• New Page 1

    RSSFacebookInstagramTwitterYouTubeYouTubeYouTubeYouTubeYouTubeYouTubeYouTube  

    AGÊNCIA JF | Social - Repositório

Wordfence Intelligence Weekly WordPress Vulnerability Report (March 31, 2025 to April 6, 2025)

por | |

📢 In case you missed it, Wordfence just published its annual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond.  

Last week, there were 527 vulnerabilities disclosed in 464 WordPress Plugins and 19 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 85 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to implement layered security, aligning with our overarching mission to secure WordPress with defense in depth strategies. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.

Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 25,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

New Firewall Rules Deployed Last Week

The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.

The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:

  • SureTriggers <= 1.0.78 – Authorization Bypass due to Missing Empty Value Check to Unauthenticated Administrative User Creation
  • WAF-RULE-818 – Data redacted while we work with the vendor on a patch.

Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.

Total Unpatched & Patched Vulnerabilities Last Week

Patch Status Number of Vulnerabilities
Patched 80
Unpatched 447

Total Vulnerabilities by CVSS Severity Last Week

Severity Rating Number of Vulnerabilities
Medium Severity 456
High Severity 55
Critical Severity 16

Total Vulnerabilities by CWE Type Last Week

Vulnerability Type by CWE Number of Vulnerabilities
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 242
Missing Authorization 124
Cross-Site Request Forgery (CSRF) 49
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) 33
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) 20
Exposure of Sensitive Information to an Unauthorized Actor 15
Unrestricted Upload of File with Dangerous Type 10
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) 8
Deserialization of Untrusted Data 4
Authentication Bypass Using an Alternate Path or Channel 3
Authorization Bypass Through User-Controlled Key 3
Improper Control of Generation of Code (‘Code Injection’) 3
Improper Privilege Management 3
Incorrect Privilege Assignment 3
Server-Side Request Forgery (SSRF) 3
URL Redirection to Untrusted Site (‘Open Redirect’) 2
Improper Input Validation 1
Improper Restriction of XML External Entity Reference 1

Researchers That Contributed to WordPress Security Last Week

Researcher Name Number of Vulnerabilities

Kévin Mosbahi (Mika)

53

Trương Hữu Phúc (truonghuuphuc)

41

SOPROBRO

38

Abdi Pranata

25

João Pedro Soares de Alcântara

24

Peter Thaleikis

24

theviper17y

22

Nguyen Xuan Chien

22

0xd4rk5id3

22

LVT-tholv2k

20

Gab

15

Pham Van Tam

14

johska

12

muhammad yudha

12

Skalucy

9

Nabil Irawan

8

Nguyễn Trung Kiên

6

astra.r3verii

6

Tran Nguyen Bao Khanh

6

Phat RiO – BlueRock

6

Aiden (Thái An)

6

István Márton

5

mikemyers

5

stealthcopter

5

zaim

4

Foxyyy

4

Michael

4

Prissy

4

Le Ngoc Anh

4

thiennv

4

Tran Hoang Tuan Kiet

4

SavPhill (Savphill)

3

Khalid Yusuf

3

Dimas Maulana

3

Tri Doan

3

Webbernaut

3

NAWardRox

3

minhtuanact

3

kr0d

3

Khang Duong

3

timomangcut

3

Dhabaleshwar Das

3

Nguyen Khanh Hao

2

Lucio Sá

2

Tim Coen

2

Marek Mikita

2

Ngô Thiên An (ancorn_)

2

Caesar Evan Santoso

2

Robert DeVore

2

Ananda Dhakal

2

Revan Arifio

2

Avraham Shemesh

2

zer0gh0st

2

Brian Sans-Souci (liardom)

2

Webula

2

Psai

2

lucky_buddy

2

siavashvafshar

1

Alyudin Nafiie

1

Kishan Vyas

1

Malvin Valerian Gultom

1

chuck

1

20kilograma

1

Ankit Patel

1

Phan Trong Quan

1

Affan Ali

1

Abhinav Porwal

1

Manab Jyoti Dowarah

1

Hakiduck

1

Cristian Bejan (cbejan)

1

hunter85

1

Quang Bach (maysbachs)

1

Colin Xu

1

Krzysztof Zając

1

UKO

1

wesley (wcraft)

1

Bassem Essam

1

Bonds

1

Logan Cote

1

beluga

1

Joshua Chan

1

b4orvn

1

Christiaan Swiers (YouGina)

1

Tonn

1

luc

1

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.

WordPress Plugins with Reported Vulnerabilities Last Week

Software Name Software Slug
1 Click WordPress Migration Plugin – 100% FREE for a limited time 1-click-migration
1-Click Backup & Restore Database 1-click-backup-restore-database-by-sunbytes
140+ Widgets | Xpro Addons For Elementor – FREE xpro-elementor-addons
6Storage Rentals 6storage-rentals
AB Google Map Travel (AB-MAP) ab-google-map-travel
ABC Notation abc-notation
ACF City Selector acf-city-selector
ACME Divi Modules acme-divi-modules
Actionwear products sync actionwear-products-sync
ActiveCampaign – Forms, Site Tracking, Live Chat activecampaign-subscription-forms
AdMail – Multilingual Back in-Stock Notifier for WooCommerce admail
Administrator Z administrator-z
Advanced Search by My Solr Server advanced-search-by-my-solr-server
Advanced Speed Increaser advanced-speed-increaser
Advanced Typekit advanced-typekit
Advanced Woo Labels – Product Labels for WooCommerce advanced-woo-labels
Advanced WooCommerce Product Sales Reporting – Statistics & Forecast webd-woocommerce-advanced-reporting-statistics
Advanced WordPress Backgrounds advanced-backgrounds
Agency Toolkit agency-toolkit
Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One ai-auto-tool
AI Content Creator – Easy ChatGPT powered article generator ai-content-creator
AI Content Pipelines: Content Engine + Analytics ai-content-pipelines
Ai Image Alt Text Generator for WP ai-image-alt-text-generator-for-wp
AI Search Bar open-ai-search-bar
AIO Performance Profiler, Monitor, Optimize, Compress & Debug all-in-one-performance-accelerator
Apimo Connector apimo
Append Content append-content
Appointify appointify
Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress bookingpress-appointment-booking
Apptivo Business Site CRM apptivo-business-site
Arkhe Blocks arkhe-blocks
Arrow Custom Feed for Twitter arrow-twitter-feed
Astra Security Suite – Firewall & Malware Scan getastra
aThemes Addons for Elementor athemes-addons-for-elementor-lite
Author Bio Shortcode author-bio-shortcode
Auto Post After Image Upload auto-post-after-image-upload
Auto scroll for reading auto-scroll-for-reading
Automatic Featured Images from Videos automatic-featured-images-from-videos
Avada (Fusion) Builder fusion-builder
Awesome Event Booking awesome-event-booking
Awesome Logos awesome-logos
Awesome Support – WordPress HelpDesk & Support Plugin awesome-support
B Blocks – The ultimate block collection b-blocks
Barcode Generator for WooCommerce – Show barcodes on products, orders, invoices and other pages embedding-barcodes-into-product-pages-and-orders
Beam me up Scotty – Back to Top Button beam-me-up-scotty
Beds24 Online Booking beds24-online-booking
Behance Portfolio Manager portfolio-manager-powered-by-behance
Big Boom Directory big-boom-directory
Black Widgets For Elementor black-widgets
BlockWheels blockwheels
Blog Grid & Post Grid – Blog Post Slider, Blog Post Carousel, Blog Post Ticker, Blog Post Masonry, Category Post Grid By News & Blog Designer Pack blog-designer-pack
Blubrry PowerPress Podcasting plugin MultiSite add-on powerpress-multisite
Boo Recipes boo-recipes
Booking Calendar and Notification booking-calendar-and-notification
Booster for WooCommerce woocommerce-jetpack
Botnet Attack Blocker botnet-attack-blocker
Breaking News WP breaking-news-wp
Bridge Core bridge-core
Brizy – Page Builder brizy
Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links broken-link-checker-seo
BuddyPress Members Only buddypress-members-only
Bulk Fields Editor bulk-user-editor
Bulk NoIndex & NoFollow Toolkit bulk-noindex-nofollow-toolkit-by-mad-fish
Bulk Product Sync – Bulk Product Editor for WooCommerce with Google Sheets™ sync-wc-google
BWD Elementor Addons (2500+ presets, Meet The Team, Lottie, Lord Icon, Masking, Woocommerce, Theme Builder, Products, Blogs, CV, Contact Form 7 Styler, Header, Slider, Hero Section) bwd-elementor-addons
byBrick Accordion bybrick-accordion
Cache control by Cacholong cache-control-by-cacholong
Cal.com cal-com
Catch Dark Mode catch-dark-mode
Category Icon category-icon
CBX Poll cbxpoll
CF7 Spreadsheets cf7-spreadsheets
CGM Event Calendar cgm-event-calendar
Chamber Dashboard Business Directory chamber-dashboard-business-directory
Chat by Chatwee chatwee
Checklist checklist
Clearbit Reveal clearbit
Client Showcase client-showcase
Clients clients
Clockinator Lite clockify-lite
CM Header and Footer – Add custom scripts and styles to your header and footer with ease cm-header-footer-script-loader
CMP – Coming Soon & Maintenance Plugin by NiteoThemes cmp-coming-soon-maintenance
Colibri Page Builder colibri-page-builder
Connector to CiviCRM with CiviMcRestFace connector-civicrm-mcrestface
Contact Form Builder by vcita contact-form-with-a-meeting-scheduler-by-vcita
Contact Form vCard Generator contact-form-vcard-generator
Contempo Real Estate Core ct-real-estate-core
Content Manager Light content-manager-light
ContentBot AI Writer (ChatGPT, GPT4) content-bot
ContentMX Content Publisher contentmx-content-publisher
CookieHint WP cookiehint-wp
Countdown, Coming Soon, Maintenance – Countdown & Clock countdown-builder
Course Booking System course-booking-system
CoverManager covermanager
Cryptocurrency Widgets Pack cryptocurrency-widgets-pack
Cue by AudioTheme.com cue
Custom Content Scrollbar custom-content-scrollbar
Custom Database Applications by Caspio custom-database-applications-by-caspio
Daisycon prijsvergelijkers daisycon
DeBounce Email Validator debounce-io-email-validator
Delete Post Revision delete-post-revision
Demo Awesome demo-awesome
Design Blocks – Gutenberg Blocks collection exclusive-blocks
DethemeKit for Elementor dethemekit-for-elementor
Digihood HTML Sitemap wedesin-html-sitemap
DigiWidgets Image Editor digiwidgets-image-editor
Dima Take Action dima-take-action
Directorist AddonsKit for Elementor addonskit-for-elementor
Directory Listings WordPress plugin – uListing ulisting
Display product variations dropdown on shop page display-product-variations-dropdown-on-shop-page
DobsonDev Shortcodes dobsondev-shortcodes
Docxpresso docxpresso
Donate Me donate-me
Doppler Forms doppler-form
Drag and Drop Multiple File Upload for WooCommerce drag-and-drop-multiple-file-upload-for-woocommerce
DyaPress ERP/CRM dyapress
Easy Contact easy-contact
Easy Google Maps google-maps-easy
Easy Magazine filtr8-magazine
Easy Query – WP Query Builder easy-query
Easy WP Optimizer – Optimize DB & WordPress easy-wp-optimizer
Easy!Appointments easyappointments
Ebook Downloader ebook-downloader
Ecwid by Lightspeed Ecommerce Shopping Cart ecwid-shopping-cart
ElementsCSS Addons for Elementor (Elementor Widgets Extender & Addons) css-for-elementor
ELEX WooCommerce Request a Quote elex-request-a-quote
Email Notifications for Updates wp-update-mail-notification
Embed Chessboard embed-chessboard
Embed Extended – Embed Maps, Videos, Websites, Source Codes, and more embed-extended
Emma for WordPress emma-emarketing-plugin
Enable Media Replace enable-media-replace
Ethiopian Calendar ethiopian-calendar
Eventbee RSVP Widget eventbee-rsvp-widget
EventON – Events Calendar eventon-lite
Exit Popup Free exit-popup-free
Export All Post Meta export-all-post-meta
Extensions for Elementor extensions-for-elementor
ez-form-calculator-premium ez-form-calculator-premium
Falling Things falling-things
Fami WooCommerce Compare fami-woocommerce-compare
FancyPost – Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor post-block
Feedbucket – Website Feedback Tool feedbucket
Flag Icons language-icons-flags-switcher
Flickr Photostream flickr-photostream
Follow Us Badges wpsite-follow-us-badges
Fonto – Custom Web Fonts Manager fonto
Fonts Manager | Custom Fonts fonts-manager-custom-fonts
Footer Contacts Bar dn-footer-contacts
Footnotes for WordPress footnotes-for-wordpress
FPW Category Thumbnails fpw-category-thumbnails
Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking easync-booking
Free Woocommerce Product Table View – Woo Table Pro free-product-table-for-woocommerce
Frizzly – Social Share Buttons frizzly
Front End Users front-end-only-users
FunnelCockpit funnelcockpit
Fusion Page Builder fusion
Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery simply-gallery-block
Gallery – Photo Albums Plugin easy-media-gallery
GB Gallery Slideshow gb-gallery-slideshow
GDPR Cookie Notice gdpr-cookie-notice
GetBookingsWP – Appointments Booking Calendar Plugin For WordPress get-bookings-wp
Gift Cards for WooCommerce woo-giftcards
Gift Certificate Creator gift-certificate-creator
GNUCommerce gnucommerce
Google SEO Pressor for Rich snippets google-seo-author-snippets
Gosign – Posts Slider Block gosign-posts-slider-block
Group Chat & Video Chat by AtomChat atomchat
GTM Kit – Google Tag Manager & GA4 integration gtm-kit
Gutena Kit – Gutenberg Blocks and Templates gutena-kit
Gutenify – Visual Site Builder Blocks & Site Templates. gutenify
History Log by click5 history-log-by-click5
HMH Footer Builder For Elementor hmh-footer-builder-for-elementor
HTML Forms – Simple WordPress Forms Plugin html-forms
Hyperlink Group Block hyperlink-group-block
Hypotext hypotext
Import Export Suite for CSV and XML Datafeed wp-ultimate-csv-importer
IMPress for IDX Broker idx-broker-platinum
include-file include-file
Infusionsoft Web Form JavaScript infusionsoft-web-form-javascript
Insert Headers and Footers Code – HT Script insert-headers-and-footers-script
Integration of Zoho CRM and Contact Form 7 integration-of-zoho-crm-and-contact-form-7
Jetpack Feedback Exporter jetpack-feedback-exporter
Job Board Manager job-board-manager
JobBoard Job listing plugin job-board-light
JS Job Manager js-jobs
JSON Structuring Markup json-structuring-markup
Just Post Preview Widget just-post-preview
KB Support – Customer Support Ticket & Helpdesk Plugin, Knowledge Base Plugin kb-support
LA-Studio Element Kit for Elementor lastudio-element-kit
Labinator Content Types Duplicator labinator-content-types-duplicator
Lafka Plugin lafka-plugin
Latest Custom Post Type Updates latest-custom-post-type-updates
Leadfox for WordPress leadfox
LeadLab by wiredminds wiredminds-leadlab
LeadQuizzes leadquizzes
Leartes TRY Exchange Rates leartes-try-exchange-rates
Lexicata lexicata
Libro de Reclamaciones y Quejas libro-de-reclamaciones-y-quejas
Lifetime free Drag & Drop Contact Form Builder for WordPress VForm v-form
Lightbox & Modal Popup WordPress Plugin – FooBox foobox-image-lightbox
Lightweight and Responsive Youtube Embed lightweight-and-responsive-youtube-embed
Limit Max IPs Per User limit-max-ips-per-user
Link Library link-library
Local Magic local-magic
LuckyWP Table of Contents luckywp-table-of-contents
m1.DownloadList m1downloadlist
Magical Blocks – Premium Gutenberg Blocks magical-blocks
Maps for WP maps-for-wp
Marketer Addons marketer-addons
MasterStudy LMS WordPress Plugin – for Online Courses and Education masterstudy-lms-learning-management-system
Material Dashboard material-dashboard
mb.YTPlayer for background videos wpmbytplayer
Media Library Assistant media-library-assistant
MediaView mediaview
mFolio Lite mfolio-lite
Minimalistic Event Manager minimalistic-event-manager
Mobile App Canvas – Convert your Website Into an App for iOS and Android mobile-app
Modula Image Gallery modula-best-grid-gallery
Motors – Car Dealership & Classified Listings Plugin motors-car-dealership-classified-listings
MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar mp3-music-player-by-sonaar
Multi Days Events and Multi Events in One Day Calendar dragon-calendar-free-version
MultiVendorX – Empower Your WooCommerce Store with a Dynamic Multivendor Marketplace – Build the Next Amazon, eBay, Etsy dc-woocommerce-multi-vendor
Musician’s Pack for Elementor – Music Website Widgets & Templates music-pack-for-elementor
MX Time Zone Clocks mx-time-zone-clocks
My auctions allegro my-auctions-allegro-free-edition
MyBookProgress by Stormhill Media mybookprogress
NanoSupport — Support Ticketing & Knowledgebase for WordPress nanosupport
Nemesis All-in-One | Newspaper Builder Elementor Extention nemesis-all-in-one
News Element Elementor Blog Magazine news-element
News Kit Elementor Addons news-kit-elementor-addons
News, Magazine and Blog Elements news-magazine-and-blog-elements
Next-Cart Store to WooCommerce Migration nextcart-woocommerce-migration
Ni WooCommerce Cost Of Goods ni-woocommerce-cost-of-goods
Ni WooCommerce Product Enquiry ni-woocommerce-product-enquiry
Norse Rune Oracle Plugin norse-runes-oracle
Notification Bar, Sticky Notification Bar, Sticky Welcome Bar for any theme gp-notification-bar
Nova Blocks by Pixelgrade nova-blocks
Online Booking & Scheduling Calendar for WordPress by vcita meeting-scheduler-by-vcita
onOffice for WP-Websites onoffice-for-wp-websites
Opal Portfolio opal-portfolios
OpenAI Tools for WordPress & WooCommerce openai-tools-for-wp-wc
OpenMenu – The official plugin for OpenMenu open-menu
Oracle Cards Lite oracle-cards
Order Splitter for WooCommerce woo-order-splitter
OSM – OpenStreetMap osm
OwnerRez ownerrez
Pages Order pages-order
Pay with Contact Form 7 pay-with-contact-form-7
Payday payday
pCloud Backup pcloud-backup
PDF Generator Addon for Elementor Page Builder pdf-generator-addon-for-elementor-page-builder
PeproDev CF7 Database pepro-cf7-database
Perfect Font Awesome Integration perfect-font-awesome-integration
PhotoShelter for Photographers Blog Feed Plugin photoshelter-official-plugin
Pin Generator pin-generator
Piotnet Addons For Elementor piotnet-addons-for-elementor
Piotnet Forms piotnetforms
Planyo online reservation system planyo-online-reservation-system
Plugin Oficial – Getnet para WooCommerce wc-checkout-getnet
Popular Brand Icons – Simple Icons simple-icons
Post Custom Templates Lite post-custom-templates-lite
Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) buddyforms
Posten – Gutenberg Post Block posten-post-blocks
PostmarkApp Email Integrator postmarkapp-email-integrator
Posts Footer Manager intelly-posts-footer-manager
PowerPack Elementor Addons (Free Widgets, Extensions and Templates) powerpack-lite-for-elementor
Price by Quantity & Bulk Quantity Discounts for WooCommerce wholesale-pricing-woocommerce
Printus – Automatic Printing Plugin for WooCommerce – Print WooCommerce Orders, PDF Invoices, Packaging Slips & More printus-cloud-printing-for-woocommerce
Privyr CRM – Instant Lead Alerts for Contact Forms privy-crm-integration
Processing Projects processing-projects
Product Filter by WBW woo-product-filter
Product Notices for WooCommerce product-notices-for-woocommerce
Product Table by WBW woo-product-tables
Publitio publitio
Query Wrangler query-wrangler
Question Answer question-answer
Radius Blocks – WordPress Gutenberg Blocks radius-blocks
Read More & Accordion expand-maker
Real Estate Manager – Property Listing and Agent Management real-estate-manager
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login custom-registration-form-builder-with-submission-manager
Related Posts Widget with Thumbnails advanced-css3-related-posts-widget
Residential Address Detection residential-address-detection
RestroPress – Online Food Ordering System restropress
Review Manager review-manager
Revive.so – Bulk Rewrite and Republish Blog Posts revive-so
Rich Text Editor richtexteditor
Rio Video Gallery rio-video-gallery
RJ Quickcharts rj-quickcharts
Rollbar rollbar
RSVPMaker rsvpmaker
s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions s2member
Safe Ai Malware Protection for WP safe-ai-malware-protection-for-wp
Salesmate Add-On for Gravity Forms gf-salesmate-add-on
Salon Booking System, Appointment Scheduling for Salons, Spas & Small Businesses salon-booking-system
SCSS WP Editor scss-wp-editor
Search engine keywords highlighter keywords-highlight-tool
Search, Filters & Merchandising for WooCommerce instantsearch-for-woocommerce
Secure Copy Content Protection and Content Locking secure-copy-content-protection
Send E-mail send-e-mail
SEO Tools seo-automatic-seo-tools
sequel sequel
Sheet2Site sheet2site
SheetDB – get your Google Spreadsheet data sheetdb
Ship Per Product ship-per-product
ShipDepot for WooCommerce ship-depot
Shiptimize for WooCommerce shiptimize-for-woocommerce
ShopCred – WooCommerce Builder with Products Grid & Carousel Block shopcred
Shopper – Affiliate Link Management, 25000+ Brand Partnerships & Creative Product Displays shopper
Shopper Approved Reviews shopperapproved-reviews
ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization shortpixel-adaptive-images
Showeblogin Social Plugin showeblogin-facebook-page-like-box
Sidebar Manager Light sidebar-manager-light
Silvasoft boekhouden silvasoft-boekhouden
Simple Banner – Easily add multiple Banners/Bars/Notifications/Announcements to the top or bottom of your website simple-banner
Simple Contact Forms simple-contact-forms
Simple Fixed Notice dn-cookie-notice
Simple Map No Api simple-map-no-api
Simple Owl Carousel simple-owl-carousel
Simple Post Expiration simple-post-expiration
Simple Sticky Add To Cart For WooCommerce sticky-add-to-cart-woo
Simple Website Logo simple-website-logo
Simple WP Events simple-wp-events
Simple-Audioplayer simple-audioplayer
Simple:Press Forum simplepress
SimplyRETS Real Estate IDX simply-rets
Sliced Invoices – WordPress Invoice Plugin sliced-invoices
Slider a SlidersPack – Image Slider, Post Slider, ACF Gallery Slider sliderspack-all-in-one-image-sliders
Slider Path for Elementor slider-path
Small Package Quotes – Worldwide Express Edition small-package-quotes-wwe-edition
Smart Icons For WordPress smartifw
Smartarget Popup smartarget-popup
SMM API smm-api
SMS Abandoned Cart Recovery ✦ CartBoss cartboss
SMS Alert Order Notifications – WooCommerce sms-alert
SnapWidget Social Photo Feed Widget snapwidget-wp-instagram-widget
Snow Storm snow-storm
Social Intents – Live Chat and ChatGPT Chatbots live-chat-support-by-social-intents
Social proof testimonials and reviews by Repuso social-testimonials-and-reviews-widget
Social Share And Social Locker – ARSocial social-share-and-social-locker-arsocial
Social Share Buttons & Analytics Plugin – GetSocial.io wp-share-buttons-analytics-by-getsocial
SP Blog Designer sp-blog-designer
Sparkle Elementor Kit sparkle-elementor-kit
Spider Elements – Crafted UX First Addons for Elementor spider-elements
Split Test For Elementor split-test-for-elementor
Sprout Clients – CRM and Lead Management sprout-clients
SrbTransLatin – Serbian Latinisation srbtranslatin
StaffList stafflist
StaticPress staticpress
Subscription Form for Feedblitz feedblitz-email-subscription
Support Helpdesk Ticket System Lite ticket-help-desk-system-lite
SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity surveyjs
SwiftXR (3D/AR/VR) Viewer swiftxr-3darvr-viewer
Swiss Toolkit For WP swiss-toolkit-for-wp
SWM – Shopify to WooCommerce Migration migrate-shopify-to-woocommerce
Table Block by Tableberg – Best WordPress Table Plugin tableberg
TableOn – WordPress Posts Table Filterable  posts-table-filterable
tagDiv Composer td-composer
TailPress – Tailwind for WordPress tailpress
teachPress teachpress
Team Builder – Meet the Team team-display
Team Members for Elementor Page Builder team-members-for-elementor
Team Rosters team-rosters
Terms Before Download terms-before-download
Testimonial – Testimonial Slider, Reviews Slider, Testimonial By AI testimonial
TextMe SMS textme-sms-integration
The Logo Slider the-logo-slider
Theater for WordPress theatre
Theme Duplicator theme-duplicator
Themesflat Addons For Elementor themesflat-addons-for-elementor
Timeline Event History timeline-event-history
Tockify Events Calendar tockify-events-calendar
Trackserver trackserver
Turbo Addons Elementor turbo-addons-elementor
Turisbook Booking System turisbook-booking-system
TuriTop Booking System turitop-booking-system
Twice Commerce – Easy Rental Booking System embed-rentle
TZ Plus Gallery tz-plus-gallery
Ultimate Live Cricket WordPress Lite ultimate-live-cricket-lite
Ultimate Push Notifications ( Mobile / Desktop ), Receive Notification From WooCommerce, BuddyPress, WordPress Default Events & Many More ultimate-push-notifications
Ultimate Store Kit – Elementor powered WooCommerce Builder, 80+ Widgets and Template Builder ultimate-store-kit
Ultra Addons Lite for Elementor ut-elementor-addons-lite
Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin uncanny-automator
Unlimited Elements For Elementor unlimited-elements-for-elementor
UPC/EAN/GTIN Code Generator upc-ean-barcode-generator
Uptime Robot Plugin for WordPress uptime-robot-monitor
URL Shortify – Simple, Powerful and Easy URL Shortener Plugin For WordPress url-shortify
Useinfluence useinfluence
User Registration & Membership – Custom Registration Form, Login Form, and User Profile user-registration
User Submitted Posts – Enable Users to Submit Posts from the Front End user-submitted-posts
Variable Inspector variable-inspector
Varnish WordPress varnish-wp
Vehica Core vehica-core
VG WooCarousel vg-woocarousel
Video & Photo Gallery for Ultimate Member gallery-for-ultimate-member
Video Playlist For YouTube video-playlist-for-youtube
Video Url video-sidebar-widget
Videos videos
Viral Loops WP Integration viral-loops-wp-integration
Vitepos – Point of sale (POS) plugin for WooCommerce vitepos-lite
VK Filter Search vk-filter-search
Watu Quiz watu
WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder wdesignkit
Web Directory Free web-directory-free
WebberZone Snippetz – Header, Body and Footer manager add-to-all
Webling webling
Welcome Bar intelly-welcome-bar
Welcome Popup welcome-popup
Widget Manager Light widget-manager-light
Woffice Core woffice-core
Woocommerce Advanced Product Organizer – Dynamic Sorting & Reordering vagonic-sortable
WooTumblog woo-tumblog
WordPress Access Areas wp-access-areas
WordPress Adverts Plugin – Adverts Click Tracker adverts-click-tracker
WordPress Appointment Booking and Online Scheduling Plugin by Appointy appointy-appointment-scheduler
WordPress Booking plugin for Appointment Calendar and Woocommcerce Booking – Bookingor bookingor
WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg groundhogg
WordPress Galleria wp-galleria
WordPress Header Builder Plugin – Pearl pearl-header-builder
wordpress related Posts with thumbnails related-posts-list-grid-and-slider-all-in-one
WordPress Simple HTML Sitemap wp-simple-html-sitemap
WordPress Testimonials Slider elfsight-testimonials-slider
WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly tour-booking-manager
WordPress Webinar Plugin – WebinarPress wp-webinarsystem
WP AdCenter – Ad Manager & Adsense Ads wpadcenter
WP AutoKeyword wp-autokeyword
WP Bookmarks wp-bookmarks
WP Chrono wp-chrono
WP Church Donation wp-church-donation
WP Cleaner wpcleaner
WP Clone any post type wp-clone-any-post-type
WP Copy Media URL wp-copy-media-url
WP Crowdfunding wp-crowdfunding
WP Date and Time Shortcode wp-date-and-time-shortcode
WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce wp-event-manager
WP Genealogy – Your Family History Website wpgenealogy
WP Link Preview wp-link-preview
WP Mobile Bottom Menu mobile-bottom-menu-for-wp
WP Modal Popup with Cookie Integration wp-modal-popup-with-cookie-integration
WP Optin Wheel – Gamified Optin Email Marketing Tool for WordPress and WooCommerce wp-optin-wheel
WP Plugin Info Card wp-plugin-info-card
WP Profitshare wp-profitshare
WP Proposals wp-proposals
WP RealEstate wp-realestate
WP Sitemap wpsitemap
wp Time Machine wp-time-machine
WP ULike – All-in-One Engagement Toolkit wp-ulike
WP Video Playlist wp-video-playlist
WP-LESS wp-less
WP_Identicon wp-identicon
WPBookit wpbookit
WPC Smart Linked Products – Upsells & Cross-sells for WooCommerce wpc-smart-linked-products
WPCargo Track & Trace wpcargo
wpForo Forum wpforo
WPoperation Elementor Addons wpop-elementor-addons
WPSHARE247 Elementor Addons wpshare247-elementor-addons
Wptobe-signinup wptobe-signinup
WR Price List Manager For Woocommerce wr-price-list-for-woocommerce
xili-language xili-language
Xpro Theme Builder For Elementor – FREE xpro-theme-builder
XV Random Quotes xv-random-quotes
YaMaps for WordPress Plugin yamaps
YayExtra – WooCommerce Extra Product Options yayextra
Zoho Flow – Integrate 100+ plugins with 1000+ business apps, no-code workflow automation zoho-flow
ZoomSounds – WordPress Wave Audio Player with Playlist dzs-zoomsounds

WordPress Themes with Reported Vulnerabilities Last Week

Software Name Software Slug
bloggie bloggie
edmin edmin
Folo folo
Glossy Blog glossy-blog
Gravel gravel
Home Services home-services
newsy newsy
photobox photobox
Real Estate 7 WordPress realestate-7
rezo rezo
shopo shopo
sidepane sidepane
Simplish simplish
slide slide
Streamit streamit
Tainá taina
Tiger tiger
wigi wigi
Woffice CRM woffice

Vulnerability Details

Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.

Booking Calendar and Notification <= 4.0.3 – Authentication Bypass

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-31381
Patch Status
Unpatched
Published
Apr 3, 2025

Affected Software
Booking Calendar and Notification
Researcher

Pham Van Tam

More Details >

CBX Poll <= 1.2.7 – Unauthenticated PHP Object Injection

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-31612
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
CBX Poll
Researcher

Kévin Mosbahi (Mika)

More Details >

DeBounce Email Validator <= 5.7 – Unauthenticated Local File Inclusion

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-31098
Patch Status
Patched
Published
Apr 3, 2025

Affected Software
DeBounce Email Validator
Researcher

Nguyen Xuan Chien

More Details >

DigiWidgets Image Editor <= 1.10 – Unauthenticated Remote Code Execution

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-30580
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
DigiWidgets Image Editor
Researcher

0xd4rk5id3

More Details >

Drag and Drop Multiple File Upload for WooCommerce <= 1.1.4 – Unauthenticated Arbitrary File Move

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-2941
Patch Status
Patched
Published
Apr 4, 2025

Affected Software
Drag and Drop Multiple File Upload for WooCommerce
Researcher

Phat RiO – BlueRock

More Details >

DyaPress ERP/CRM <= 18.0.2.0 – Unauthenticated Local File Inclusion

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-30582
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
DyaPress ERP/CRM
Researcher

LVT-tholv2k

More Details >

Fami WooCommerce Compare <= 1.0.5 – Unauthenticated Local File Inclusion

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-31405
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Fami WooCommerce Compare
Researcher

Dimas Maulana

More Details >

Front-End-Only-Users <= 3.2.32 – Unauthenticated Arbitrary File Upload

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-2005
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Front End Users
Researcher

Kishan Vyas

More Details >

GNUCommerce <= 1.5.4 – Unauthenticated PHP Object Injection

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-30985
Patch Status
Unpatched
Published
Apr 2, 2025

Affected Software
GNUCommerce
Researcher

LVT-tholv2k

More Details >

Material Dashboard <= 1.4.5 – Unauthenticated Local File Inclusion

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-31097
Patch Status
Patched
Published
Apr 1, 2025

Affected Software
Material Dashboard
Researcher

LVT-tholv2k

More Details >

News & Blog Designer Pack <= 4.0 – Unauthenticated Local File Inclusion

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-31082
Patch Status
Patched
Published
Apr 1, 2025

Affected Software
Blog Grid & Post Grid – Blog Post Slider, Blog Post Carousel, Blog Post Ticker, Blog Post Masonry, Category Post Grid By News & Blog Designer Pack
Researcher

Ananda Dhakal

More Details >

SMS Alert Order Notifications – WooCommerce <= 3.7.9 – Unauthenticated Account Takeover/Privilege Escalation

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-13553
Patch Status
Patched
Published
Mar 31, 2025

Affected Software
SMS Alert Order Notifications – WooCommerce
Researcher

Lucio Sá

More Details >

TagDiv Composer <= 5.3 – Unauthenticated Arbitrary PHP Object Instantiation

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-13645
Patch Status
Patched
Published
Apr 3, 2025

Affected Software
tagDiv Composer
Researcher

mikemyers

More Details >

Woffice <= 5.4.21 – Authentication Bypass via Registration Role

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-2798
Patch Status
Patched
Published
Apr 3, 2025

Affected Software
Woffice CRM
Researcher

Foxyyy

More Details >

Woffice Core <= 5.4.21 – Authenticated (Subscriber+) Arbitrary File Upload

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-2780
Patch Status
Patched
Published
Apr 3, 2025

Affected Software
Woffice Core
Researcher

Foxyyy

More Details >

WP RealEstate <= 1.6.26 – Authentication Bypass via ‘process_register’

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-2237
Patch Status
Patched
Published
Mar 31, 2025

Affected Software
WP RealEstate
Researcher

Tonn

More Details >

aThemes Addons for Elementor <= 1.0.15 – Authenticated (Contributor+) Local File Inclusion

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2025-32158
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
aThemes Addons for Elementor
Researcher

João Pedro Soares de Alcântara

More Details >

Beds24 Online Booking <= 2.0.28 – Authenticated (Contributor+) Local File Inclusion

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2025-32155
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Beds24 Online Booking
Researcher

João Pedro Soares de Alcântara

More Details >

BuddyForms <= 2.8.17 – Authenticated (Contributor+) Local File Inclusion

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2025-32151
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)
Researcher

LVT-tholv2k

More Details >

Catch Dark Mode <= 1.2.1 – Authenticated (Contributor+) Local File Inclusion

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2025-32154
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Catch Dark Mode
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Countdown & Clock <= 2.8.8 – Authenticated (Contributor+) Remote Code Execution

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2025-30841
Patch Status
Patched
Published
Apr 1, 2025

Affected Software
Countdown, Coming Soon, Maintenance – Countdown & Clock
Researcher

astra.r3verii

More Details >

Email Notifications for Updates <= 1.1.6 – Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2025-2933
Patch Status
Patched
Published
Apr 4, 2025

Affected Software
Email Notifications for Updates
Researcher

kr0d

More Details >

EventON <= 2.3.2 – Authenticated (Contributor+) Local File Inclusion

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2025-32160
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
EventON – Events Calendar
Researcher

Ngô Thiên An (ancorn_)

More Details >

Import Export Suite for CSV and XML Datafeed <= 7.19 – Authenticated (Subscriber+) Arbitrary File Upload

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2025-2008
Patch Status
Patched
Published
Mar 31, 2025

Affected Software
Import Export Suite for CSV and XML Datafeed
Researcher

mikemyers

More Details >

JS Job Manager <= 2.0.2 – Authenticated (Contributor+) Local File Inclusion

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2025-32146
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
JS Job Manager
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Just Post Preview Widget <= 1.1.1 – Authenticated (Contributor+) Local File Inclusion

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2025-32156
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Just Post Preview Widget
Researcher

João Pedro Soares de Alcântara

More Details >

MasterStudy LMS <= 3.5.25 – Authenticated (Contributor+) Local File Inclusion

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2025-32141
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
MasterStudy LMS WordPress Plugin – for Online Courses and Education
Researcher

LVT-tholv2k

More Details >

Motors <= 1.4.67 – Authenticated (Contributor+) Local File Inclusion

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2025-32142
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Motors – Car Dealership & Classified Listings Plugin
Researcher

LVT-tholv2k

More Details >

Multiple Themify Themes <= Various Versions – Authenticated (Contributor+) Arbitrary File Upload

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2025-30996
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
slide
Folo
rezo
sidepane
newsy
edmin
wigi
photobox
bloggie
Researcher

Tran Nguyen Bao Khanh

More Details >

Radius Blocks <= 2.2.1 – Authenticated (Contributor+) Local File Inclusion

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2025-32159
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Radius Blocks – WordPress Gutenberg Blocks
Researcher

João Pedro Soares de Alcântara

More Details >

Real Estate Manager <= 7.3 – Authenticated (Contributor+) Local File Inclusion

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2025-32150
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Real Estate Manager – Property Listing and Agent Management
Researcher

LVT-tholv2k

More Details >

Salon booking system <= 10.11 – Authenticated Privilege Escalation

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2025-31560
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Salon Booking System, Appointment Scheduling for Salons, Spas & Small Businesses
Researcher

Revan Arifio

More Details >

Shopper Approved Reviews 2.0 – 2.1 – Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2025-3063
Patch Status
Patched
Published
Apr 1, 2025

Affected Software
Shopper Approved Reviews
Researcher

kr0d

More Details >

Slider a SlidersPack <= 2.3 – Authenticated (Contributor+) Local File Inclusion

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2025-32152
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Slider a SlidersPack – Image Slider, Post Slider, ACF Gallery Slider
Researcher

LVT-tholv2k

More Details >

Sparkle Elementor Kit <= 2.0.9 – Authenticated (Contributor+) Local File Inclusion

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2025-32157
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Sparkle Elementor Kit
Researcher

João Pedro Soares de Alcântara

More Details >

Streamit <= 4.0.1 – Authenticated (Subscriber+) Arbitrary File Upload

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2025-2525
Patch Status
Patched
Published
Apr 4, 2025

Affected Software
Streamit
Researcher

István Márton

More Details >

Testimonial Slider <= 2.0.13 – Authenticated (Contributor+) PHP Object Injection

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2025-30889
Patch Status
Patched
Published
Apr 3, 2025

Affected Software
Testimonial – Testimonial Slider, Reviews Slider, Testimonial By AI
Researcher

LVT-tholv2k

More Details >

Uncanny Automator <= 6.3.0.2 – Missing Authorization to Authenticated (Subscriber+) Privilege Escalation

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2025-2075
Patch Status
Patched
Published
Apr 3, 2025

Affected Software
Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin
Researcher

mikemyers

More Details >

Vehica Core <= 1.0.97 – Authenticated (Subscriber+) Privilege Escalation

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2025-3105
Patch Status
Patched
Published
Apr 3, 2025

Affected Software
Vehica Core
Researcher

Alyudin Nafiie

More Details >

VG WooCarousel <= 1.3 – Authenticated (Contributor+) Local File Inclusion

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2025-32153
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
VG WooCarousel
Researcher

muhammad yudha

More Details >

WP Pro Real Estate 7 <= 3.5.4 – Authenticated (Custom) Arbitrary File Upload

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2025-2891
Patch Status
Patched
Published
Mar 31, 2025

Affected Software
Real Estate 7 WordPress
Researcher

Foxyyy

More Details >

WPC Smart Linked Products – Upsells & Cross-sells for WooCommerce <= 1.3.5 – Authenticated (Contributor+) Privilege Escalation

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2025-30825
Patch Status
Patched
Published
Apr 1, 2025

Affected Software
WPC Smart Linked Products – Upsells & Cross-sells for WooCommerce
Researcher

theviper17y

More Details >

wpForo Forum <= 2.4.3 – Authenticated (Subscriber+) Privilege Escalation

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2025-31420
Patch Status
Patched
Published
Apr 2, 2025

Affected Software
wpForo Forum
Researcher

Revan Arifio

More Details >

WpTravelly <= 1.8.7 – Authenticated (Contributor+) PHP Object Injection

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2025-30892
Patch Status
Patched
Published
Apr 1, 2025

Affected Software
WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly
Researcher

LVT-tholv2k

More Details >

Booster for WooCommerce 4.0.1 – 7.2.4 – Unauthenticated Arbitrary File Upload

8.1

CVSS Rating
High (8.1)
CVE-ID
CVE-2024-13744
Patch Status
Patched
Published
Apr 3, 2025

Affected Software
Booster for WooCommerce
Researcher

lucky_buddy

More Details >

Countdown, Coming Soon, Maintenance – Countdown & Clock <= 2.8.9.1 – Unauthenticated Limited Local File Inclusion

8.1

CVSS Rating
High (8.1)
CVE-ID
CVE-2025-2270
Patch Status
Patched
Published
Apr 3, 2025

Affected Software
Countdown, Coming Soon, Maintenance – Countdown & Clock
Researcher

mikemyers

More Details >

User Registration & Membership <= 4.1.2 – Authentication Bypass

8.1

CVSS Rating
High (8.1)
CVE-ID
CVE-2025-2594
Patch Status
Patched
Published
Apr 1, 2025

Affected Software
User Registration & Membership – Custom Registration Form, Login Form, and User Profile
Researcher

wesley (wcraft)

More Details >

ZoomSounds – WordPress Wave Audio Player with Playlist <= 6.91 – Missing Authorization to Authenticated (Subscriber+) Limited Options Update and Settings Manipulation

8.1

CVSS Rating
High (8.1)
CVE-ID
CVE-2024-13776
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
ZoomSounds – WordPress Wave Audio Player with Playlist
Researcher

Lucio Sá

More Details >

Advanced WooCommerce Product Sales Reporting <= 3.1 – Unauthenticated SQL Injection

7.5

CVSS Rating
High (7.5)
CVE-ID
CVE-2025-31553
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
Advanced WooCommerce Product Sales Reporting – Statistics & Forecast
Researcher

Aiden (Thái An)

More Details >

Awesome Support – WordPress HelpDesk & Support Plugin <= 6.3.1 – Unauthenticated Sensitive Information Exposure Through Unprotected Directory

7.5

CVSS Rating
High (7.5)
CVE-ID
CVE-2024-13567
Patch Status
Patched
Published
Mar 31, 2025

Affected Software
Awesome Support – WordPress HelpDesk & Support Plugin
Researcher

Tim Coen

More Details >

Booking Calendar and Notification <= 4.0.3 – Unauthenticated SQL Injection

7.5

CVSS Rating
High (7.5)
CVE-ID
CVE-2025-31403
Patch Status
Unpatched
Published
Apr 3, 2025

Affected Software
Booking Calendar and Notification
Researcher

Pham Van Tam

More Details >

History Log by click5 <= 1.0.13 – Unauthenticated SQL Injection

7.5

CVSS Rating
High (7.5)
CVE-ID
CVE-2025-31531
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
History Log by click5
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

KB Support – Customer Support Ticket & Helpdesk Plugin, Knowledge Base Plugin <= 1.7.4 – Unauthenticated Sensitive Information Exposure Through Unprotected Directory

7.5

CVSS Rating
High (7.5)
CVE-ID
CVE-2024-13604
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
KB Support – Customer Support Ticket & Helpdesk Plugin, Knowledge Base Plugin
Researcher

Tim Coen

More Details >

Next-Cart Store to WooCommerce Migration <= 3.9.4 – Unauthenticated SQL Injection

7.5

CVSS Rating
High (7.5)
CVE-ID
CVE-2025-30807
Patch Status
Patched
Published
Mar 31, 2025

Affected Software
Next-Cart Store to WooCommerce Migration
Researcher

LVT-tholv2k

More Details >

Product Filter by WBW <= 2.7.9 – Unauthenticated SQL Injection via filtersDataBackend Parameter

7.5

CVSS Rating
High (7.5)
CVE-ID
CVE-2025-2317
Patch Status
Patched
Published
Apr 3, 2025

Affected Software
Product Filter by WBW
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Read More & Accordion <= 3.4.5 – Cross-Site Request Forgery to Local File Inclusion

7.5

CVSS Rating
High (7.5)
CVE-ID
CVE-2025-0810
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Read More & Accordion
Researcher

Bassem Essam

More Details >

RSVPMarker <= 11.4.8 – Unauthenticated SQL Injection

7.5

CVSS Rating
High (7.5)
CVE-ID
CVE-2025-31552
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
RSVPMaker
Researcher

Aiden (Thái An)

More Details >

Salesmate Add-On for Gravity Forms <= 2.0.3 – Unauthenticated SQL Injection

7.5

CVSS Rating
High (7.5)
CVE-ID
CVE-2025-31551
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
Salesmate Add-On for Gravity Forms
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Shopper <= 3.2.5 – Unauthenticated SQL Injection

7.5

CVSS Rating
High (7.5)
CVE-ID
CVE-2025-31534
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
Shopper – Affiliate Link Management, 25000+ Brand Partnerships & Creative Product Displays
Researcher

Nguyễn Trung Kiên

More Details >

Social Share And Social Locker <= 1.4.2 – Unauthenticated SQL Injection

7.5

CVSS Rating
High (7.5)
CVE-ID
CVE-2025-31911
Patch Status
Unpatched
Published
Apr 2, 2025

Affected Software
Social Share And Social Locker – ARSocial
Researcher

Tran Nguyen Bao Khanh

More Details >

WP AutoKeyword <= 1.0 – Unauthenticated SQL Injection

7.5

CVSS Rating
High (7.5)
CVE-ID
CVE-2025-31579
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
WP AutoKeyword
Researcher

Tran Nguyen Bao Khanh

More Details >

XV Random Quotes <= 1.40 – Unauthenticated SQL Injection

7.5

CVSS Rating
High (7.5)
CVE-ID
CVE-2025-30971
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
XV Random Quotes
Researcher

Aiden (Thái An)

More Details >

Appointify <= 1.0.8 – Authenticated (Admin+) Arbitrary File Upload

7.2

CVSS Rating
High (7.2)
CVE-ID
CVE-2025-31577
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
Appointify
Researcher

Tri Doan

More Details >

Booster for WooCommerce <= 7.2.4 – Unauthenticated Stored Cross-Site Scripting

7.2

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-12278
Patch Status
Patched
Published
Mar 31, 2025

Affected Software
Booster for WooCommerce
Researcher

Webbernaut

More Details >

Booster for WooCommerce 4.0.1 – 7.2.4 – Unauthenticated Stored Cross-Site Scripting

7.2

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-13708
Patch Status
Patched
Published
Apr 3, 2025

Affected Software
Booster for WooCommerce
Researcher

lucky_buddy

More Details >

CMP – Coming Soon & Maintenance <= 4.1.13 – Authenticated (Admin+) Arbitrary File Upload

7.2

CVSS Rating
High (7.2)
CVE-ID
CVE-2025-32118
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
CMP – Coming Soon & Maintenance Plugin by NiteoThemes
Researcher

SavPhill (Savphill)

More Details >

Contact Form vCard Generator <= 2.4 – Unauthenticated Stored Cross-Site Scripting

7.2

CVSS Rating
High (7.2)
CVE-ID
CVE-2025-31582
Patch Status
Unpatched
Published
Apr 2, 2025

Affected Software
Contact Form vCard Generator
Researcher

Abdi Pranata

More Details >

ElementsCSS Addons for Elementor <= 1.0.8.7 – Unauthenticated Server-Side Request Forgery

7.2

CVSS Rating
High (7.2)
CVE-ID
CVE-2025-31796
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
ElementsCSS Addons for Elementor (Elementor Widgets Extender & Addons)
Researcher

Tran Nguyen Bao Khanh

More Details >

HTML Forms <= 1.5.1 – Unauthenticated Stored Cross-Site Scripting

7.2

CVSS Rating
High (7.2)
CVE-ID
CVE-2025-31080
Patch Status
Patched
Published
Apr 1, 2025

Affected Software
HTML Forms – Simple WordPress Forms Plugin
Researcher

Abhinav Porwal

More Details >

s2Member <= 250214 – Authenticated (Administrator+) Local File Inclusion

7.2

CVSS Rating
High (7.2)
CVE-ID
CVE-2025-32137
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions
Researcher

Hakiduck

More Details >

SMM API <= 6.0.28 – Unauthenticated Stored Cross-Site Scripting

7.2

CVSS Rating
High (7.2)
CVE-ID
CVE-2025-31855
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
SMM API
Researcher

Abdi Pranata

More Details >

Actionwear products sync <= 2.3.3 – Authenticated (Subscriber+) SQL Injection

6.5

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-31619
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
Actionwear products sync
Researcher

Dimas Maulana

More Details >

Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One <= 2.1.7 – Authenticated (Subscriber+) SQL Injection

6.5

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-31564
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One
Researcher

NAWardRox

More Details >

Behance Portfolio Manager <= 1.7.4 – Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-31526
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
Behance Portfolio Manager
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Broken Link Checker by AIOSEO <= 1.2.3 – Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-1264
Patch Status
Patched
Published
Apr 5, 2025

Affected Software
Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links
Researcher

Christiaan Swiers (YouGina)

More Details >

Category Icon <= 1.0.0 – Authenticated (Author+) Arbitrary File Download

6.5

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-31825
Patch Status
Unpatched
Published
Apr 3, 2025

Affected Software
Category Icon
Researcher

minhtuanact

More Details >

Daisycon prijsvergelijkers <= 4.8.4 – Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-32148
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Daisycon prijsvergelijkers
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Demo Awesome <= 1.0.3 – Missing Authorization to Authenticated (Subscriber+) Plugin Activation

6.5

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-13637
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Demo Awesome
Researcher

Krzysztof Zając

More Details >

Docxpresso <= 2.6 – Authenticated (Contributor+) Arbitrary File Download

6.5

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-31554
Patch Status
Unpatched
Published
Apr 3, 2025

Affected Software
Docxpresso
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Fonto <= 1.2.2 – Authenticated (Author+) Arbitrary File Download

6.5

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-31827
Patch Status
Unpatched
Published
Apr 3, 2025

Affected Software
Fonto – Custom Web Fonts Manager
Researcher

minhtuanact

More Details >

include-file <= 1 – Authenticated (Contributor+) Arbitrary File Download

6.5

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-30596
Patch Status
Unpatched
Published
Apr 3, 2025

Affected Software
include-file
Researcher

timomangcut

More Details >

Insert Headers and Footers Code – HT Script <= 1.1.2 – Missing Authorization to Authenticated (Subscriber+) Limited Options Update

6.5

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-2779
Patch Status
Patched
Published
Apr 1, 2025

Affected Software
Insert Headers and Footers Code – HT Script
Researcher

kr0d

More Details >

My auctions allegro <= 3.6.20 – Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-31542
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
My auctions allegro
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Order Splitter for WooCommerce <= 5.3.0 – Authenticated (Subscriber+) SQL Injection

6.5

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-31089
Patch Status
Patched
Published
Apr 1, 2025

Affected Software
Order Splitter for WooCommerce
Researcher

LVT-tholv2k

More Details >

Publitio <= 2.1.8 – Authenticated (Contributor+) Arbitrary File Read

6.5

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-31800
Patch Status
Unpatched
Published
Apr 3, 2025

Affected Software
Publitio
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

RJ Quickcharts <= 0.6.1 – Authenticated (Subscriber+) SQL Injection

6.5

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-31024
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
RJ Quickcharts
Researcher

Abdi Pranata

More Details >

SP Blog Designer <= 1.0.0 – Unauthenticated Arbitrary Shortcode Execution

6.5

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-31606
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
SP Blog Designer
Researcher

theviper17y

More Details >

Streamit <= 4.0.1 – Authenticated (Subscriber+) Arbitrary File Download

6.5

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-2519
Patch Status
Patched
Published
Apr 4, 2025

Affected Software
Streamit
Researcher

István Márton

More Details >

teachPress <= 9.0.11 – Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-32149
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
teachPress
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

TextMe SMS <= 1.9.1 – Missing Authorization

6.5

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-31789
Patch Status
Unpatched
Published
Apr 3, 2025

Affected Software
TextMe SMS
Researcher

Aiden (Thái An)

More Details >

Ultimate Push Notifications <= 1.1.8 – Authenticated (Subscriber+) SQL Injection

6.5

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-31561
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
Ultimate Push Notifications ( Mobile / Desktop ), Receive Notification From WooCommerce, BuddyPress, WordPress Default Events & Many More
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Uptime Robot Plugin for WordPress <= 2.3 – Authenticated (Contributor+) SQL Injection

6.5

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-31547
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
Uptime Robot Plugin for WordPress
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

ABC Notation <= 6.1.3 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31895
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
ABC Notation
Researcher

0xd4rk5id3

More Details >

Administrator Z <= 2025.03.04 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-32187
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Administrator Z
Researcher

Gab

More Details >

Advanced Typekit <= 1.0.1 – Authenticated (Subscriber+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31622
Patch Status
Unpatched
Published
Apr 2, 2025

Affected Software
Advanced Typekit
Researcher

SOPROBRO

More Details >

Advanced Woo Labels <= 2.15 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-32188
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Advanced Woo Labels – Product Labels for WooCommerce
Researcher

SavPhill (Savphill)

More Details >

AI Content Pipelines <= 1.6 – Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-2544
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
AI Content Pipelines: Content Engine + Analytics
Researcher

Avraham Shemesh

More Details >

Arkhe Blocks <= 2.27.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-32161
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Arkhe Blocks
Researcher

zaim

More Details >

Arrow Custom Feed for Twitter <= 1.5.3 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31897
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Arrow Custom Feed for Twitter
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

AtomChat <= 1.1.6 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31532
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
Group Chat & Video Chat by AtomChat
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Author Bio Shortcode <= 2.5.3 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31731
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Author Bio Shortcode
Researcher

0xd4rk5id3

More Details >

Avada Builder <= 3.11.14 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-1665
Patch Status
Patched
Published
Mar 31, 2025

Affected Software
Avada (Fusion) Builder
Researcher

Webbernaut

More Details >

B Blocks – The ultimate block collection <= 2.0.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-32173
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
B Blocks – The ultimate block collection
Researcher

Logan Cote

More Details >

Beds24 Online Booking <= 2.0.27 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31851
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Beds24 Online Booking
Researcher

João Pedro Soares de Alcântara

More Details >

Big Boom Directory <= 2.5.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-13673
Patch Status
Patched
Published
Apr 2, 2025

Affected Software
Big Boom Directory
Researcher

SOPROBRO

More Details >

Black Widgets For Elementor <= 1.3.9 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31869
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Black Widgets For Elementor
Researcher

Michael

More Details >

BlockWheels <= 1.0.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31817
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
BlockWheels
Researcher

Gab

More Details >

Boo Recipes <= 2.4.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31759
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Boo Recipes
Researcher

SOPROBRO

More Details >

Botnet Attack Blocker <= 2.0.0 – Authenticated (Subscriber+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31893
Patch Status
Unpatched
Published
Apr 2, 2025

Affected Software
Botnet Attack Blocker
Researcher

SOPROBRO

More Details >

Bridge Core < 3.3.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31409
Patch Status
Patched
Published
Mar 31, 2025

Affected Software
Bridge Core
Researcher

Ananda Dhakal

More Details >

Brizy <= 2.6.14 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-32198
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Brizy – Page Builder
Researcher

João Pedro Soares de Alcântara

More Details >

BuddyPress Members Only <= 3.5.3 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31812
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
BuddyPress Members Only
Researcher

theviper17y

More Details >

BWD Elementor Addons <= 4.3.20 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-32189
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
BWD Elementor Addons (2500+ presets, Meet The Team, Lottie, Lord Icon, Masking, Woocommerce, Theme Builder, Products, Blogs, CV, Contact Form 7 Styler, Header, Slider, Hero Section)
Researcher

Gab

More Details >

byBrick Accordion <= 1.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31621
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
byBrick Accordion
Researcher

SOPROBRO

More Details >

Cal.com <= 1.0.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31604
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
Cal.com
Researcher

Peter Thaleikis

More Details >

Chamber Dashboard Business Directory <= 3.3.11 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-32162
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Chamber Dashboard Business Directory
Researcher

theviper17y

More Details >

Checklist <= 1.1.9 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31538
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
Checklist
Researcher

theviper17y

More Details >

Client Showcase <= 1.2.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31737
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Client Showcase
Researcher

SOPROBRO

More Details >

CM Header and Footer <= 1.2.4 – Authenticated (Subscriber+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31091
Patch Status
Patched
Published
Apr 3, 2025

Affected Software
CM Header and Footer – Add custom scripts and styles to your header and footer with ease
Researcher

Nguyen Xuan Chien

More Details >

Colibri Page Builder <= 1.0.319 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-32185
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Colibri Page Builder
Researcher

Kévin Mosbahi (Mika)

More Details >

Contact Form Builder by vcita <= 4.10.2 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-32199
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Contact Form Builder by vcita
Researcher

theviper17y

More Details >

Contempo Real Estate Core <= 3.6.3 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-2906
Patch Status
Patched
Published
Mar 31, 2025

Affected Software
Contempo Real Estate Core
Researcher

István Márton

More Details >

Content Manager Light <= 3.2 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31770
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Content Manager Light
Researcher

SOPROBRO

More Details >

ContentBot AI Writer <= 1.2.4 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31818
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
ContentBot AI Writer (ChatGPT, GPT4)
Researcher

theviper17y

More Details >

CookieHint WP <= 1.0.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31608
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
CookieHint WP
Researcher

SOPROBRO

More Details >

CoverManager <= 0.0.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31620
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
CoverManager
Researcher

SOPROBRO

More Details >

Custom Content Scrollbar <= 1.3 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31574
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
Custom Content Scrollbar
Researcher

SOPROBRO

More Details >

Custom Database Applications by Caspio <= 2.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31559
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
Custom Database Applications by Caspio
Researcher

muhammad yudha

More Details >

Design Blocks <= 1.2.2 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31815
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Design Blocks – Gutenberg Blocks collection
Researcher

Gab

More Details >

Directorist AddonsKit for Elementor <= 1.1.6 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31857
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Directorist AddonsKit for Elementor
Researcher

Khalid Yusuf

More Details >

DobsonDev Shortcodes <= 2.1.12 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31754
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
DobsonDev Shortcodes
Researcher

0xd4rk5id3

More Details >

Donate Me <= 1.2.5 – Authenticated (Subscriber+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31778
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Donate Me
Researcher

Khang Duong

More Details >

Doppler Forms <= 2.4.5 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-32165
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Doppler Forms
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Easy Magazine <= 2.1.13 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31741
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Easy Magazine
Researcher

SOPROBRO

More Details >

Ebook Downloader <= 1.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31894
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Ebook Downloader
Researcher

SOPROBRO

More Details >

Ecwid Shopping Cart <= 7.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-32195
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Ecwid by Lightspeed Ecommerce Shopping Cart
Researcher

Ngô Thiên An (ancorn_)

More Details >

Embed Chessboard <= 3.07.00 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-32177
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Embed Chessboard
Researcher

muhammad yudha

More Details >

Emma for WordPress <= 1.3.3 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-32166
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Emma for WordPress
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Ethiopian Calendar <= 1.1.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31589
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
Ethiopian Calendar
Researcher

Pham Van Tam

More Details >

Eventbee RSVP Widget <= 1.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31838
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Eventbee RSVP Widget
Researcher

theviper17y

More Details >

Extensions for Elementor <= 2.0.40 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31889
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Extensions for Elementor
Researcher

João Pedro Soares de Alcântara

More Details >

FancyPost <= 6.0.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31875
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
FancyPost – Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor
Researcher

Gab

More Details >

Follow Us Badges <= 3.1.11 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31804
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Follow Us Badges
Researcher

muhammad yudha

More Details >

FooBox Image Lightbox <= 2.7.33 – Authenticated (Author+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-32139
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Lightbox & Modal Popup WordPress Plugin – FooBox
Researcher

Robert DeVore

More Details >

Footnotes for WordPress <= 2016.1230 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31735
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Footnotes for WordPress
Researcher

0xd4rk5id3

More Details >

Fusion <= 1.6.3 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31549
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
Fusion Page Builder
Researcher

Peter Thaleikis

More Details >

Gallery – Photo Albums Plugin <= 1.3.170 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31586
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
Gallery – Photo Albums Plugin
Researcher

Peter Thaleikis

More Details >

Gallery Blocks with Lightbox <= 3.2.5 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-32176
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery
Researcher

Peter Thaleikis

More Details >

Glossy Blog <= 1.0.3 – Authenticated (Subscriber+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-26934
Patch Status
Unpatched
Published
Apr 2, 2025

Affected Software
Glossy Blog
Researcher

stealthcopter

More Details >

Gosign – Posts Slider Block <= 1.1.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31891
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Gosign – Posts Slider Block
Researcher

theviper17y

More Details >

Gutena Kit – Gutenberg Blocks and Templates <= 2.0.7 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31805
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Gutena Kit – Gutenberg Blocks and Templates
Researcher

João Pedro Soares de Alcântara

More Details >

Gutenify <= 1.4.9 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-32168
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Gutenify – Visual Site Builder Blocks & Site Templates.
Researcher

Prissy

More Details >

HMH Footer Builder For Elementor <= 1.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31749
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
HMH Footer Builder For Elementor
Researcher

Gab

More Details >

Home Services <= 1.2.6 – Authenticated (Subscriber+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-26930
Patch Status
Unpatched
Published
Apr 2, 2025

Affected Software
Home Services
Researcher

stealthcopter

More Details >

Hyperlink Group Block <= 2.0.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31885
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Hyperlink Group Block
Researcher

Peter Thaleikis

More Details >

Hypotext <= 1.0.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31761
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Hypotext
Researcher

SOPROBRO

More Details >

IMPress for IDX Broker <= 3.2.3 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31556
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
IMPress for IDX Broker
Researcher

Peter Thaleikis

More Details >

Infusionsoft Web Form JavaScript <= 1.1.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31629
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
Infusionsoft Web Form JavaScript
Researcher

SOPROBRO

More Details >

LA-Studio Element Kit for Elementor <= 1.4.9 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-32194
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
LA-Studio Element Kit for Elementor
Researcher

Michael

More Details >

LeadQuizzes <= 1.1.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31738
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
LeadQuizzes
Researcher

0xd4rk5id3

More Details >

Leartes TRY Exchange Rates <= 2.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31783
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Leartes TRY Exchange Rates
Researcher

0xd4rk5id3

More Details >

Lightweight and Responsive Youtube Embed <= 1.0.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31744
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Lightweight and Responsive Youtube Embed
Researcher

SOPROBRO

More Details >

Lightweight and Responsive Youtube Embed <= 1.0.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31743
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Lightweight and Responsive Youtube Embed
Researcher

0xd4rk5id3

More Details >

Link Library <= 7.7.3 – Authenticated (Contributor+) Stored Cross-Site Scripting via Link Additional Parameters

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-2889
Patch Status
Patched
Published
Apr 4, 2025

Affected Software
Link Library
Researcher

siavashvafshar

More Details >

Magical Blocks <= 1.0.10 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31844
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Magical Blocks – Premium Gutenberg Blocks
Researcher

Gab

More Details >

Maps for WP <= 1.2.4 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-32179
Patch Status
Patched
Published
Apr 4, 2025

Affected Software
Maps for WP
Researcher

zaim

More Details >

Marketer Addons <= 1.0.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31730
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Marketer Addons
Researcher

0xd4rk5id3

More Details >

mFolio Lite <= 1.2.2 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31847
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
mFolio Lite
Researcher

Gab

More Details >

Modula Image Gallery <= 2.10.1 – Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox 5 JavaScript Library

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9416
Patch Status
Patched
Published
Apr 2, 2025

Affected Software
Modula Image Gallery
Researcher

Webbernaut

More Details >

Motors <= 1.4.67 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-32170
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Motors – Car Dealership & Classified Listings Plugin
Researcher

LVT-tholv2k

More Details >

Musician’s Pack for Elementor <= 1.8.4 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-32190
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Musician’s Pack for Elementor – Music Website Widgets & Templates
Researcher

Gab

More Details >

MX Time Zone Clocks <= 5.1.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31801
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
MX Time Zone Clocks
Researcher

Peter Thaleikis

More Details >

MyBookProgress by Stormhill Media <= 1.0.8 – Authenticated (Subscriber+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-30982
Patch Status
Unpatched
Published
Apr 3, 2025

Affected Software
MyBookProgress by Stormhill Media
Researcher

Abdi Pranata

More Details >

Nemesis All-in-One <= 1.1.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31849
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Nemesis All-in-One | Newspaper Builder Elementor Extention
Researcher

Gab

More Details >

News Element Elementor Blog Magazine <= 1.0.7 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-32191
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
News Element Elementor Blog Magazine
Researcher

Gab

More Details >

News Kit Elementor Addons <= 1.3.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-32196
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
News Kit Elementor Addons
Researcher

João Pedro Soares de Alcântara

More Details >

News, Magazine and Blog Elements <= 1.3 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31740
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
News, Magazine and Blog Elements
Researcher

0xd4rk5id3

More Details >

Ni WooCommerce Cost Of Goods <= 3.2.8 – Authenticated (Subscriber+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-32207
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Ni WooCommerce Cost Of Goods
Researcher

Nabil Irawan

More Details >

Norse Rune Oracle Plugin <= 1.4.3 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31884
Patch Status
Patched
Published
Apr 1, 2025

Affected Software
Norse Rune Oracle Plugin
Researcher

SOPROBRO

More Details >

Nova Blocks by Pixelgrade <= 2.1.8 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31819
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Nova Blocks by Pixelgrade
Researcher

João Pedro Soares de Alcântara

More Details >

Opal Portfolio <= 1.0.4 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31748
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Opal Portfolio
Researcher

0xd4rk5id3

More Details >

OpenMenu <= 3.5 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31593
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
OpenMenu – The official plugin for OpenMenu
Researcher

muhammad yudha

More Details >

OSM – OpenStreetMap <= 6.1.6 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31557
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
OSM – OpenStreetMap
Researcher

muhammad yudha

More Details >

PDF Generator Addon for Elementor Page Builder <= 2.0.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31850
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
PDF Generator Addon for Elementor Page Builder
Researcher

João Pedro Soares de Alcântara

More Details >

Perfect Font Awesome Integration <= 2.3 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31861
Patch Status
Patched
Published
Apr 1, 2025

Affected Software
Perfect Font Awesome Integration
Researcher

0xd4rk5id3

More Details >

PhotoShelter for Photographers Blog Feed Plugin <= 1.5.7 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31766
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
PhotoShelter for Photographers Blog Feed Plugin
Researcher

SOPROBRO

More Details >

Piotnet Addons For Elementor <= 2.4.34 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-32197
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Piotnet Addons For Elementor
Researcher

João Pedro Soares de Alcântara

More Details >

Piotnet Forms <= 1.0.30 – Authenticated (Author+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31792
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Piotnet Forms
Researcher

Michael

More Details >

Planyo online reservation system <= 3.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31811
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Planyo online reservation system
Researcher

muhammad yudha

More Details >

Post Custom Templates Lite <= 1.14 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31767
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Post Custom Templates Lite
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Posten <= 0.0.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31790
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Posten – Gutenberg Post Block
Researcher

Gab

More Details >

PowerPack Elementor Addons (Free Widgets, Extensions and Templates) <= 2.9.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-1512
Patch Status
Patched
Published
Mar 31, 2025

Affected Software
PowerPack Elementor Addons (Free Widgets, Extensions and Templates)
Researcher

zer0gh0st

More Details >

Processing Projects <= 1.0.2 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31624
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
Processing Projects
Researcher

SOPROBRO

More Details >

Quantity Dynamic Pricing & Bulk Discounts for WooCommerce <= 4.0.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31598
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
Price by Quantity & Bulk Quantity Discounts for WooCommerce
Researcher

Peter Thaleikis

More Details >

RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.4.3 – Authenticated (Subscriber+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-2836
Patch Status
Patched
Published
Apr 2, 2025

Affected Software
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login
Researcher

Brian Sans-Souci (liardom)

More Details >

Search, Filters & Merchandising for WooCommerce <= 3.0.57 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-32181
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Search, Filters & Merchandising for WooCommerce
Researcher

SOPROBRO

More Details >

Send E-mail <= 1.3 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31592
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
Send E-mail
Researcher

muhammad yudha

More Details >

Sheet2Site <= 1.0.18 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31762
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Sheet2Site
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

SheetDB <= 1.3.3 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31873
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
SheetDB – get your Google Spreadsheet data
Researcher

zaim

More Details >

ShopCred <= 1.2.8 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31829
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
ShopCred – WooCommerce Builder with Products Grid & Carousel Block
Researcher

Gab

More Details >

Showeblogin Social <= 7.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-32169
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Showeblogin Social Plugin
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Simple Map No Api <= 1.9 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31890
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Simple Map No Api
Researcher

theviper17y

More Details >

Simple Owl Carousel <= 1.1.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31535
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
Simple Owl Carousel
Researcher

theviper17y

More Details >

Simple Post Expiration <= 1.0.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31734
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Simple Post Expiration
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Simple WP Events <= 1.8.17 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-32193
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Simple WP Events
Researcher

SOPROBRO

More Details >

Simple-Audioplayer <= 1.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31607
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
Simple-Audioplayer
Researcher

SOPROBRO

More Details >

Simplish <= 2.6.4 – Authenticated (Subscriber+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-22281
Patch Status
Unpatched
Published
Apr 2, 2025

Affected Software
Simplish
Researcher

stealthcopter

More Details >

Smart Icons For WordPress <= 1.0.4 – Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-2513
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Smart Icons For WordPress
Researcher

Avraham Shemesh

More Details >

SnapWidget Social Photo Feed Widget <= 1.1.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31760
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
SnapWidget Social Photo Feed Widget
Researcher

theviper17y

More Details >

Spider Elements – Addons for Elementor <= 1.6.2 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-32182
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Spider Elements – Crafted UX First Addons for Elementor
Researcher

Khalid Yusuf

More Details >

Sprout Clients <= 3.2 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31797
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Sprout Clients – CRM and Lead Management
Researcher

SOPROBRO

More Details >

Subscription Form for Feedblitz <= 1.0.9 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31745
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Subscription Form for Feedblitz
Researcher

0xd4rk5id3

More Details >

SurveyJS <= 1.12.20 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-32167
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity
Researcher

theviper17y

More Details >

Table Block by Tableberg <= 0.6.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-32171
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Table Block by Tableberg – Best WordPress Table Plugin
Researcher

theviper17y

More Details >

Tainá <= 0.2.2 – Authenticated (Subscriber+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-26919
Patch Status
Unpatched
Published
Apr 2, 2025

Affected Software
Tainá
Researcher

stealthcopter

More Details >

Team Members for Elementor Page Builder <= 1.0.4 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31771
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Team Members for Elementor Page Builder
Researcher

Khalid Yusuf

More Details >

Terms Before Download <= 1.0.4 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31614
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
Terms Before Download
Researcher

SOPROBRO

More Details >

Themesflat Addons For Elementor <= 2.2.5 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31567
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
Themesflat Addons For Elementor
Researcher

Prissy

More Details >

Tiger <= 2.0 – Authenticated (Subscriber+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31407
Patch Status
Unpatched
Published
Apr 2, 2025

Affected Software
Tiger
Researcher

Kévin Mosbahi (Mika)

More Details >

Timeline Event History <= 3.2 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31595
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
Timeline Event History
Researcher

Peter Thaleikis

More Details >

Tockify Events Calendar <= 2.2.13 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-32174
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Tockify Events Calendar
Researcher

beluga

More Details >

Trackserver <= 5.0.3 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-30961
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
Trackserver
Researcher

muhammad yudha

More Details >

Turbo Addons for Elementor <= 1.7.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-32186
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Turbo Addons Elementor
Researcher

Gab

More Details >

Turisbook Booking System <= 1.3.7 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31803
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Turisbook Booking System
Researcher

SOPROBRO

More Details >

Twice Commerce <= 1.3.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31543
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
Twice Commerce – Easy Rental Booking System
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Ultimate Live Cricket WordPress Lite <= 1.4.2 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31597
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
Ultimate Live Cricket WordPress Lite
Researcher

SOPROBRO

More Details >

Ultimate Store Kit Elementor Addons <= 2.4.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-32184
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Ultimate Store Kit – Elementor powered WooCommerce Builder, 80+ Widgets and Template Builder
Researcher(s): Unknown

More Details >

Ultra Addons Lite for Elementor <= 1.1.8 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-32192
Patch Status
Patched
Published
Apr 4, 2025

Affected Software
Ultra Addons Lite for Elementor
Researcher

Michael

More Details >

Unlimited Elements For Elementor <= 1.5.142 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-1663
Patch Status
Patched
Published
Apr 2, 2025

Affected Software
Unlimited Elements For Elementor
Researcher

zer0gh0st

More Details >

Uptime Robot Plugin for WordPress <= 2.3 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31562
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
Uptime Robot Plugin for WordPress
Researcher

muhammad yudha

More Details >

Video Playlist For YouTube <= 6.6 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-32183
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Video Playlist For YouTube
Researcher

theviper17y

More Details >

VK Filter Search <= 2.14.1.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-32175
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
VK Filter Search
Researcher

zaim

More Details >

WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder <= 1.2.2 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-12189
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder
Researcher

Ankit Patel

More Details >

WebberZone Snippetz <= 2.1.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31874
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
WebberZone Snippetz – Header, Body and Footer manager
Researcher

Peter Thaleikis

More Details >

WP AdCenter <= 2.5.9 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31860
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
WP AdCenter – Ad Manager & Adsense Ads
Researcher

theviper17y

More Details >

WP Chrono <= 1.5.4 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31747
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
WP Chrono
Researcher

SOPROBRO

More Details >

WP Crowdfunding <= 2.1.13 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31892
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
WP Crowdfunding
Researcher

theviper17y

More Details >

WP Date and Time Shortcode <= 2.6.7 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31590
Patch Status
Patched
Published
Mar 31, 2025

Affected Software
WP Date and Time Shortcode
Researcher

Peter Thaleikis

More Details >

WP Link Preview <= 1.4.1 – Authenticated (Contributor+) Server-Side Request Forgery

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31527
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
WP Link Preview
Researcher

theviper17y

More Details >

WP Plugin Info Card <= 5.2.5 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31835
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
WP Plugin Info Card
Researcher

muhammad yudha

More Details >

WP Sitemap <= 1.0.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31733
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
WP Sitemap
Researcher

0xd4rk5id3

More Details >

WPoperation Elementor Addons <= 1.1.9 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31823
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
WPoperation Elementor Addons
Researcher

João Pedro Soares de Alcântara

More Details >

WPSHARE247 Elementor Addons <= 2.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31813
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
WPSHARE247 Elementor Addons
Researcher

Gab

More Details >

Xpro Elementor Addons <= 1.4.9 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-32163
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
140+ Widgets | Xpro Addons For Elementor – FREE
Researcher

Prissy

More Details >

YaMaps for WordPress <= 0.6.31 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-32172
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
YaMaps for WordPress Plugin
Researcher

Peter Thaleikis

More Details >

ZoomSounds <= 6.91 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-0839
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
ZoomSounds – WordPress Wave Audio Player with Playlist
Researcher

István Márton

More Details >

Easy Google Maps <= 1.11.17 – Authenticated (Author+) XML Entity Injection

6.3

CVSS Rating
Medium (6.3)
CVE-ID
CVE-2025-32138
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Easy Google Maps
Researcher

minhtuanact

More Details >

AB Google Map Travel <= 4.6 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31613
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
AB Google Map Travel (AB-MAP)
Researcher

SOPROBRO

More Details >

Access Areas <= 1.5.19 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-30913
Patch Status
Patched
Published
Apr 1, 2025

Affected Software
WordPress Access Areas
Researcher

0xd4rk5id3

More Details >

Advanced Search by My Solr Server <= 2.0.5 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-3099
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Advanced Search by My Solr Server
Researcher

johska

More Details >

AI Search Bar <= 1.3 – Unauthenticated Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31563
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
AI Search Bar
Researcher

stealthcopter

More Details >

Auto scroll for reading <= 1.1.4 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31594
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Auto scroll for reading
Researcher

SOPROBRO

More Details >

Awesome Event Booking <= 2.8.4 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31416
Patch Status
Patched
Published
Apr 1, 2025

Affected Software
Awesome Event Booking
Researcher

0xd4rk5id3

More Details >

Awesome Logos <= 1.2 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31899
Patch Status
Unpatched
Published
Apr 2, 2025

Affected Software
Awesome Logos
Researcher

Le Ngoc Anh

More Details >

Blubrry PowerPress Podcasting plugin MultiSite add-on <= 0.1.1 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31436
Patch Status
Unpatched
Published
Apr 3, 2025

Affected Software
Blubrry PowerPress Podcasting plugin MultiSite add-on
Researcher

johska

More Details >

Bulk NoIndex & NoFollow Toolkit <= 2.16 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31537
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Bulk NoIndex & NoFollow Toolkit
Researcher

Dimas Maulana

More Details >

CF7 Spreadsheets <= 2.3.2 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31536
Patch Status
Unpatched
Published
Apr 3, 2025

Affected Software
CF7 Spreadsheets
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

CGM Event Calendar <= 0.8.5 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31462
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
CGM Event Calendar
Researcher

johska

More Details >

Delete Post Revision <= 1.1 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31454
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Delete Post Revision
Researcher

Skalucy

More Details >

Digihood HTML Sitemap <= 3.1.1 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31901
Patch Status
Unpatched
Published
Apr 2, 2025

Affected Software
Digihood HTML Sitemap
Researcher

João Pedro Soares de Alcântara

More Details >

Easy Contact <= 0.1.2 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-30970
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Easy Contact
Researcher

Phat RiO – BlueRock

More Details >

Ebook Downloader <= 1.0 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31904
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Ebook Downloader
Researcher

SOPROBRO

More Details >

Enable Media Replace <= 4.1.5 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31081
Patch Status
Patched
Published
Apr 1, 2025

Affected Software
Enable Media Replace
Researcher

João Pedro Soares de Alcântara

More Details >

ez Form Calculator – WordPress plugin <= 2.14.1.2 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-22282
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
ez-form-calculator-premium
Researcher

Bonds

More Details >

Flickr Photostream <= 3.1.8 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31467
Patch Status
Unpatched
Published
Apr 3, 2025

Affected Software
Flickr Photostream
Researcher

Skalucy

More Details >

Fonts Manager | Custom Fonts <= 1.2 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31578
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Fonts Manager | Custom Fonts
Researcher

Abdi Pranata

More Details >

Frizzly <= 1.1.0 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-30554
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Frizzly – Social Share Buttons
Researcher

0xd4rk5id3

More Details >

Gift Certificate Creator <= 1.1.0 – Reflected Cross-Site Scripting via receip_address Parameter

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-2483
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Gift Certificate Creator
Researcher

johska

More Details >

Gravel <= 1.6 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31418
Patch Status
Unpatched
Published
Apr 2, 2025

Affected Software
Gravel
Researcher

Kévin Mosbahi (Mika)

More Details >

Integration of Zoho CRM and Contact Form 7 <= 1.0.6 – Open Redirect

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31821
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Integration of Zoho CRM and Contact Form 7
Researcher

Le Ngoc Anh

More Details >

JSON Structuring Markup <= 0.1 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31908
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
JSON Structuring Markup
Researcher

Abdi Pranata

More Details >

Latest Custom Post Type Updates <= 1.3.0 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-30616
Patch Status
Unpatched
Published
Apr 3, 2025

Affected Software
Latest Custom Post Type Updates
Researcher

Nguyen Xuan Chien

More Details >

Leadfox for WordPress <= 2.1.8 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31585
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
Leadfox for WordPress
Researcher

Abdi Pranata

More Details >

LeadLab by wiredminds <= 1.3 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31568
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
LeadLab by wiredminds
Researcher

Abdi Pranata

More Details >

Lexicata <= 1.0.16 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31900
Patch Status
Unpatched
Published
Apr 2, 2025

Affected Software
Lexicata
Researcher

SOPROBRO

More Details >

Libro de Reclamaciones y Quejas <= 0.9 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32113
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Libro de Reclamaciones y Quejas
Researcher

SOPROBRO

More Details >

Limit Max IPs Per User <= 1.5 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31455
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Limit Max IPs Per User
Researcher

johska

More Details >

LuckyWP Table of Contents <= 2.1.10 – Cross-Site Request Forgery to Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-2299
Patch Status
Patched
Published
Apr 2, 2025

Affected Software
LuckyWP Table of Contents
Researcher

mikemyers

More Details >

MediaView <= 1.1.2 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31898
Patch Status
Unpatched
Published
Apr 2, 2025

Affected Software
MediaView
Researcher

Kévin Mosbahi (Mika)

More Details >

Multiple Themify Themes <= Various Versions – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31013
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
shopo
slide
Folo
rezo
sidepane
newsy
edmin
photobox
Researcher

Tran Nguyen Bao Khanh

More Details >

NanoSupport <= 0.6.0 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31461
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
NanoSupport — Support Ticketing & Knowledgebase for WordPress
Researcher

0xd4rk5id3

More Details >

Oracle Cards Lite <= 1.2.1 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-30852
Patch Status
Patched
Published
Apr 1, 2025

Affected Software
Oracle Cards Lite
Researcher

João Pedro Soares de Alcântara

More Details >

Pages Order <= 1.1.3 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31445
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Pages Order
Researcher

Skalucy

More Details >

PeproDev CF7 Database <= 2.0.0 – Unauthenticated Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31573
Patch Status
Unpatched
Published
Apr 2, 2025

Affected Software
PeproDev CF7 Database
Researcher

Abdi Pranata

More Details >

Plugin Oficial – Getnet para WooCommerce <= 1.7.3 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-30906
Patch Status
Patched
Published
Apr 1, 2025

Affected Software
Plugin Oficial – Getnet para WooCommerce
Researcher

João Pedro Soares de Alcântara

More Details >

Product Table by WBW <= 2.1.4 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31086
Patch Status
Patched
Published
Apr 1, 2025

Affected Software
Product Table by WBW
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Related Posts Widget with Thumbnails <= 1.2 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31570
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
Related Posts Widget with Thumbnails
Researcher

Abdi Pranata

More Details >

Rich Text Editor <= 1.0.1 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31623
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
Rich Text Editor
Researcher

SOPROBRO

More Details >

Rio Video Gallery <= 2.3.6 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31566
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
Rio Video Gallery
Researcher

Abdi Pranata

More Details >

Search engine keywords highlighter <= 0.1.3 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31442
Patch Status
Unpatched
Published
Apr 3, 2025

Affected Software
Search engine keywords highlighter
Researcher

johska

More Details >

Secure Copy Content Protection and Content Locking <= 4.4.3 – Unauthenticated Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-30905
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Secure Copy Content Protection and Content Locking
Researcher

astra.r3verii

More Details >

SEO Tools <= 4.0.7 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-30984
Patch Status
Unpatched
Published
Apr 2, 2025

Affected Software
SEO Tools
Researcher

João Pedro Soares de Alcântara

More Details >

Sequel <= 1.0.11 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31389
Patch Status
Unpatched
Published
Apr 2, 2025

Affected Software
sequel
Researcher

luc

More Details >

Sidebar Manager Light <= 1.1.8 – Cross-Site Request Forgery

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32112
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Sidebar Manager Light
Researcher

SOPROBRO

More Details >

SimplyRETS Real Estate IDX <= 3.0.3 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31011
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
SimplyRETS Real Estate IDX
Researcher

Psai

More Details >

Small Package Quotes – Worldwide Express Edition <= 5.2.18 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31078
Patch Status
Patched
Published
Apr 1, 2025

Affected Software
Small Package Quotes – Worldwide Express Edition
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Snow Storm <= 1.4.6 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-30858
Patch Status
Patched
Published
Apr 2, 2025

Affected Software
Snow Storm
Researcher

Skalucy

More Details >

Social Share And Social Locker <= 1.4.1 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31902
Patch Status
Unpatched
Published
Apr 2, 2025

Affected Software
Social Share And Social Locker – ARSocial
Researcher

João Pedro Soares de Alcântara

More Details >

Support Helpdesk Ticket System Lite <= 4.5.2 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31626
Patch Status
Unpatched
Published
Apr 2, 2025

Affected Software
Support Helpdesk Ticket System Lite
Researcher

thiennv

More Details >

Team Builder <= 1.3 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31907
Patch Status
Unpatched
Published
Apr 3, 2025

Affected Software
Team Builder – Meet the Team
Researcher

Abdi Pranata

More Details >

Team Rosters <= 4.7 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31905
Patch Status
Unpatched
Published
Apr 2, 2025

Affected Software
Team Rosters
Researcher

0xd4rk5id3

More Details >

The Logo Slider <= 1.0.0 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31571
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
The Logo Slider
Researcher

Abdi Pranata

More Details >

Tiger <= 2.0 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31027
Patch Status
Unpatched
Published
Apr 2, 2025

Affected Software
Tiger
Researcher

Kévin Mosbahi (Mika)

More Details >

Ultimate Push Notifications <= 1.1.8 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31548
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Ultimate Push Notifications ( Mobile / Desktop ), Receive Notification From WooCommerce, BuddyPress, WordPress Default Events & Many More
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Varnish WordPress <= 1.7 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31616
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
Varnish WordPress
Researcher

SOPROBRO

More Details >

VForm <= 3.1.9 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-30778
Patch Status
Patched
Published
Apr 1, 2025

Affected Software
Lifetime free Drag & Drop Contact Form Builder for WordPress VForm
Researcher

astra.r3verii

More Details >

Video Url <= 1.0.0.3 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-3098
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Video Url
Researcher

johska

More Details >

Videos <= 1.0.5 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31384
Patch Status
Unpatched
Published
Apr 2, 2025

Affected Software
Videos
Researcher

0xd4rk5id3

More Details >

Watu Quiz <= 3.4.2 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-30844
Patch Status
Patched
Published
Apr 1, 2025

Affected Software
Watu Quiz
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Web Directory Free <= 1.7.6 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-30908
Patch Status
Patched
Published
Apr 2, 2025

Affected Software
Web Directory Free
Researcher

Tran Nguyen Bao Khanh

More Details >

WordPress Galleria <= 1.4 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31441
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
WordPress Galleria
Researcher

johska

More Details >

WP Bookmarks <= 1.1 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31431
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
WP Bookmarks
Researcher

johska

More Details >

WP Cleaner <= 1.1.5 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31446
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
WP Cleaner
Researcher

Skalucy

More Details >

WP Copy Media URL <= 2.1 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31583
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
WP Copy Media URL
Researcher

Abdi Pranata

More Details >

WP Profitshare <= 1.4.9 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31906
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
WP Profitshare
Researcher

0xd4rk5id3

More Details >

wp Time Machine <= 3.4.0 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-3097
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
wp Time Machine
Researcher

johska

More Details >

WP_Identicon <= 2.0 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31468
Patch Status
Unpatched
Published
Apr 3, 2025

Affected Software
WP_Identicon
Researcher

johska

More Details >

Wptobe-signinup <= 1.1.2 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-30611
Patch Status
Unpatched
Published
Apr 3, 2025

Affected Software
Wptobe-signinup
Researcher

0xd4rk5id3

More Details >

xili-language <= 2.21.2 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31085
Patch Status
Patched
Published
Apr 1, 2025

Affected Software
xili-language
Researcher

Nguyen Xuan Chien

More Details >

XV Random Quotes <= 1.37 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31903
Patch Status
Unpatched
Published
Apr 3, 2025

Affected Software
XV Random Quotes
Researcher

Le Ngoc Anh

More Details >

Cache control by Cacholong <= 5.4.1 – Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVSS Rating
Medium (5.5)
CVE-ID
CVE-2025-31764
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Cache control by Cacholong
Researcher

Nabil Irawan

More Details >

Groundhogg <= 3.7.4.1 – Authenticated (Administrator+) Stored Cross-Site Scripting via label Parameter

5.5

CVSS Rating
Medium (5.5)
CVE-ID
CVE-2025-1267
Patch Status
Patched
Published
Mar 31, 2025

Affected Software
WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg
Researcher

Cristian Bejan (cbejan)

More Details >

Smartarget Popup <= 1.4 – Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVSS Rating
Medium (5.5)
CVE-ID
CVE-2025-31853
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Smartarget Popup
Researcher

Nguyen Khanh Hao

More Details >

Split Test For Elementor <= 1.8.3 – Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVSS Rating
Medium (5.5)
CVE-ID
CVE-2025-32135
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Split Test For Elementor
Researcher

Webula

More Details >

Webling <= 3.9.0 – Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVSS Rating
Medium (5.5)
CVE-ID
CVE-2025-31806
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Webling
Researcher

Nabil Irawan

More Details >

WP Optin Wheel <= 1.4.7 – Authenticated (Admin+) Server-Side Request Forgery

5.5

CVSS Rating
Medium (5.5)
CVE-ID
CVE-2025-31824
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
WP Optin Wheel – Gamified Optin Email Marketing Tool for WordPress and WooCommerce
Researcher

Marek Mikita

More Details >

Woffice Core <= 5.4.21 – Cross-Site Request Forgery to User Registration Approval

5.4

CVSS Rating
Medium (5.4)
CVE-ID
CVE-2025-2797
Patch Status
Patched
Published
Apr 3, 2025

Affected Software
Woffice Core
Researcher

Foxyyy

More Details >

WP Clone any post type <= 3.5 – Open Redirect

5.4

CVSS Rating
Medium (5.4)
CVE-ID
CVE-2025-31871
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
WP Clone any post type
Researcher

Abdi Pranata

More Details >

1 Click WordPress Migration <= 2.2 – Unauthenticated Information Disclsoure

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-32257
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
1 Click WordPress Migration Plugin – 100% FREE for a limited time
Researcher

Abdi Pranata

More Details >

1-Click Backup & Restore Database <= 1.0.3 – Missing Authorization

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-32246
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
1-Click Backup & Restore Database
Researcher

chuck

More Details >

ACF City Selector <= 1.16.0 – Unauthenticated Sensitive Information Exposure

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-31832
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
ACF City Selector
Researcher

Abdi Pranata

More Details >

Agency Toolkit <= 1.0.24 – Missing Authorization

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-31863
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Agency Toolkit
Researcher

Kévin Mosbahi (Mika)

More Details >

AIO Performance Profiler, Monitor, Optimize, Compress & Debug <= 1.2 – Unauthenticated Sensitive Information Exposure

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-31788
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
AIO Performance Profiler, Monitor, Optimize, Compress & Debug
Researcher

Kévin Mosbahi (Mika)

More Details >

Apptivo Business Site CRM <= 5.3 – Missing Authorization to Arbitrary Content Deletion

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-31909
Patch Status
Unpatched
Published
Apr 2, 2025

Affected Software
Apptivo Business Site CRM
Researcher

Kévin Mosbahi (Mika)

More Details >

Astra Security Suite <= 0.2 – Missing Authorization

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-31774
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Astra Security Suite – Firewall & Malware Scan
Researcher

Dhabaleshwar Das

More Details >

Clockinator Lite <= 1.0.7 – Missing Authorization

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-31777
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Clockinator Lite
Researcher

Kévin Mosbahi (Mika)

More Details >

Connector to CiviCRM with CiviMcRestFace <= 1.0.9 – Missing Authorization

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-31618
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
Connector to CiviCRM with CiviMcRestFace
Researcher

Kévin Mosbahi (Mika)

More Details >

Course Booking System <= 6.0.7 – Missing Authorization

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-32253
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Course Booking System
Researcher

LVT-tholv2k

More Details >

DethemeKit For Elementor <= 2.1.10 – Missing Authorization

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-32260
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
DethemeKit for Elementor
Researcher

Kévin Mosbahi (Mika)

More Details >

GDPR Cookie Notice <= 1.2.0 – Missing Authorization

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-31765
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
GDPR Cookie Notice
Researcher

Kévin Mosbahi (Mika)

More Details >

Gift Cards for WooCommerce <= 1.5.8 – Missing Authorization

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-31781
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Gift Cards for WooCommerce
Researcher

Kévin Mosbahi (Mika)

More Details >

GTM Kit <= 2.4.0 – Unauthenticated Sensitive Information Exposure

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-31001
Patch Status
Patched
Published
Mar 31, 2025

Affected Software
GTM Kit – Google Tag Manager & GA4 integration
Researcher

Psai

More Details >

Jetpack Feedback Exporter <= 1.23 – Unauthenticated Sensitive Information Exposure

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-32251
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Jetpack Feedback Exporter
Researcher

Kévin Mosbahi (Mika)

More Details >

Job Board Manager <= 2.1.60 – Missing Authorization

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-31862
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Job Board Manager
Researcher

LVT-tholv2k

More Details >

JobBoard Job listing <= 1.2.7 – Missing Authorization

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-31834
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
JobBoard Job listing plugin
Researcher

Tran Hoang Tuan Kiet

More Details >

JS Job Manager <= 2.0.2 – Missing Authorization

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-31868
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
JS Job Manager
Researcher

LVT-tholv2k

More Details >

Local Magic <= 2.6.0 – Missing Authorization

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-31858
Patch Status
Unpatched
Published
Apr 2, 2025

Affected Software
Local Magic
Researcher

LVT-tholv2k

More Details >

MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.19 – Missing Authorization to Unauthenticated Table Rates Deletion

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-2789
Patch Status
Patched
Published
Apr 4, 2025

Affected Software
MultiVendorX – Empower Your WooCommerce Store with a Dynamic Multivendor Marketplace – Build the Next Amazon, eBay, Etsy
Researcher

Brian Sans-Souci (liardom)

More Details >

Ni WooCommerce Product Enquiry <= 4.1.8 – Missing Authorization

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-31580
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
Ni WooCommerce Product Enquiry
Researcher

Kévin Mosbahi (Mika)

More Details >

Payday <= 3.3.12 – Missing Authorization

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-31876
Patch Status
Unpatched
Published
Apr 3, 2025

Affected Software
Payday
Researcher

Kévin Mosbahi (Mika)

More Details >

Question Answer <= 1.2.70 – Missing Authorization

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-31810
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Question Answer
Researcher

LVT-tholv2k

More Details >

Residential Address Detection <= 2.5.4 – Missing Authorization

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-30916
Patch Status
Patched
Published
Apr 2, 2025

Affected Software
Residential Address Detection
Researcher

Kévin Mosbahi (Mika)

More Details >

Review Manager <= 2.2.0 – Missing Authorization

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-31836
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Review Manager
Researcher

LVT-tholv2k

More Details >

Rich Text Editor <= 1.0.1 – Missing Authorization

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-31736
Patch Status
Unpatched
Published
Apr 2, 2025

Affected Software
Rich Text Editor
Researcher

thiennv

More Details >

Salesmate Add-On for Gravity Forms <= 2.0.3 – Missing Authorization

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-31533
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
Salesmate Add-On for Gravity Forms
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Ship Per Product <= 2.1.0 – Missing Authorization

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-31773
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Ship Per Product
Researcher

Kévin Mosbahi (Mika)

More Details >

ShipDepot for WooCommerce <= 1.2.19 – Missing Authorization

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-31866
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
ShipDepot for WooCommerce
Researcher

Kévin Mosbahi (Mika)

More Details >

Shopify to WooCommerce Migration <= 1.3.0 – Missing Authorization to Unauthenticated Settings Update

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-31795
Patch Status
Unpatched
Published
Apr 2, 2025

Affected Software
SWM – Shopify to WooCommerce Migration
Researcher

Kévin Mosbahi (Mika)

More Details >

Simple Icons <= 2.8.4 – Missing Authorization

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-31786
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Popular Brand Icons – Simple Icons
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Simple Website Logo <= 1.1 – Missing Authorization

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-32258
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Simple Website Logo
Researcher

Kévin Mosbahi (Mika)

More Details >

Simple:Press <= 6.10.11 – Missing Authorization

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-31386
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
Simple:Press Forum
Researcher

20kilograma

More Details >

Sliced Invoices <= 3.9.4 – Missing Authorization

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-31628
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
Sliced Invoices – WordPress Invoice Plugin
Researcher

Manab Jyoti Dowarah

More Details >

Small Package Quotes – Worldwide Express Edition <= 5.2.19 – Missing Authorization

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-30915
Patch Status
Patched
Published
Apr 3, 2025

Affected Software
Small Package Quotes – Worldwide Express Edition
Researcher

Kévin Mosbahi (Mika)

More Details >

Srbtranslatin <= 3.2.0 – Unauthenticated Sensitive Information Exposure

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-31421
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
SrbTransLatin – Serbian Latinisation
Researcher

Nguyễn Trung Kiên

More Details >

StaffList <= 3.2.6 – Unauthenticated Sensitive Information Exposure

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-32255
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
StaffList
Researcher

Nguyễn Trung Kiên

More Details >

SurveyJS <= 1.12.20 – Missing Authorization

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-32256
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity
Researcher

Kévin Mosbahi (Mika)

More Details >

TailPress <= 0.4.4 – Unauthenticated Sensitive Information Exposure

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-31558
Patch Status
Unpatched
Published
Apr 3, 2025

Affected Software
TailPress – Tailwind for WordPress
Researcher

Nguyễn Trung Kiên

More Details >

Viral Loops WP Integration <= 3.4.0 – Unauthenticated Sensitive Information Disclosure

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-31842
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Viral Loops WP Integration
Researcher

Abdi Pranata

More Details >

Vitepos <= 3.1.4 – Missing Authorization

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-22277
Patch Status
Patched
Published
Mar 31, 2025

Affected Software
Vitepos – Point of sale (POS) plugin for WooCommerce
Researcher

Phat RiO – BlueRock

More Details >

Widget Manager Light <= 1.18 – Missing Authorization

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-31768
Patch Status
Unpatched
Published
Apr 2, 2025

Affected Software
Widget Manager Light
Researcher

Skalucy

More Details >

WooTumblog <= 2.1.4 – Missing Authorization to Unauthenticated Content Injection

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-31729
Patch Status
Unpatched
Published
Apr 2, 2025

Affected Software
WooTumblog
Researcher

Kévin Mosbahi (Mika)

More Details >

WordPress Adverts Plugin <= 1.4 – Missing Authorization

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-31848
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
WordPress Adverts Plugin – Adverts Click Tracker
Researcher

Kévin Mosbahi (Mika)

More Details >

WP AutoKeyword <= 1.0 – Missing Authorization to Arbitrary Content Deletion

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-31870
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
WP AutoKeyword
Researcher

Kévin Mosbahi (Mika)

More Details >

WP Clone any post type <= 3.5 – Missing Authorization

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-31872
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
WP Clone any post type
Researcher

Abdi Pranata

More Details >

WP Genealogy – Your Family History Website <= 0.1.9 – Missing Authorization

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-32252
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
WP Genealogy – Your Family History Website
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

WP Simple HTML Sitemap <= 3.2 – Missing Authorization

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-31822
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
WordPress Simple HTML Sitemap
Researcher

Kévin Mosbahi (Mika)

More Details >

WP ULike <= 4.7.9.1 – Missing Authorization to Unauthenticated Content Spoofing

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-32259
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
WP ULike – All-in-One Engagement Toolkit
Researcher

Robert DeVore

More Details >

WP-LESS <= 1.9.3-3 – Unauthenticated Sensitive Information Disclosure

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-31550
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
WP-LESS
Researcher(s): Unknown

More Details >

WPBookit <= 1.0.2 – Missing Authorization

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-32254
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
WPBookit
Researcher

Pham Van Tam

More Details >

Behance Portfolio Manager <= 1.7.4 – Authenticated (Administrator+) SQL Injection

4.9

CVSS Rating
Medium (4.9)
CVE-ID
CVE-2025-32124
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Behance Portfolio Manager
Researcher

Tri Doan

More Details >

BookingPress <= 1.1.28 – Authenticated (Administrator+) SQL Injection

4.9

CVSS Rating
Medium (4.9)
CVE-ID
CVE-2025-31910
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress
Researcher

Phat RiO – BlueRock

More Details >

Easy Query – WP Query Builder <= 2.0.4 – Authenticated (Administrator+) SQL Injection

4.9

CVSS Rating
Medium (4.9)
CVE-ID
CVE-2025-32120
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Easy Query – WP Query Builder
Researcher

Le Ngoc Anh

More Details >

Falling things <= 1.08 – Authenticated (Editor+) SQL Injection

4.9

CVSS Rating
Medium (4.9)
CVE-ID
CVE-2025-32203
Patch Status
Patched
Published
Apr 4, 2025

Affected Software
Falling Things
Researcher

astra.r3verii

More Details >

Front End Users <= 3.2.32 – Authenticated (Admin+) SQL injection

4.9

CVSS Rating
Medium (4.9)
CVE-ID
CVE-2024-12410
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Front End Users
Researcher

Colin Xu

More Details >

onOffice for WP-Websites <= 5.7 – Authenticated (Administrator+) SQL Injection

4.9

CVSS Rating
Medium (4.9)
CVE-ID
CVE-2025-32127
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
onOffice for WP-Websites
Researcher

João Pedro Soares de Alcântara

More Details >

Pay with Contact Form 7 <= 1.0.4 – Authenticated (Administrator+) SQL Injection

4.9

CVSS Rating
Medium (4.9)
CVE-ID
CVE-2025-32126
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Pay with Contact Form 7
Researcher

João Pedro Soares de Alcântara

More Details >

Silvasoft boekhouden <= 3.0.1 – Authenticated (Administrator+) SQL Injection

4.9

CVSS Rating
Medium (4.9)
CVE-ID
CVE-2025-32125
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Silvasoft boekhouden
Researcher

João Pedro Soares de Alcântara

More Details >

Split Test For Elementor <= 1.8.3 – Authenticated (Editor+) SQL Injection

4.9

CVSS Rating
Medium (4.9)
CVE-ID
CVE-2025-32204
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Split Test For Elementor
Researcher

Phat RiO – BlueRock

More Details >

uListing <= 2.1.9 – Authenticated (Administrator+) SQL Injection

4.9

CVSS Rating
Medium (4.9)
CVE-ID
CVE-2025-32122
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Directory Listings WordPress plugin – uListing
Researcher

Phat RiO – BlueRock

More Details >

Video & Photo Gallery for Ultimate Member <= 1.1.3 – Authenticated (Administrator+) SQL Injection

4.9

CVSS Rating
Medium (4.9)
CVE-ID
CVE-2025-32121
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Video & Photo Gallery for Ultimate Member
Researcher

Phan Trong Quan

More Details >

ActiveCampaign <= 8.1.16 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-32136
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
ActiveCampaign – Forms, Site Tracking, Live Chat
Researcher

b4orvn

More Details >

Beam me up Scotty – Back to Top Button <= 1.0.23 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-31864
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Beam me up Scotty – Back to Top Button
Researcher

Webula

More Details >

Breaking News WP <= 1.3 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-31750
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Breaking News WP
Researcher

Nabil Irawan

More Details >

Dima Take Action <= 1.0.5 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-31742
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Dima Take Action
Researcher

Tri Doan

More Details >

Elfsight Testimonials Slider <= 1.0.1 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-31587
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
WordPress Testimonials Slider
Researcher

Pham Van Tam

More Details >

Exit Popup Free <= 1.0 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-31591
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
Exit Popup Free
Researcher

Pham Van Tam

More Details >

Flag Icons <= 2.2 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-31575
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
Flag Icons
Researcher

Caesar Evan Santoso

More Details >

FunnelCockpit <= 1.4.2 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-32132
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
FunnelCockpit
Researcher

Nabil Irawan

More Details >

Media Library Assistant <= 3.24 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-31627
Patch Status
Patched
Published
Mar 31, 2025

Affected Software
Media Library Assistant
Researcher

UKO

More Details >

Notification Bar, Sticky Notification Bar, Sticky Welcome Bar for any theme <= 1.1 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-31610
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
Notification Bar, Sticky Notification Bar, Sticky Welcome Bar for any theme
Researcher

Pham Van Tam

More Details >

Piotnet Forms <= 1.0.30 – Authenticated (Editor+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-31793
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Piotnet Forms
Researcher

Aiden (Thái An)

More Details >

Posts Footer Manager <= 2.2.0 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-32130
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Posts Footer Manager
Researcher

timomangcut

More Details >

Secure Copy Content Protection and Content Locking <= 4.5.1 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-32133
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Secure Copy Content Protection and Content Locking
Researcher

astra.r3verii

More Details >

Simple Banner <= 3.0.4 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-13898
Patch Status
Patched
Published
Apr 3, 2025

Affected Software
Simple Banner – Easily add multiple Banners/Bars/Notifications/Announcements to the top or bottom of your website
Researcher

Nguyen Khanh Hao

More Details >

Social Intents <= 1.6.14 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-32131
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Social Intents – Live Chat and ChatGPT Chatbots
Researcher

Nabil Irawan

More Details >

URL Shortify <= 1.10.4 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-32134
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
URL Shortify – Simple, Powerful and Easy URL Shortener Plugin For WordPress
Researcher

Malvin Valerian Gultom

More Details >

User Submitted Posts <= 20241026 – Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-2874
Patch Status
Patched
Published
Apr 2, 2025

Affected Software
User Submitted Posts – Enable Users to Submit Posts from the Front End
Researcher

Quang Bach (maysbachs)

More Details >

WebinarPress <= 1.33.27 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-31883
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
WordPress Webinar Plugin – WebinarPress
Researcher

Pham Van Tam

More Details >

Welcome Bar <= 2.0.4 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-32129
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Welcome Bar
Researcher

timomangcut

More Details >

Welcome Popup <= 1.0.10 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-31605
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
Welcome Popup
Researcher

Pham Van Tam

More Details >

WP Modal Popup with Cookie Integration <= 2.4 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-31772
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
WP Modal Popup with Cookie Integration
Researcher

Pham Van Tam

More Details >

WP Proposals <= 2.3 – Authenticated (Editor+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-31837
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
WP Proposals
Researcher

SavPhill (Savphill)

More Details >

6Storage Rentals <= 2.19.1 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-32178
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
6Storage Rentals
Researcher

thiennv

More Details >

ACME Divi Modules <= 1.3.5 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31540
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
ACME Divi Modules
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

AdMail – Multilingual Back in-Stock Notifier for WooCommerce <= 1.7.0 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-32234
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
AdMail – Multilingual Back in-Stock Notifier for WooCommerce
Researcher

Kévin Mosbahi (Mika)

More Details >

Advanced Speed Increaser <= 2.2.1 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31753
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Advanced Speed Increaser
Researcher

Nguyen Xuan Chien

More Details >

Advanced WordPress Backgrounds <= 1.12.7 – Authenticated (Contributor+) Content Injection

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-32200
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Advanced WordPress Backgrounds
Researcher

Caesar Evan Santoso

More Details >

AI Content Creator <= 1.2.6 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-32247
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
AI Content Creator – Easy ChatGPT powered article generator
Researcher

Nguyen Xuan Chien

More Details >

Ai Image Alt Text Generator for WP <= 1.0.8 – Authenticated (Subscriber+) Sensitive Information Exposure

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-32228
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Ai Image Alt Text Generator for WP
Researcher

Peter Thaleikis

More Details >

Ai Image Alt Text Generator for WP <= 1.0.8 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-32217
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Ai Image Alt Text Generator for WP
Researcher

Peter Thaleikis

More Details >

Apimo Connector <= 2.6.3.1 – Cross-Site Request Forgery to Settings Update

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31602
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
Apimo Connector
Researcher

Dhabaleshwar Das

More Details >

Append Content <= 2.1.1 – Cross-Site Request Forgery to Settings Update

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31780
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Append Content
Researcher

Kévin Mosbahi (Mika)

More Details >

Appointy Appointment Scheduler <= 4.2.1 – Cross-Site Request Forgery to Settings Change

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31601
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
WordPress Appointment Booking and Online Scheduling Plugin by Appointy
Researcher

Dhabaleshwar Das

More Details >

AtomChat <= 1.1.6 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31831
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Group Chat & Video Chat by AtomChat
Researcher

Skalucy

More Details >

Auto Post After Image Upload <= 1.6 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31611
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
Auto Post After Image Upload
Researcher

Kévin Mosbahi (Mika)

More Details >

Automatic Featured Images from Videos <= 1.2.4 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31820
Patch Status
Patched
Published
Apr 1, 2025

Affected Software
Automatic Featured Images from Videos
Researcher

Marek Mikita

More Details >

Barcode Generator for WooCommerce <= 2.0.4 – Missing Authorization to Authenticated (Subscriber+) Settings Update

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31879
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Barcode Generator for WooCommerce – Show barcodes on products, orders, invoices and other pages
Researcher

Kévin Mosbahi (Mika)

More Details >

Bookingor <= 1.0.6 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-32231
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
WordPress Booking plugin for Appointment Calendar and Woocommcerce Booking – Bookingor
Researcher

Pham Van Tam

More Details >

Breaking News WP <= 1.3 – Cross-Site Request Forgery to Settings Update

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31751
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Breaking News WP
Researcher

Nguyen Xuan Chien

More Details >

Bulk Fields Editor <= 1.8.0 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31752
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Bulk Fields Editor
Researcher

João Pedro Soares de Alcântara

More Details >

Bulk Product Sync <= 8.6 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31852
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Bulk Product Sync – Bulk Product Editor for WooCommerce with Google Sheets™
Researcher

Kévin Mosbahi (Mika)

More Details >

Cache control by Cacholong <= 5.4.1 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31763
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Cache control by Cacholong
Researcher

Nguyen Xuan Chien

More Details >

CF7 Spreadsheets <= 2.3.2 – Missing Authorization to Settings Update

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31603
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
CF7 Spreadsheets
Researcher

Kévin Mosbahi (Mika)

More Details >

Chat by Chatwee <= 2.1.3 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31596
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
Chat by Chatwee
Researcher

Kévin Mosbahi (Mika)

More Details >

Clearbit Reveal <= 1.0.6 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31785
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Clearbit Reveal
Researcher

Nguyen Xuan Chien

More Details >

Clients <= 1.1.4 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31746
Patch Status
Unpatched
Published
Apr 2, 2025

Affected Software
Clients
Researcher

Kévin Mosbahi (Mika)

More Details >

ContentMX Content Publisher <= 1.0.6 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31555
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
ContentMX Content Publisher
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Cryptocurrency Widgets Pack <= 2.0.1 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31539
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
Cryptocurrency Widgets Pack
Researcher

Peter Thaleikis

More Details >

Cue <= 2.4.4 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31787
Patch Status
Patched
Published
Apr 1, 2025

Affected Software
Cue by AudioTheme.com
Researcher

Aiden (Thái An)

More Details >

Display product variations dropdown on shop page <= 1.1.3 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-32226
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Display product variations dropdown on shop page
Researcher

Nabil Irawan

More Details >

DN Footer Contacts <= 1.8 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31839
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Footer Contacts Bar
Researcher

Khang Duong

More Details >

Easy WP Optimizer <= 1.1.0 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-32147
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Easy WP Optimizer – Optimize DB & WordPress
Researcher

thiennv

More Details >

Easy!Appointments <= 1.4.2 – Cross-Site Request Forgery to Settings Update

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31828
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Easy!Appointments
Researcher

Nguyen Xuan Chien

More Details >

eaSYNC <= 1.3.19 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-32219
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking
Researcher

Kévin Mosbahi (Mika)

More Details >

ELEX WooCommerce Request a Quote <= 2.3.4 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31406
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
ELEX WooCommerce Request a Quote
Researcher

Peter Thaleikis

More Details >

Elfsight Testimonials Slider <= 1.0.1 – Cross-Site Request Forgery to Settings Update

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31588
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
WordPress Testimonials Slider
Researcher

Pham Van Tam

More Details >

Elfsight Testimonials Slider <= 1.0.1 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31584
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
WordPress Testimonials Slider
Researcher

Pham Van Tam

More Details >

Embed Extended – Embed Maps, Videos, Websites, Source Codes, and more <= 1.4.0 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31784
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Embed Extended – Embed Maps, Videos, Websites, Source Codes, and more
Researcher

Nguyen Xuan Chien

More Details >

Export All Post Meta <= 1.2.1 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31856
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Export All Post Meta
Researcher

Tran Hoang Tuan Kiet

More Details >

Feedbucket – Website Feedback Tool <= 1.0.6 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31859
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Feedbucket – Website Feedback Tool
Researcher

Nguyen Xuan Chien

More Details >

FPW Category Thumbnails <= 1.9.5 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31841
Patch Status
Unpatched
Published
Apr 3, 2025

Affected Software
FPW Category Thumbnails
Researcher

Nguyen Xuan Chien

More Details >

Free Woocommerce Product Table View <= 1.78 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31757
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Free Woocommerce Product Table View – Woo Table Pro
Researcher

Kévin Mosbahi (Mika)

More Details >

Free Woocommerce Product Table View <= 1.78 – Missing Authorization to Arbitrary Content Deletion

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31758
Patch Status
Unpatched
Published
Apr 2, 2025

Affected Software
Free Woocommerce Product Table View – Woo Table Pro
Researcher

Kévin Mosbahi (Mika)

More Details >

GB Gallery Slideshow <= 1.3 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31732
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
GB Gallery Slideshow
Researcher

Kévin Mosbahi (Mika)

More Details >

GetBookingsWP <= 1.1.27 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31896
Patch Status
Unpatched
Published
Apr 2, 2025

Affected Software
GetBookingsWP – Appointments Booking Calendar Plugin For WordPress
Researcher

LVT-tholv2k

More Details >

Google SEO Pressor Snippet <= 2.0 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31775
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Google SEO Pressor for Rich snippets
Researcher

Nguyen Xuan Chien

More Details >

Google SEO Pressor Snippet <= 2.0 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31530
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
Google SEO Pressor for Rich snippets
Researcher

Nguyen Xuan Chien

More Details >

JobBoard Job listing <= 1.2.7 – Authenticated (Employer+) Insecure Direct Object Reference

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31833
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
JobBoard Job listing plugin
Researcher

Tran Hoang Tuan Kiet

More Details >

JS Job Manager <= 2.0.2 – Authenticated Insecure Direct Object Reference

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31867
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
JS Job Manager
Researcher

Tran Hoang Tuan Kiet

More Details >

Labinator Content Types Duplicator <= 1.1.3 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31809
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Labinator Content Types Duplicator
Researcher

astra.r3verii

More Details >

Lafka Plugin <= 7.1.0 – Missing Authorization to Authenticated (Subscriber+) Theme Option Update

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-1233
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Lafka Plugin
Researcher

István Márton

More Details >

m1.DownloadList <= 0.21 – Authenticated (Contributor+) Sensitive Information Disclosure

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-32164
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
m1.DownloadList
Researcher

muhammad yudha

More Details >

MasterStudy LMS <= 3.5.25 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-32237
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
MasterStudy LMS WordPress Plugin – for Online Courses and Education
Researcher

Kévin Mosbahi (Mika)

More Details >

mb.YTPlayer <= 3.3.8 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31782
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
mb.YTPlayer for background videos
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Minimalistic Event Manager <= 1.1.1 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31739
Patch Status
Unpatched
Published
Apr 2, 2025

Affected Software
Minimalistic Event Manager
Researcher

Kévin Mosbahi (Mika)

More Details >

Mobile App Canvas <= 3.8.2 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31816
Patch Status
Patched
Published
Apr 1, 2025

Affected Software
Mobile App Canvas – Convert your Website Into an App for iOS and Android
Researcher

Abdi Pranata

More Details >

MP3 Audio Player for Music, Radio & Podcast by Sonaar <= 5.9.4 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-32235
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Multi Days Events and Multi Events in One Day Calendar <= 1.1.3 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31572
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
Multi Days Events and Multi Events in One Day Calendar
Researcher

Pham Van Tam

More Details >

MyBookProgress by Stormhill Media <= 1.0.8 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31887
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
MyBookProgress by Stormhill Media
Researcher

Kévin Mosbahi (Mika)

More Details >

NanoSupport <= 0.6.0 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31376
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
NanoSupport — Support Ticketing & Knowledgebase for WordPress
Researcher

Kévin Mosbahi (Mika)

More Details >

Ni WooCommerce Cost Of Goods <= 3.2.8 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31826
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Ni WooCommerce Cost Of Goods
Researcher

NAWardRox

More Details >

Online Booking & Scheduling Calendar for WordPress by vcita <= 4.5.2 – Authenticated (Subscriber+) Sensitive Information Exposure

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-32238
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Online Booking & Scheduling Calendar for WordPress by vcita
Researcher

Joshua Chan

More Details >

OpenAI Tools for WordPress & WooCommerce <= 2.1.5 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31843
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
OpenAI Tools for WordPress & WooCommerce
Researcher

Kévin Mosbahi (Mika)

More Details >

OwnerRez <= 1.2.0 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31814
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
OwnerRez
Researcher

Nguyen Xuan Chien

More Details >

pCloud Backup <= 1.0.1 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31755
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
pCloud Backup
Researcher

Kévin Mosbahi (Mika)

More Details >

Pearl <= 1.3.9 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31880
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
WordPress Header Builder Plugin – Pearl
Researcher

Kévin Mosbahi (Mika)

More Details >

Pearl <= 1.3.9 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31881
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
WordPress Header Builder Plugin – Pearl
Researcher

Kévin Mosbahi (Mika)

More Details >

Pin Generator <= 2.0.0 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31791
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Pin Generator
Researcher

Abdi Pranata

More Details >

PostmarkApp Email Integrator <= 2.4 – Cross-Site Request Forgery to Stored Cross-Site Scripting

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31617
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
PostmarkApp Email Integrator
Researcher

SOPROBRO

More Details >

PostmarkApp Email Integrator <= 2.4 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31576
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
PostmarkApp Email Integrator
Researcher

Kévin Mosbahi (Mika)

More Details >

Printus <= 1.2.6 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31830
Patch Status
Patched
Published
Apr 1, 2025

Affected Software
Printus – Automatic Printing Plugin for WooCommerce – Print WooCommerce Orders, PDF Invoices, Packaging Slips & More
Researcher

Nguyen Xuan Chien

More Details >

Privyr CRM <= 1.0.1 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-32224
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Privyr CRM – Instant Lead Alerts for Contact Forms
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Product Notices for WooCommerce <= 1.3.3 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31807
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Product Notices for WooCommerce
Researcher

Skalucy

More Details >

Publitio <= 2.1.8 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31798
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Publitio
Researcher

Nguyen Xuan Chien

More Details >

Publitio <= 2.1.8 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31799
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Publitio
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Query Wrangler <= 1.5.53 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31779
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Query Wrangler
Researcher

Skalucy

More Details >

RestroPress <= 3.1.8.4 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31877
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
RestroPress – Online Food Ordering System
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Revive.so – Bulk Rewrite and Republish Blog Posts <= 2.0.3 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-32233
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Revive.so – Bulk Rewrite and Republish Blog Posts
Researcher

theviper17y

More Details >

Rollbar <= 2.7.1 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-32250
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Rollbar
Researcher

SOPROBRO

More Details >

Safe Ai Malware Protection for WP <= 1.0.20 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31545
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
Safe Ai Malware Protection for WP
Researcher

Peter Thaleikis

More Details >

Salon booking system <= 10.11 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-32220
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Salon Booking System, Appointment Scheduling for Salons, Spas & Small Businesses
Researcher

NAWardRox

More Details >

SCSS WP Editor <= 1.1.8 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31808
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
SCSS WP Editor
Researcher

Nguyen Xuan Chien

More Details >

Shiptimize for WooCommerce <= 3.1.86 – Missing Authorization to Authenticated (Subscriber+) Settings Update

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31802
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Shiptimize for WooCommerce
Researcher

Kévin Mosbahi (Mika)

More Details >

ShortPixel Adaptive Images <= 3.10.0 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30853
Patch Status
Patched
Published
Apr 1, 2025

Affected Software
ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization
Researcher

Peter Thaleikis

More Details >

Simple Contact Forms <= 1.6.4 – Cross-Site Request Forgery to Stored Cross-Site Scripting

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31615
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
Simple Contact Forms
Researcher

SOPROBRO

More Details >

Simple Fixed Notice <= 1.6 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31840
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Simple Fixed Notice
Researcher

Khang Duong

More Details >

Simple Sticky Add To Cart For WooCommerce <= 1.4.6 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31854
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Simple Sticky Add To Cart For WooCommerce
Researcher

theviper17y

More Details >

Slider Path for Elementor <= 3.0.0 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31529
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
Slider Path for Elementor
Researcher

Nguyễn Trung Kiên

More Details >

SMS Abandoned Cart Recovery ✦ CartBoss <= 4.1.2 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31865
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
SMS Abandoned Cart Recovery ✦ CartBoss
Researcher

Nguyen Xuan Chien

More Details >

Social proof testimonials and reviews by Repuso <= 5.21 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31886
Patch Status
Patched
Published
Apr 1, 2025

Affected Software
Social proof testimonials and reviews by Repuso
Researcher

Peter Thaleikis

More Details >

Social Share Buttons & Analytics Plugin – GetSocial.io <= 4.5 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-32239
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Social Share Buttons & Analytics Plugin – GetSocial.io
Researcher

Abdi Pranata

More Details >

StaffList <= 3.2.6 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-32232
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
StaffList
Researcher

Nguyễn Trung Kiên

More Details >

StaticPress <= 0.4.5 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31528
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
StaticPress
Researcher

Nguyen Xuan Chien

More Details >

SwiftXR (3D/AR/VR) Viewer <= 1.0.7 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-32248
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
SwiftXR (3D/AR/VR) Viewer
Researcher

Affan Ali

More Details >

Swiss Toolkit For WP <= 1.3.0 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31546
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
Swiss Toolkit For WP
Researcher

Peter Thaleikis

More Details >

Swiss Toolkit For WP <= 1.3.0 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31544
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
Swiss Toolkit For WP
Researcher

Peter Thaleikis

More Details >

TableOn – WordPress Posts Table Filterable <= 1.0.4 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-32218
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
TableOn – WordPress Posts Table Filterable 
Researcher

Abdi Pranata

More Details >

Theater for WordPress <= 0.18.7 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31846
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Theater for WordPress
Researcher

theviper17y

More Details >

Theme Duplicator <= 1.1 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31845
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Theme Duplicator
Researcher

Abdi Pranata

More Details >

TuriTop Booking System <= 1.0.10 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31541
Patch Status
Unpatched
Published
Apr 3, 2025

Affected Software
TuriTop Booking System
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

TZ PlusGallery <= 1.5.5 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31756
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
TZ Plus Gallery
Researcher

Nabil Irawan

More Details >

UPC/EAN/GTIN Code Generator <= 2.0.2 – Missing Authorization to Authenticated (Subscriber+) Settings Update

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31878
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
UPC/EAN/GTIN Code Generator
Researcher

Kévin Mosbahi (Mika)

More Details >

Uptime Robot Plugin for WordPress <= 2.3 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31776
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Uptime Robot Plugin for WordPress
Researcher

Nguyen Xuan Chien

More Details >

Useinfluence <= 1.0.8 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31625
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
Useinfluence
Researcher

SOPROBRO

More Details >

Variable Inspector <= 2.6.3 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-32229
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Variable Inspector
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

WebinarPress <= 1.33.27 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31882
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
WordPress Webinar Plugin – WebinarPress
Researcher

Peter Thaleikis

More Details >

Woocommerce Products Reorder Drag Drop Multiple Sort – Sortable, Rearrange Products Vagonic <= 1.9 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-32236
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Woocommerce Advanced Product Organizer – Dynamic Sorting & Reordering
Researcher

Kévin Mosbahi (Mika)

More Details >

wordpress related Posts with thumbnails <= 3.0.0.1 – Cross-Site Request Forgery to Stored Cross-Site Scripting

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31569
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
wordpress related Posts with thumbnails
Researcher

Abdi Pranata

More Details >

WP Church Donation <= 1.7 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31410
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
WP Church Donation
Researcher

johska

More Details >

WP Event Manager <= 3.1.48 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-32225
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

WP Mobile Bottom Menu <= 1.2.9 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31525
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
WP Mobile Bottom Menu
Researcher

Peter Thaleikis

More Details >

WP Video Playlist <= 1.1.2 – Missing Authorization to Unauthenticated Settings Update

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31581
Patch Status
Unpatched
Published
Apr 2, 2025

Affected Software
WP Video Playlist
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

WPCargo Track & Trace <= 7.0.6 – Authenticated (Contributor+) Insecure Direct Object Reference

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31609
Patch Status
Unpatched
Published
Mar 31, 2025

Affected Software
WPCargo Track & Trace
Researcher

hunter85

More Details >

WR Price List Manager For Woocommerce <= 1.0.8 – Missing Authorization to Arbitrary Content Deletion

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31794
Patch Status
Unpatched
Published
Apr 2, 2025

Affected Software
WR Price List Manager For Woocommerce
Researcher

Kévin Mosbahi (Mika)

More Details >

Xpro Theme Builder <= 1.2.8.4 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-32201
Patch Status
Unpatched
Published
Apr 4, 2025

Affected Software
Xpro Theme Builder For Elementor – FREE
Researcher

Prissy

More Details >

YayExtra <= 1.5.2 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31415
Patch Status
Patched
Published
Mar 31, 2025

Affected Software
YayExtra – WooCommerce Extra Product Options
Researcher

theviper17y

More Details >

Zoho Flow <= 2.13.3 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31408
Patch Status
Unpatched
Published
Apr 1, 2025

Affected Software
Zoho Flow – Integrate 100+ plugins with 1000+ business apps, no-code workflow automation
Researcher

Peter Thaleikis

More Details >

As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.

This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

The post Wordfence Intelligence Weekly WordPress Vulnerability Report (March 31, 2025 to April 6, 2025) appeared first on Wordfence.

Adicionar aos favoritos o Link permanente.