CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-68601 – WordPress Five Star Restaurant Reservations plugin <= 2.7.7 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2025-68601
24 Dec 2025 — Cross-Site Request Forgery (CSRF) vulnerability in Rustaurius Five Star Restaurant Reservations restaurant-reservations allows Cross Site Request Forgery.This issue affects Five Star Restaurant Reservations: from n/a through <= 2.7.7. • https://vdp.patchstack.com/database/Wordpress/Plugin/restaurant-reservations/vulnerability/wordpress-five-star-restaurant-reservations-plugin-2-7-7-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-68590 – WordPress Integration for Contact Form 7 HubSpot plugin <= 1.4.2 - SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2025-68590
24 Dec 2025 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CRM Perks Integration for Contact Form 7 HubSpot cf7-hubspot allows Blind SQL Injection.This issue affects Integration for Contact Form 7 HubSpot: from n/a through <= 1.4.2. • https://vdp.patchstack.com/database/Wordpress/Plugin/cf7-hubspot/vulnerability/wordpress-integration-for-contact-form-7-hubspot-plugin-1-4-2-sql-injection-vulnerability? • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-68584 – WordPress Vimeotheque plugin <= 2.3.5.2 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2025-68584
24 Dec 2025 — Cross-Site Request Forgery (CSRF) vulnerability in Constantin Boiangiu Vimeotheque codeflavors-vimeo-video-post-lite allows Cross Site Request Forgery.This issue affects Vimeotheque: from n/a through <= 2.3.5.2. • https://vdp.patchstack.com/database/Wordpress/Plugin/codeflavors-vimeo-video-post-lite/vulnerability/wordpress-vimeotheque-plugin-2-3-5-2-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-68583 – WordPress Fast User Switching plugin <= 1.4.10 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2025-68583
24 Dec 2025 — Cross-Site Request Forgery (CSRF) vulnerability in Tikweb Management Fast User Switching fast-user-switching allows Cross Site Request Forgery.This issue affects Fast User Switching: from n/a through <= 1.4.10. • https://vdp.patchstack.com/database/Wordpress/Plugin/fast-user-switching/vulnerability/wordpress-fast-user-switching-plugin-1-4-10-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-68580 – WordPress Advanced Classifieds & Directory Pro plugin <= 3.2.9 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2025-68580
24 Dec 2025 — Cross-Site Request Forgery (CSRF) vulnerability in pluginsware Advanced Classifieds & Directory Pro advanced-classifieds-and-directory-pro allows Cross Site Request Forgery.This issue affects Advanced Classifieds & Directory Pro: from n/a through <= 3.2.9. • https://vdp.patchstack.com/database/Wordpress/Plugin/advanced-classifieds-and-directory-pro/vulnerability/wordpress-advanced-classifieds-directory-pro-plugin-3-2-9-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-68573 – WordPress Simple Keyword to Link plugin <= 1.5 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2025-68573
24 Dec 2025 — Cross-Site Request Forgery (CSRF) vulnerability in Alessandro Piconi Simple Keyword to Link simple-keyword-to-link allows Cross Site Request Forgery.This issue affects Simple Keyword to Link: from n/a through <= 1.5. • https://vdp.patchstack.com/database/Wordpress/Plugin/simple-keyword-to-link/vulnerability/wordpress-simple-keyword-to-link-plugin-1-5-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-68570 – WordPress Captivate Sync plugin <= 3.2.2 - SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2025-68570
24 Dec 2025 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in captivateaudio Captivate Sync captivatesync-trade allows Blind SQL Injection.This issue affects Captivate Sync: from n/a through <= 3.2.2. • https://vdp.patchstack.com/database/Wordpress/Plugin/captivatesync-trade/vulnerability/wordpress-captivate-sync-plugin-3-2-2-sql-injection-vulnerability? • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-68567 – WordPress My auctions allegro plugin <= 3.6.32 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2025-68567
24 Dec 2025 — Cross-Site Request Forgery (CSRF) vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Cross Site Request Forgery.This issue affects My auctions allegro: from n/a through <= 3.6.32. • https://vdp.patchstack.com/database/Wordpress/Plugin/my-auctions-allegro-free-edition/vulnerability/wordpress-my-auctions-allegro-plugin-3-6-32-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-68565 – WordPress Twitch Player plugin <= 2.1.3 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2025-68565
24 Dec 2025 — Missing Authorization vulnerability in JayBee Twitch Player ttv-easy-embed-player allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Twitch Player: from n/a through <= 2.1.3. • https://vdp.patchstack.com/database/Wordpress/Plugin/ttv-easy-embed-player/vulnerability/wordpress-twitch-player-plugin-2-1-3-broken-access-control-vulnerability? • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-68506 – WordPress Docket Cache plugin <= 24.07.03 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2025-68506
24 Dec 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Nawawi Jamili Docket Cache docket-cache allows PHP Local File Inclusion.This issue affects Docket Cache: from n/a through <= 24.07.03. • https://vdp.patchstack.com/database/Wordpress/Plugin/docket-cache/vulnerability/wordpress-docket-cache-plugin-24-07-03-local-file-inclusion-vulnerability? • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •