab-out-of-bounds read in ea_get() | S | |
| CVE-2025-39755 | staging: gpib: Fix cb7210 pcmcia Oops | S | |
| CVE-2025-39778 | objtool, nvmet: Fix out-of-bounds stack access in nvmet_ctrl_state_show() | S | |
| CVE-2025-39930 | ASoC: simple-card-utils: Don't use __free(device_node) at graph_util_parse_dai() | | |
| CVE-2025-39989 | x86/mce: use is_copy_from_user() to determine copy-from-user context | |