Wordfence Intelligence Weekly WordPress Vulnerability Report (April 7, 2025 to April 13, 2025)

In case you missed it, Wordfence just published its annual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond.  

Last week, there were 340 vulnerabilities disclosed in 303 WordPress Plugins and 8 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 67 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to implement layered security, aligning with our overarching mission to secure WordPress with defense in depth strategies. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.

Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 25,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

Total Unpatched & Patched Vulnerabilities Last Week

Total Vulnerabilities by CVSS Severity Last Week

Total Vulnerabilities by CWE Type Last Week

Researchers That Contributed to WordPress Security Last Week

Researcher Name	Number of Vulnerabilities
LVT-tholv2k	31
johska	28
João Pedro Soares de Alcântara	26
0xd4rk5id3	26
Abdi Pranata	16
Le Ngoc Anh	12
SOPROBRO	12
Nabil Irawan	10
stealthcopter	10
Dimas Maulana	9
Nguyen Xuan Chien	9
Kévin Mosbahi (Mika)	9
theviper17y	8
Skalucy	8
Avraham Shemesh	8
Trương Hữu Phúc (truonghuuphuc)	8
thiennv	6
Peter Thaleikis	6
Rafie Muhammad	5
Phan Trong Quan	5
zaim	5
astra.r3verii	5
mikemyers	5
muhammad yudha	5
Tran Nguyen Bao Khanh	4
Jon Cagan	4
VigilAInce Seeker	4
kr0d	4
Phúc ton luoi	4
Ananda Dhakal	3
Dhabaleshwar Das	3
Gab	2
timomangcut	2
NAWardRox	2
siavashvafshar	2
Fariq Fadillah Gusti Insani (fariqfgi)	2
Nguyễn Trung Kiên	2
wesley (wcraft)	2
Whit Taylor	2
István Márton	1
kuaile	1
Pierre Rudloff	1
Vo Thi Ngoc Nhi	1
Abhinav Porwal	1
Parasimpaticki	1
Cheng Liu	1
Marek Mikita	1
hunter85	1
Michelle Porter	1
ayato	1
Bonds	1
Webbernaut	1
20kilograma	1
Gabriele Zuddas	1
zer0gh0st	1
Mohammadamin Alidoost	1
Luciano Hanna	1
khanhhnahk1	1
Khalid Yusuf	1
Ala Arfaoui	1
Revan Arifio	1
Ivan Kuzymchak	1
Chloe Chamberland	1
Yassine Neggaoui (Y45NG)	1
Brian Sans-Souci (liardom)	1
oncybersec	1
Aiden (Thái An)	1

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.

WordPress Plugins with Reported Vulnerabilities Last Week

Software Name	Software Slug
3DPrint Lite	3dprint-lite
5sterrenspecialist	5-sterrenspecialist
AAWP Obfuscator	aawp-obfuscator
ABA PayWay Payment Gateway for WooCommerce	aba-payway-woocommerce-payment-gateway
Accept SagePay Payments Using Contact Form 7	accept-sagepay-payments-using-contact-form-7
Accessibility Suite by Ability, Inc	online-accessibility
Accordion – AI FAQ, Accordion, Tabs, Image Accordion, Product FAQ, FAQ Builder, FAQ Grid	accordions
Accredible Certificates & Open Badges	accredible-certificates
Activity Reactions For Buddypress	activity-reactions-for-buddypress
Add Product Frontend for WooCommerce	add-product-frontend-for-woocommerce
Additional Custom Product Tabs for WooCommerce	product-tabs-for-woocommerce
Admin Menu Post List	admin-menu-post-list
Advance WP Query Search Filter	advance-wp-query-search-filter
Advanced Advertising System	advanced-advertising-system
Advanced Contact form 7 DB	advanced-cf7-db
Advanced Custom Fields: Link Picker Field	acf-link-picker-field
Advanced Tag Lists	advanced-tag-list
AF Tell a Friend	af-tell-a-friend
Affiliate Links: WordPress Plugin for Link Cloaking and Link Management	affiliate-links
Age Gate	age-gate
AI Content Writer, Autoblogging, Youtube Subtitle to Article – SEO Help	seo-help
ALD Login Page	ald-login-page
All push notification for WP	all-push-notification
Ally – Web Accessibility & Usability	pojo-accessibility
Anant Addons for Elementor	anant-addons-for-elementor
AnyTrack Affiliate Link Manager	anytrack-affiliate-link-manager
Arconix FAQ	arconix-faq
Aria Font	aria-font
Asgaros Forum	asgaros-forum
AT Internet SmartTag	at-internet
Automatic Ban IP	automatic-ban-ip
AWSA Shipping – Advanced Shipping for Woocommerce and Dokan	awsa-shipping
azurecurve Shortcodes in Comments	azurecurve-shortcodes-in-comments
Booking and Rental Manager for Bike | Car | Resort | Appointment | Dress | Equipment	booking-and-rental-manager-for-woocommerce
BP Social Connect	bp-social-connect
Brizy Pro	brizy-pro
Broadstreet	broadstreet
Buddypress Humanity	buddypress-humanity
Build App Online	build-app-online
Bulk Product Sync – Bulk Product Editor for WooCommerce with Google Sheets	sync-wc-google
C9 Blocks	c9-blocks
Canonical Attachments	canonical-attachments
CardGate Payments for WooCommerce	cardgate
Cart66 Cloud :: WordPress Ecommerce The Easy Way	cart66-cloud
CG Scroll To Top	cg-scroll-to-top
Chat2	chat2
ChillPay WooCommerce	chillpay-payment-gateway
Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer	clearfy
Click & Pledge Connect Plugin	click-pledge-connect
Clinked Client Portal	clinked-client-portal
CM Registration – Tailored tool for seamless login and invitation-based registrations	cm-invitation-codes
Codescar Radio Widget	codescar-radio-widget
Coming Soon Countdown	coming-soon-countdown
Coming Soon, Maintenance Mode & Under Construction Page Builder by Site Mode	site-mode
Comment Validation Reloaded	comment-validation-reloaded
Connector to CiviCRM with CiviMcRestFace	connector-civicrm-mcrestface
Cool Flipbox – Shortcode & Gutenberg Block	flip-boxes
coreActivity: Activity Logging for WordPress	coreactivity
Cost Calculator Builder	cost-calculator-builder
Credova Financial	credova-financial
Crowdfunding for WooCommerce	crowdfunding-for-woocommerce
Custom Posts Order	custom-posts-order
Custom Smilies	custom-smilies
Customize Login Page	customize-login-page
Czater.pl – live chat i telefon	czater
Database Toolset	database-toolset
DeBounce Email Validator	debounce-io-email-validator
Deliver via Shipos for WooCommerce	wc-shipos-delivery
Developer Toolbar	developer-toolbar
Doppler Forms	doppler-form
DSGVO Youtube	dsgvo-youtube
Duplicate Title Checker	duplicate-title-checker
Easy custom css by webriti	easy-custom-css
Easy Post Duplicator	easy-post-duplicator
Eazy Plugin Manager – Powerful Plugin Management Solution for WordPress	plugins-on-steroids
EazyDocs – Most Powerful Knowledge base, wiki, Documentation Builder Plugin	eazydocs
Embedder	embedder
EmpikPlace for Woocommerce	empik-for-woocommerce
ePaper Lister for Yumpu	magazine-lister-for-yumpu
Epeken All Kurir Plugin for Woocommerce Full Version	epeken-all-kurir
Error Log Viewer By WP Guru	error-log-viewer-wp
Essential Breadcrumbs	essential-breadcrumbs
Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin	mage-eventpress
EventON – Events Calendar	eventon-lite
Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress	everest-forms
FAT Cooming Soon	fat-coming-soon
FireDrum Email Marketing	firedrum-email-marketing
Flags Widget	flags-widget
Flexi – Guest Submit	flexi
Flo Forms – Easy Drag & Drop Form Builder	flo-forms
Foliopress WYSIWYG	foliopress-wysiwyg
FraudLabs Pro for WooCommerce	fraudlabs-pro-for-woocommerce
FrescoChat Live Chat	flexytalk-widget
FS Poster – WordPress Social media Auto Poster & Scheduler [Facebook, Instagram, Twitter, Pinterest]	fs-poster
GB Gallery Slideshow	gb-gallery-slideshow
Global Gallery – WordPress Responsive Gallery	global-gallery
GreenPay(tm) by Green.Money	green-money-payment-gateway
Hamburger Icon Menu Lite	hamburger-icon-menu-lite
Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress	hive-support
HTML5 Video Player with Playlist	html5-video-player-with-playlist
iCal Feeds	ical-feeds
IDonate – Blood Donation, Request And Donor Management System	idonate
Import any XML, CSV or Excel File to WordPress	wp-all-import
IndieBlocks	indieblocks
InPost Gallery	inpost-gallery
Insert HTML Here	insert-html-here
Insert or Embed Articulate Content into WordPress	insert-or-embed-articulate-content-into-wordpress
InstaWP Connect – 1-click WP Staging & Migration	instawp-connect
Interactive US Map	interactive-us-map
iONE360 configurator	ione360-configurator
IP2Location World Clock	ip2location-world-clock
JetBlog for Elementor	jet-blog
JetCompareWishlist for Elementor	jet-compare-wishlist
JetEngine	jet-engine
Job Board Manager	job-board-manager
JS Job Manager	js-jobs
Kargo Entegratör – WooCommerce Kargo Entegrasyon Eklentisi	kargo-entegrator
KeyCAPTCHA – Social WordPress CAPTCHA	keycaptcha
Language Field	language-field
License For Envato	license-envato
License Manager for WooCommerce	license-manager-for-woocommerce
Linet ERP-Woocommerce Integration Plugin	linet-erp-woocommerce-integration
Link Shield	link-shield
Listings for Buildium	listings-for-buildium
Local google fonts, host google fonts locally by Easyfonts	easyfonts
Lock Your Updates Plugins/Themes Manager	lock-your-updates
Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid	logo-showcase-ultimate
Make Email Customizer for WooCommerce	make-email-customizer-for-woocommerce
MapGeo – Interactive Geo Maps	interactive-geo-maps
MapSVG – Vector maps, Image maps, Google Maps	mapsvg-lite-interactive-vector-maps
Material Dashboard	material-dashboard
MelaPress Login Security	melapress-login-security
MelaPress Login Security Premium	melapress-login-security-premium
Melhor Envio	melhor-envio-cotacao
Mergado Pack	mergado-marketing-pack
MMX – Make Me Christmas	mmx-make-me-christmas
Mobile Blocks	mobile-pages
Mobile Smart	mobile-smart
More Mime Type Filters	more-mime-type-filters
Motors – Car Dealership & Classified Listings Plugin	motors-car-dealership-classified-listings
MSRP (RRP) Pricing for WooCommerce	msrp-for-woocommerce
MultiMailer	scand-multi-mailer
Multiple Location Google Map	multiple-location-google-map
Nav Menu Manager	noakes-menu-manager
Nearby Locations	nearby-locations
Neon Product Designer	neon-product-designer-for-woocommerce
Nepali Date Converter	nepali-date-converter
Nepali Date Utilities	nepali-date-utilities
NewsBoard Post and RSS Scroller	newsboard
Nimbata Call Tracking	nimbata-call-tracking
Nino Social Connect	nino-social-connect
Oppso Unit Converter	oppso-unit-converter
ORDER POST	order-post
OttoKit: All-in-One Automation Platform (Formerly SureTriggers)	suretriggers
Oxygen MyData for WooCommerce	oxygen-mydata
Pagopar – WooCommerce Gateway	pagopar-woocommerce-gateway
Paid Videochat Turnkey Site – HTML5 PPV Live Webcams	ppv-live-webcams
Payment Forms for Paystack	payment-forms-for-paystack
Photo Gallery by 10Web – Mobile-Friendly Image Gallery	photo-gallery
Piotnet Forms	piotnetforms
PlainInventory – Inventory Management Plugin	z-inventory-manager
Popping Content Light	popping-content-light
PowerPress Podcasting plugin by Blubrry	powerpress
Print Science Designer	print-science-designer
Processing Projects	processing-projects
Product Excel Import Export & Bulk Edit for WooCommerce	webd-woocommerce-product-excel-importer-bulk-edit
QR Master	qr-master
Question Answer	question-answer
Rankology SEO – On-site SEO	rankology-seo-all-in-one-seo-analytics
Raptive Ads	adthrive-ads
Ray Enterprise Translation	lingotek-translation
Real Estate Manager – Property Listing and Agent Management	real-estate-manager
Real Testimonials – Testimonial Slider, Carousel, Grid | Collect Customer Reviews and Video Testimonial with Testimonial Form | Social Proof Reviews and Review Slider	testimonial-free
reCAPTCHA Jetpack	recaptcha-jetpack
Related Videos for JW Player	related-videos-for-jw-player
RentSyst – CRM solution for fleet management	rentsyst
Request Call Back	request-call-back
Restrict User Registration	restrict-user-registration
RestroPress – Online Food Ordering System	restropress
Revamp CRM for WooCommerce	revampcrm-woocommerce
REVE Chat – AI-powered Chatbot & Live Chat Plugin for WordPress	revechat
Review Stars Count For WooCommerce	review-stars-count-for-woocommerce
Review Stream	review-stream
Rich Table of Contents	rich-table-of-content
Royal Elementor Addons and Templates	royal-elementor-addons
RS Elements Elementor Addon	rselements-lite
Sandwich Adsense	firsth3tagadsense
Scheduled	scheduled
Script Compressor	script-compressor
Seo Meta Tags	seo-meta-tags
SEO, Nutrition and Print for Recipes by Edamam	seo-nutrition-and-print-for-recipes-by-edamam
SERPed.net	serped-net
Service Booking & Scheduling Solution | All-in-one Booking Systems	service-booking-manager
Shipping by Weight for WooCommerce	dn-shipping-by-weight
Shop Products Filter	trusty-woo-products-filter
Silvasoft boekhouden	silvasoft-boekhouden
Simple Post Meta Manager	simple-post-meta-manager
Simple Spoiler	simple-spoiler
Simple WP Events	simple-wp-events
Site Notify	site-notify
Site Table of Contents	site-table-of-contents
SKT Blocks – Gutenberg based Page Builder	skt-blocks
SKT Skill Bar	skt-skill-bar
Smart Product Gallery Slider	smart-product-gallery-slider
SMTP for Amazon SES – YaySMTP	smtp-amazon-ses
Social Bookmarking RELOADED	social-bookmarking-reloaded
Social Crowd	social-crowd
Solace Extra	solace-extra
Spark GF Failed Submissions	spark-gf-failed-submissions
Specia Companion	specia-companion
Spider Elements – Crafted UX First Addons for Elementor	spider-elements
Spoiler Block	spoiler-block
Squeeze – Image Optimization & Compression, WebP Conversion	squeeze
Stop Registration Spam	stop-registration-spam
Store Exporter – Export WooCommerce Products, Orders, Subscriptions, Customers	woocommerce-exporter
Survey Maker	survey-maker
Swatchly – WooCommerce Variation Swatches for Products (product attributes: Image swatch, Color swatches, Label swatches)	swatchly
Sync Posts	sync-posts
TableOn – WordPress Posts Table Filterable	posts-table-filterable
Task Scheduler	task-scheduler
Team Circle Image Slider With Lightbox	circle-image-slider-with-lightbox
Terminal Africa	terminal-africa
Testimonial Slider And Showcase Pro	testimonial-slider-showcase-pro
The World	the-world
Total processing card payments for WooCommerce	totalprocessing-card-payments
Tournamatch	tournamatch
Tutor LMS – eLearning and online course solution	tutor
Twispay Credit Card Payments	twispay
Ultimate Bootstrap Elements for Elementor	ultimate-bootstrap-elements-for-elementor
Ultimate WP Mail	ultimate-wp-mail
Ultra Demo Importer	ut-demo-importer
Uncanny Toolkit for LearnDash	uncanny-learndash-toolkit
User Registration & Membership – Custom Registration Form, Login Form, and User Profile	user-registration
User Registration Using Contact Form 7	user-registration-using-contact-form-7
User Session Synchronizer	user-session-synchronizer
UXsniff AI-powered Heatmaps and Session Recordings	ux-sniff
Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce	vayu-blocks
Verowa Connect	verowa-connect
Vice Versa	vice-versa
Vite Coupon	vite-coupon
VKontakte Cross-Post	vkontakte-cross-post
Wallet System for WooCommerce	wallet-system-for-woocommerce
Waymark	waymark
Web2application Convert your website to android and IOS apps with push notifications , web push , free ajax products search for woocommerce and many more advanced features	web2application
Wetterwarner	wetterwarner
Widgetize Pages Light	widgetize-pages-light
Windows Live Writer	windows-live-writer
Wishlist	wishlist
Woo Product Feed For Marketing Channels	woocommerce-to-google-merchant-center
WooCommerce Estimate and Quote – Live Product Cost Estimation and Quotation system for WordPress	wc-estimate-and-quote
WooCommerce Loyal Customers	woocommerce-loyal-customer
WooCommerce Multilingual & Multicurrency with WPML	woocommerce-multilingual
WooCommerce Pickupp	wc-pickupp
WooCommerce Sales MIS Report	woocommerce-mis-report
WooCommerce Sync for QuickBooks Online – by MyWorks	myworks-woo-sync-for-quickbooks-online
WooCommerce TBC Credit Card Payment Gateway (Free)	woo-tbc-payment-gateway
WooCommerce – Payphone Gateway	wc-payphone-gateway
WordPress Events Calendar Plugin – connectDaily	connect-daily-web-calendar
WordPress Health and Server Condition – Integrated with Google Page Speed	wp-condition
WordPress Internal Link Optimiser	internal-link-finder
WordPress Mega Menu – QuadMenu	quadmenu
WordPress SMTP Service, Email Delivery Solved! — MailHawk	mailhawk
WordPress Spam Blocker | Stop Spam for Contact Form 7, WP Forms and Formidable Forms	cf7-manual-spam-blocker
WordPress Webinar Plugin – WebinarPress	wp-webinarsystem
Workbox Video from Vimeo & Youtube Plugin	workbox-video-from-vimeo-youtube-plugin
WP Abstracts	wp-abstracts-manuscripts-manager
WP AutoKeyword	wp-autokeyword
WP Calais Auto Tagger	calais-auto-tagger
WP Delete User Accounts	wp-delete-user-accounts
WP Easy Poll	wp-easy-poll-afo
WP Editor.md – The Perfect WordPress Markdown Editor	wp-editormd
WP Featured Screenshot	wp-featured-screenshot
WP Food ordering and Restaurant Menu	wp-food
WP Hide Categories	wp-hide-categories
WP Inquiries	wp-inquiries
WP Job Board	wpjobboard
WP Map Route Planner	wp-map-route-planner
WP Online Users Stats	wp-online-users-stats
WP Performance Pack	wp-performance-pack
WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts	wedevs-project-manager
WP Remote Thumbnail	wp-remote-thumbnail
wp secure	wp-secure-by-sitesecuritymonitorcom
WP SexyLightBox	wp-sexylightbox
WP Show Stats	wp-show-stats
WP Social Stream Designer	social-stream-design
WP Subscription Forms – Subscription Form Plugin for WordPress	wp-subscription-forms
WP Table Builder – WordPress Table Plugin	wp-table-builder
WP User Profiles	wp-user-profiles
WP w3all phpBB	wp-w3all-phpbb-integration
WP-BusinessDirectory – Business directory plugin for WordPress	wp-businessdirectory
WP-Easy Menu	wp-easy-menu
WP-Hijri	wp-hijri
WP-Planification – WP-Planning	wp-planification
WPC Admin Columns	wpc-admin-columns
WPFront User Role Editor	wpfront-user-role-editor
WPshop 2 – E-Commerce	wpshop
WPSmartContracts	wp-smart-contracts
WPSolr – Local Search with AI, Hybrid or Keywords – Includes Related Posts Widgets	wpsolr-free
WS Audio Player	ws-audio-player
YouTube Embed	youtube-embed
Z Companion	z-companion
Zephyr Project Manager	zephyr-project-manager
ZoomSounds – WordPress Wave Audio Player with Playlist	dzs-zoomsounds

WordPress Themes with Reported Vulnerabilities Last Week

Vulnerability Details

Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.

Build App Online <= 1.0.23 – Unauthenticated Local File Inclusion

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2025-32577

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Build App Online

Researcher

LVT-tholv2k

More Details >

Coming Soon, Maintenance Mode <= 1.1.1 – Unauthenticated Local File Inclusion

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2025-26894

Patch Status
Unpatched

Published
Apr 11, 2025

Affected Software
Coming Soon, Maintenance Mode & Under Construction Page Builder by Site Mode

Researcher

Dimas Maulana

More Details >

EventON <= 2.4 – Unauthenticated Local File Inclusion

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2025-32614

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
EventON – Events Calendar

Researcher

Dimas Maulana

More Details >

Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress <= 3.1.1 – Unauthenticated PHP Object Injection

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2025-3439

Patch Status
Patched

Published
Apr 10, 2025

Affected Software
Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress

Researcher

kuaile

More Details >

FAT Cooming Soon <= 1.1 – Unauthenticated Local File Inclusion

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2025-32663

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
FAT Cooming Soon

Researcher

LVT-tholv2k

More Details >

Flexi – Guest Submit <= 4.28 – Unauthenticated Local File Inclusion

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2025-32589

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Flexi – Guest Submit

Researcher

LVT-tholv2k

More Details >

IDonate <= 2.1.8 – Unauthenticated Local File Inclusion

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2025-32519

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
IDonate – Blood Donation, Request And Donor Management System

Researcher

Dimas Maulana

More Details >

InstaWP Connect <= 0.1.0.85 – Unauthenticated Local PHP File Inclusion

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2025-2636

Patch Status
Patched

Published
Apr 10, 2025

Affected Software
InstaWP Connect – 1-click WP Staging & Migration

Researcher

Cheng Liu

More Details >

JS Job Manager <= 2.0.2 – Unauthenticated Local File Inclusion

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2025-32627

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
JS Job Manager

Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Motors <= 1.4.67 – Unauthenticated Local File Inclusion

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2025-32654

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Motors – Car Dealership & Classified Listings Plugin

Researcher

LVT-tholv2k

More Details >

Paid Videochat Turnkey Site <= 7.3.11 – Authentication Bypass

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2025-31380

Patch Status
Patched

Published
Apr 10, 2025

Affected Software
Paid Videochat Turnkey Site – HTML5 PPV Live Webcams

Researcher

LVT-tholv2k

More Details >

Ray Enterprise Translation <= 1.7.0 – Unauthenticated Local File Inclusion

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2025-31030

Patch Status
Unpatched

Published
Apr 10, 2025

Affected Software
Ray Enterprise Translation

Researcher

astra.r3verii

More Details >

Real Estate Manager <= 7.3 – Unauthenticated Local File Inclusion

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2025-32668

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Real Estate Manager – Property Listing and Agent Management

Researcher

LVT-tholv2k

More Details >

TableOn – WordPress Posts Table Filterable <= 1.0.4 – Unauthenticated PHP Object Injection

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2025-32569

Patch Status
Unpatched

Published
Apr 10, 2025

Affected Software
TableOn – WordPress Posts Table Filterable 

Researcher

LVT-tholv2k

More Details >

Testimonial Slider And Showcase Pro <= 2.3.15 – Unauthenticated Local File Inclusion

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2025-32656

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Testimonial Slider And Showcase Pro

Researcher

LVT-tholv2k

More Details >

Ultimate Bootstrap Elements for Elementor <= 1.4.9 – Unauthenticated Local File Inclusion

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2025-32672

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Ultimate Bootstrap Elements for Elementor

Researcher

LVT-tholv2k

More Details >

WooCommerce Pickupp <= 2.4.0 – Unauthenticated Local File Inclusion

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2025-32587

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
WooCommerce Pickupp

Researcher

LVT-tholv2k

More Details >

WordPress SMTP Service, Email Delivery Solved! — MailHawk <= 1.3.1 – Unauthenticated Local File Inclusion

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2025-31015

Patch Status
Patched

Published
Apr 9, 2025

Affected Software
WordPress SMTP Service, Email Delivery Solved! — MailHawk

Researcher

Nguyen Xuan Chien

More Details >

WP Food ordering and Restaurant Menu <= 1.1 – Unauthenticated Local File Inclusion

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2025-31040

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
WP Food ordering and Restaurant Menu

Researcher

theviper17y

More Details >

WpBookingly <= 1.2.0 – Unauthenticated PHP Object Injection

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2025-32607

Patch Status
Unpatched

Published
Apr 10, 2025

Affected Software
Service Booking & Scheduling Solution | All-in-one Booking Systems

Researcher

Tran Nguyen Bao Khanh

More Details >

Database Toolset <= 1.8.4 – Unauthenticated Arbitrary File Deletion

9.1

CVSS Rating
Critical (9.1)

CVE-ID
CVE-2025-32633

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Database Toolset

Researcher

LVT-tholv2k

More Details >

Oxygen MyData for WooCommerce <= 1.0.63 – Unauthenticated Arbitrary File Deletion

9.1

CVSS Rating
Critical (9.1)

CVE-ID
CVE-2025-32631

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Oxygen MyData for WooCommerce

Researcher

LVT-tholv2k

More Details >

Simple WP Events <= 1.8.17 – Unauthenticated Arbitrary File Deletion

9.1

CVSS Rating
Critical (9.1)

CVE-ID
CVE-2025-2004

Patch Status
Unpatched

Published
Apr 7, 2025

Affected Software
Simple WP Events

Researcher

khanhhnahk1

More Details >

WP-BusinessDirectory <= 3.1.2 – Unauthenticated Arbitrary File Deletion

9.1

CVSS Rating
Critical (9.1)

CVE-ID
CVE-2025-32629

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
WP-BusinessDirectory – Business directory plugin for WordPress

Researcher

LVT-tholv2k

More Details >

Accessibility Suite by Online ADA <= 4.18 – Authenticated (Subscriber+) Arbitrary File Upload

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-32215

Patch Status
Unpatched

Published
Apr 7, 2025

Affected Software
Accessibility Suite by Ability, Inc

Researcher

theviper17y

More Details >

Accordion <= 2.3.10 – Authenticated (Contributor+) PHP Object Injection

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-32143

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Accordion – AI FAQ, Accordion, Tabs, Image Accordion, Product FAQ, FAQ Builder, FAQ Grid

Researcher

LVT-tholv2k

More Details >

Arkhe <= 3.11.0 – Cross-Site Request Forgery to Local File Inclusion

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-26748

Patch Status
Unpatched

Published
Apr 11, 2025

Affected Software
Arkhe

Researcher

Dimas Maulana

More Details >

Booking and Rental Manager <= 2.2.8 – Authenticated (Contributor+) Local File Inclusion

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-27011

Patch Status
Patched

Published
Apr 11, 2025

Affected Software
Booking and Rental Manager for Bike | Car | Resort | Appointment | Dress | Equipment

Researcher

LVT-tholv2k

More Details >

Buddypress Humanity <= 1.2 – Cross-Site Request Forgery to Privilege Escalation

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-31033

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Buddypress Humanity

Researcher

LVT-tholv2k

More Details >

Embedder 1.3 – 1.3.5 – Authenticated (Subscriber+) Arbitrary Options Update

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-3417

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Embedder

Researcher

kr0d

More Details >

EmpikPlace for Woocommerce <= 1.4.3 – Authenticated (Subscriber+) PHP Object Injection

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-32568

Patch Status
Unpatched

Published
Apr 10, 2025

Affected Software
EmpikPlace for Woocommerce

Researcher

LVT-tholv2k

More Details >

Essential Breadcrumbs <= 1.1.1 – Cross-Site Request Forgery to Privilege Escalation

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-31038

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Essential Breadcrumbs

Researcher

LVT-tholv2k

More Details >

JetCompareWishlist <= 1.5.9 – Authenticated (Contributor+) Local File Inclusion

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-22279

Patch Status
Patched

Published
Apr 10, 2025

Affected Software
JetCompareWishlist for Elementor

Researcher

stealthcopter

More Details >

Job Board Manager <= 2.1.60 – Authenticated (Contributor+) PHP Object Injection

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-32144

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Job Board Manager

Researcher

LVT-tholv2k

More Details >

Logo Showcase Ultimate <= 1.4.4 – Authenticated (Contributor+) Local File Inclusion

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-32499

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid

Researcher

João Pedro Soares de Alcântara

More Details >

Material Dashboard <= 1.4.5 – Authenticated (Subscriber+) Local File Inclusion

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-31014

Patch Status
Patched

Published
Apr 9, 2025

Affected Software
Material Dashboard

Researcher

LVT-tholv2k

More Details >

Motors – Car Dealership & Classified Listings Plugin <= 1.4.64 – Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-2807

Patch Status
Unpatched

Published
Apr 7, 2025

Affected Software
Motors – Car Dealership & Classified Listings Plugin

Researcher

mikemyers

More Details >

Rankology SEO – On-site SEO <= 2.2.3 – Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-32491

Patch Status
Unpatched

Published
Apr 10, 2025

Affected Software
Rankology SEO – On-site SEO

Researcher

LVT-tholv2k

More Details >

Seo Meta Tags <= 1.4 – Cross-Site Request Forgery to Privilege Escalation

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-31023

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Seo Meta Tags

Researcher

LVT-tholv2k

More Details >

Shop Products Filter <= 1.2 – Authenticated (Subscriber+) Local File Inclusion

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-32585

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Shop Products Filter

Researcher

LVT-tholv2k

More Details >

Solace Extra <= 1.3.1 – Authenticated (Subscriber+) Arbitrary File Upload

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-32652

Patch Status
Unpatched

Published
Apr 10, 2025

Affected Software
Solace Extra

Researcher

theviper17y

More Details >

Streamit <= 4.0.2 – Authenticated (Subscriber+) Privilege Escalation via User Email Change/Account Takeover

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-2526

Patch Status
Patched

Published
Apr 7, 2025

Affected Software
Streamit

Researcher

István Márton

More Details >

Sync Posts <= 1.0 – Authenticated (Subscriber+) Arbitrary File Upload

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-32579

Patch Status
Unpatched

Published
Apr 10, 2025

Affected Software
Sync Posts

Researcher

João Pedro Soares de Alcântara

More Details >

Ultra Demo Importer <= 1.0.5 – Cross-Site Request Forgery to Remote Code Execution

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-32496

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Ultra Demo Importer

Researcher

0xd4rk5id3

More Details >

Vite Coupon <= 1.0.7 – Cross-Site Request Forgery to Remote Code Execution

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-32642

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Vite Coupon

Researcher

stealthcopter

More Details >

WP Remote Thumbnail <= 1.3.1 – Authenticated (Contributor+) Arbitrary File Upload

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-32140

Patch Status
Unpatched

Published
Apr 8, 2025

Affected Software
WP Remote Thumbnail

Researcher

Le Ngoc Anh

More Details >

WP shop <= 2.6.0 – Cross-Site Request Forgery to Arbitrary File Upload

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-32576

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
WPshop 2 – E-Commerce

Researcher

theviper17y

More Details >

WP Subscription Forms <= 1.2.4 – Authenticated (Contributor+) Local File Inclusion

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-32692

Patch Status
Patched

Published
Apr 9, 2025

Affected Software
WP Subscription Forms – Subscription Form Plugin for WordPress

Researcher

LVT-tholv2k

More Details >

WP User Profiles <= 2.6.2 – Authenticated (Subscriber+) Privilege Escalation

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-31524

Patch Status
Unpatched

Published
Apr 8, 2025

Affected Software
WP User Profiles

Researcher

astra.r3verii

More Details >

WPC Admin Columns 2.0.6 – 2.1.0 – Authenticated (Subscriber+) Privilege Escalation via User Meta Update

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-3418

Patch Status
Patched

Published
Apr 11, 2025

Affected Software
WPC Admin Columns

Researcher

kr0d

More Details >

WpEvently <= 4.3.6 – Authenticated (Contributor+) PHP Object Injection

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-32145

Patch Status
Unpatched

Published
Apr 8, 2025

Affected Software
Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin

Researcher

LVT-tholv2k

More Details >

WPFront User Role Editor <= 4.2.1 – Cross-Site Request Forgery to Privilege Escalation via whitelist_options Function

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-3064

Patch Status
Patched

Published
Apr 7, 2025

Affected Software
WPFront User Role Editor

Researchers

stealthcopter

Brian Sans-Souci (liardom)

More Details >

WPJobBoard < 5.11.1 – Cross-Site Request Forgery to Remote Code Execution

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-30967

Patch Status
Patched

Published
Apr 10, 2025

Affected Software
WP Job Board

Researcher

Ananda Dhakal

More Details >

WPSolr <= 24.0 – Cross-Site Request Forgery to Privilege Escalation

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2025-31036

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
WPSolr – Local Search with AI, Hybrid or Keywords – Includes Related Posts Widgets

Researcher

LVT-tholv2k

More Details >

Nomupay Payment Processing Gateway <= 7.1.5 – Authenticated (Subscriber+) Arbitrary File Download

8.1

CVSS Rating
High (8.1)

CVE-ID
CVE-2025-32209

Patch Status
Patched

Published
Apr 7, 2025

Affected Software
Total processing card payments for WooCommerce

Researcher

LVT-tholv2k

More Details >

SureTriggers <= 1.0.78 – Authorization Bypass due to Missing Empty Value Check to Unauthenticated Administrative User Creation

8.1

CVSS Rating
High (8.1)

CVE-ID
CVE-2025-3102

Patch Status
Patched

Published
Apr 9, 2025

Affected Software
OttoKit: All-in-One Automation Platform (Formerly SureTriggers)

Researcher

mikemyers

More Details >

Bulk Product Sync <= 8.6 – Unauthenticated SQL Injection

7.5

CVSS Rating
High (7.5)

CVE-ID
CVE-2025-31599

Patch Status
Unpatched

Published
Apr 8, 2025

Affected Software
Bulk Product Sync – Bulk Product Editor for WooCommerce with Google Sheets

Researcher

theviper17y

More Details >

Click & Pledge Connect Plugin <= 2.24080000-WP6.6.1 – Unauthenticated SQL Injection

7.5

CVSS Rating
High (7.5)

CVE-ID
CVE-2025-32550

Patch Status
Patched

Published
Apr 9, 2025

Affected Software
Click & Pledge Connect Plugin

Researcher

João Pedro Soares de Alcântara

More Details >

Neon Product Designer <= 2.1.1 – Unauthenticated SQL Injection

7.5

CVSS Rating
High (7.5)

CVE-ID
CVE-2025-32565

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Neon Product Designer

Researcher

LVT-tholv2k

More Details >

Print Science Designer <= 1.3.155 – Unauthenticated Arbitrary File Download

7.5

CVSS Rating
High (7.5)

CVE-ID
CVE-2025-32671

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Print Science Designer

Researcher

0xd4rk5id3

More Details >

WP Online Users Stats <= 1.0.0 – Unauthenticated SQL Injection

7.5

CVSS Rating
High (7.5)

CVE-ID
CVE-2025-32603

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
WP Online Users Stats

Researcher

Tran Nguyen Bao Khanh

More Details >

WPSmartContracts <= 2.0.10 – Unauthenticated SQL Injection

7.5

CVSS Rating
High (7.5)

CVE-ID
CVE-2025-31565

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
WPSmartContracts

Researcher

NAWardRox

More Details >

ZoomSounds – WordPress Wave Audio Player with Playlist <= 6.91 – Unauthenticated Arbitrary File Download

7.5

CVSS Rating
High (7.5)

CVE-ID
CVE-2025-3431

Patch Status
Unpatched

Published
Apr 7, 2025

Affected Software
ZoomSounds – WordPress Wave Audio Player with Playlist

Researcher

Mohammadamin Alidoost

More Details >

azurecurve Shortcodes in Comments <= 2.0.2 – Unauthenticated Arbitrary Shortcode Execution

7.3

CVSS Rating
High (7.3)

CVE-ID
CVE-2025-2809

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
azurecurve Shortcodes in Comments

Researcher

Avraham Shemesh

More Details >

ORDER POST <= 2.0.2 – Unauthenticated Arbitrary Shortcode Execution

7.3

CVSS Rating
High (7.3)

CVE-ID
CVE-2025-2805

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
ORDER POST

Researcher

Avraham Shemesh

More Details >

Canonical Attachments <= 1.7 – Unauthenticated Stored Cross-Site Scripting

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2025-32543

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Canonical Attachments

Researcher

0xd4rk5id3

More Details >

IndieBlocks <= 0.13.1 – Unauthenticated Server-Side Request Forgery

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2025-31009

Patch Status
Patched

Published
Apr 9, 2025

Affected Software
IndieBlocks

Researcher

Tran Nguyen Bao Khanh

More Details >

Insert or Embed Articulate Content into WordPress <= 4.3000000025 – Authenticated (Editor+) Arbitrary File Upload

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2025-32202

Patch Status
Unpatched

Published
Apr 8, 2025

Affected Software
Insert or Embed Articulate Content into WordPress

Researcher

Phan Trong Quan

More Details >

Linet ERP-Woocommerce Integration <= 3.5.12 – Authenticated (Admin+) Arbitrary File Read & Deletion

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2025-31411

Patch Status
Unpatched

Published
Apr 10, 2025

Affected Software
Linet ERP-Woocommerce Integration Plugin

Researcher

0xd4rk5id3

More Details >

Photography <= 7.5.2 – Unauthenticated Server-Side Request Forgery

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2025-30964

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
photography

Researcher

Rafie Muhammad

More Details >

Processing Projects <= 1.0.2 – Authenticated (Shop Manager+) Arbitrary File Upload

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2025-32206

Patch Status
Unpatched

Published
Apr 8, 2025

Affected Software
Processing Projects

Researcher

0xd4rk5id3

More Details >

SMTP for Amazon SES – YaySMTP <= 1.8 – Unauthenticated Stored Cross-Site Scripting via Email Logs

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2025-3434

Patch Status
Patched

Published
Apr 10, 2025

Affected Software
SMTP for Amazon SES – YaySMTP

Researcher

zer0gh0st

More Details >

Squeeze <= 1.6 – Authenticated (Admin+) Arbitrary File Upload

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2025-31002

Patch Status
Patched

Published
Apr 9, 2025

Affected Software
Squeeze – Image Optimization & Compression, WebP Conversion

Researcher

astra.r3verii

More Details >

Accessibility Suite by Online ADA <= 4.18 – Authenticated (Subscriber+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2025-32650

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Accessibility Suite by Ability, Inc

Researcher

Phúc ton luoi

More Details >

coreActivity: Activity Logging for WordPress <= 2.7 – Authenticated (Subscriber+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2025-3436

Patch Status
Patched

Published
Apr 7, 2025

Affected Software
coreActivity: Activity Logging for WordPress

Researcher

Yassine Neggaoui (Y45NG)

More Details >

Cost Calculator Builder <= 3.2.67 – Authenticated (Subscriber+) SQL Injection via order_ids Parameter

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2025-2128

Patch Status
Patched

Published
Apr 10, 2025

Affected Software
Cost Calculator Builder

Researcher

mikemyers

More Details >

Duplicate Title Checker <= 1.2 – Authenticated (Subscriber+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2025-32558

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Duplicate Title Checker

Researcher

João Pedro Soares de Alcântara

More Details >

Easy Post Duplicator <= 1.0.1 – Authenticated (Subscriber+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2025-32567

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Easy Post Duplicator

Researcher

thiennv

More Details >

Error Log Viewer <= 1.0.5 – Authenticated (Subscriber+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2025-32681

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Error Log Viewer By WP Guru

Researcher

Phúc ton luoi

More Details >

Review Stars Count For WooCommerce <= 2.0 – Authenticated (Subscriber+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2025-32687

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Review Stars Count For WooCommerce

Researcher

Phúc ton luoi

More Details >

Swatchly – WooCommerce Variation Swatches for Products (product attributes: Image swatch, Color swatches, Label swatches) 1.2.8 – 1.4.0 – Missing Authorization to Authenticated (Subscriber+) Limited Options Update

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2025-2719

Patch Status
Patched

Published
Apr 9, 2025

Affected Software
Swatchly – WooCommerce Variation Swatches for Products (product attributes: Image swatch, Color swatches, Label swatches)

Researcher

kr0d

More Details >

Wishlist <= 1.0.44 – Authenticated (Subscriber+) SQL Injection

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2025-32618

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Wishlist

Researcher

NAWardRox

More Details >

AAWEP Obfuscator <= 1.0 – Authenticated (Author+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-3432

Patch Status
Unpatched

Published
Apr 7, 2025

Affected Software
AAWP Obfuscator

Researcher

Pierre Rudloff

More Details >

Additional Custom Product Tabs for WooCommerce <= 1.7.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-26749

Patch Status
Patched

Published
Apr 11, 2025

Affected Software
Additional Custom Product Tabs for WooCommerce

Researcher

muhammad yudha

More Details >

Broadstreet <= 1.51.2 – Authenticated (Subscriber+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-32211

Patch Status
Unpatched

Published
Apr 7, 2025

Affected Software
Broadstreet

Researcher

Kévin Mosbahi (Mika)

More Details >

C9 Blocks <= 1.7.7 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-26951

Patch Status
Unpatched

Published
Apr 10, 2025

Affected Software
C9 Blocks

Researcher

Gab

More Details >

DSGVO Youtube <= 1.5.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-26982

Patch Status
Patched

Published
Apr 11, 2025

Affected Software
DSGVO Youtube

Researcher

zaim

More Details >

Hive Support <= 1.2.2 – Authenticated (Subscriber+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-32214

Patch Status
Unpatched

Published
Apr 8, 2025

Affected Software
Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress

Researcher

hunter85

More Details >

JetBlog <= 2.4.3 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-26744

Patch Status
Patched

Published
Apr 11, 2025

Affected Software
JetBlog for Elementor

Researcher

stealthcopter

More Details >

JetEngine <= 3.6.4.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-26870

Patch Status
Patched

Published
Apr 11, 2025

Affected Software
JetEngine

Researcher

stealthcopter

More Details >

MapSVG Lite <= 8.5.34 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-32683

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
MapSVG – Vector maps, Image maps, Google Maps

Researcher

Nguyễn Trung Kiên

More Details >

Nav Menu Manager <= 3.2.5 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-31017

Patch Status
Patched

Published
Apr 9, 2025

Affected Software
Nav Menu Manager

Researcher

muhammad yudha

More Details >

Nepali Date Converter <= 2.0.8 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-26950

Patch Status
Patched

Published
Apr 11, 2025

Affected Software
Nepali Date Converter

Researcher

muhammad yudha

More Details >

Payment Forms for Paystack <= 4.0.2 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-10894

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Payment Forms for Paystack

Researcher

Peter Thaleikis

More Details >

PowerPress Podcasting <= 11.12.5 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-32690

Patch Status
Patched

Published
Apr 9, 2025

Affected Software
PowerPress Podcasting plugin by Blubrry

Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Real Testimonials <= 3.1.6 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-22269

Patch Status
Patched

Published
Apr 11, 2025

Affected Software
Real Testimonials – Testimonial Slider, Carousel, Grid | Collect Customer Reviews and Video Testimonial with Testimonial Form | Social Proof Reviews and Review Slider

Researcher

zaim

More Details >

Royal Elementor Addons and Templates <= 1.7.1012 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-1455

Patch Status
Patched

Published
Apr 11, 2025

Affected Software
Royal Elementor Addons and Templates

Researcher

stealthcopter

More Details >

Royal Elementor Addons and Templates <= 1.7.1012 – Authenticated DOM-Based (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-1456

Patch Status
Patched

Published
Apr 11, 2025

Affected Software
Royal Elementor Addons and Templates

Researcher

Webbernaut

More Details >

RS Elements Elementor Addon <= 1.1.5 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-26745

Patch Status
Unpatched

Published
Apr 10, 2025

Affected Software
RS Elements Elementor Addon

Researcher

Gab

More Details >

Simple Spoiler <= 1.4 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-31020

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Simple Spoiler

Researcher

muhammad yudha

More Details >

SKT Blocks – Gutenberg based Page Builder <= 1.8 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-26998

Patch Status
Patched

Published
Apr 11, 2025

Affected Software
SKT Blocks – Gutenberg based Page Builder

Researcher

zaim

More Details >

SKT Blocks – Gutenberg based Page Builder <= 1.9 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-3276

Patch Status
Patched

Published
Apr 11, 2025

Affected Software
SKT Blocks – Gutenberg based Page Builder

Researcher

Peter Thaleikis

More Details >

SKT Skill Bar <= 2.3 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-26880

Patch Status
Patched

Published
Apr 11, 2025

Affected Software
SKT Skill Bar

Researcher

zaim

More Details >

SpaBiz <= 1.0.18 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-26740

Patch Status
Unpatched

Published
Apr 11, 2025

Affected Software
SpaBiz

Researcher

stealthcopter

More Details >

Uncanny Toolkit for LearnDash <= 3.7.0.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-22268

Patch Status
Patched

Published
Apr 11, 2025

Affected Software
Uncanny Toolkit for LearnDash

Researcher

zaim

More Details >

Waymark <= 1.5.2 – Authenticated (Contributor+) Server-Side Request Forgery

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-32487

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Waymark

Researcher

theviper17y

More Details >

Waymark <= 1.5.2 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-32495

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Waymark

Researcher

theviper17y

More Details >

WP Delete User Accounts <= 1.2.3 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-26906

Patch Status
Patched

Published
Apr 11, 2025

Affected Software
WP Delete User Accounts

Researcher

muhammad yudha

More Details >

WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts <= 2.6.22 – Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Upload

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-3100

Patch Status
Patched

Published
Apr 8, 2025

Affected Software
WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts

Researcher

siavashvafshar

More Details >

WP Project Manager <= 2.6.22 – Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-2541

Patch Status
Patched

Published
Apr 10, 2025

Affected Software
WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts

Researcher

Avraham Shemesh

More Details >

Z Companion <= 1.1.1 – Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2025-2575

Patch Status
Patched

Published
Apr 10, 2025

Affected Software
Z Companion

Researcher

Avraham Shemesh

More Details >

5sterrenspecialist <= 1.3 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32114

Patch Status
Unpatched

Published
Apr 7, 2025

Affected Software
5sterrenspecialist

Researcher

Le Ngoc Anh

More Details >

ABA PayWay Payment Gateway for WooCommerce <= 2.1.4 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32586

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
ABA PayWay Payment Gateway for WooCommerce

Researcher

João Pedro Soares de Alcântara

More Details >

Activity Reactions For Buddypress <= 1.0.22 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-31006

Patch Status
Unpatched

Published
Apr 10, 2025

Affected Software
Activity Reactions For Buddypress

Researcher

Dimas Maulana

More Details >

Advance WP Query Search Filter <= 1.0.10 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-26743

Patch Status
Unpatched

Published
Apr 11, 2025

Affected Software
Advance WP Query Search Filter

Researcher

Dimas Maulana

More Details >

Advanced Advertising System <= 1.3.1 – Open Redirect

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-3433

Patch Status
Unpatched

Published
Apr 7, 2025

Affected Software
Advanced Advertising System

Researcher

Gabriele Zuddas

More Details >

Advanced Custom Fields: Link Picker Field <= 1.2.8 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-26746

Patch Status
Unpatched

Published
Apr 11, 2025

Affected Software
Advanced Custom Fields: Link Picker Field

Researcher

Dimas Maulana

More Details >

Advanced Tag Lists <= 1.2 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32476

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Advanced Tag Lists

Researcher

johska

More Details >

AF Tell a Friend <= 1.4 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-31404

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
AF Tell a Friend

Researcher

johska

More Details >

Affiliate Links Lite <= 3.1.0 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32639

Patch Status
Unpatched

Published
Apr 10, 2025

Affected Software
Affiliate Links: WordPress Plugin for Link Cloaking and Link Management

Researcher

Dimas Maulana

More Details >

ALD Login Page <= 1.1 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32518

Patch Status
Patched

Published
Apr 9, 2025

Affected Software
ALD Login Page

Researcher

SOPROBRO

More Details >

Arconix FAQ <= 1.9.5 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32531

Patch Status
Unpatched

Published
Apr 10, 2025

Affected Software
Arconix FAQ

Researcher

0xd4rk5id3

More Details >

AT Internet SmartTag <= 0.2 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32506

Patch Status
Unpatched

Published
Apr 10, 2025

Affected Software
AT Internet SmartTag

Researcher

Kévin Mosbahi (Mika)

More Details >

Automatic Ban IP <= 1.0.7 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32632

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Automatic Ban IP

Researcher

João Pedro Soares de Alcântara

More Details >

AWSA Shipping <= 1.3.0 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32604

Patch Status
Unpatched

Published
Apr 10, 2025

Affected Software
AWSA Shipping – Advanced Shipping for Woocommerce and Dokan

Researcher

0xd4rk5id3

More Details >

Cart66 Cloud <= 2.3.7 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32653

Patch Status
Unpatched

Published
Apr 10, 2025

Affected Software
Cart66 Cloud :: WordPress Ecommerce The Easy Way

Researcher

0xd4rk5id3

More Details >

CG Scroll To Top <= 3.5 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-31399

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
CG Scroll To Top

Researcher

johska

More Details >

ChillPay WooCommerce <= 2.5.3 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32570

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
ChillPay WooCommerce

Researcher

0xd4rk5id3

More Details >

Clinked Client Portal <= 1.10 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32615

Patch Status
Unpatched

Published
Apr 10, 2025

Affected Software
Clinked Client Portal

Researcher

0xd4rk5id3

More Details >

Codescar Radio Widget <= 0.4.2 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32500

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Codescar Radio Widget

Researcher

SOPROBRO

More Details >

Coming Soon Countdown <= 2.2 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32578

Patch Status
Unpatched

Published
Apr 10, 2025

Affected Software
Coming Soon Countdown

Researcher

Abdi Pranata

More Details >

Comment Validation Reloaded <= 0.5 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-31026

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Comment Validation Reloaded

Researcher

johska

More Details >

Connector to CiviCRM with CiviMcRestFace <= 1.0.9 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32551

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Connector to CiviCRM with CiviMcRestFace

Researcher

João Pedro Soares de Alcântara

More Details >

Cool Flipbox – Shortcode & Gutenberg Block <= 1.8.3 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32521

Patch Status
Unpatched

Published
Apr 10, 2025

Affected Software
Cool Flipbox – Shortcode & Gutenberg Block

Researcher

João Pedro Soares de Alcântara

More Details >

Credova_Financial <= 2.4.8 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32588

Patch Status
Unpatched

Published
Apr 10, 2025

Affected Software
Credova Financial

Researcher

0xd4rk5id3

More Details >

Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32584

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Chat2

Researcher

Dhabaleshwar Das

More Details >

Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32482

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Custom Smilies

Researcher

johska

More Details >

Crowdfunding for WooCommerce <= 3.1.12 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32628

Patch Status
Patched

Published
Apr 10, 2025

Affected Software
Crowdfunding for WooCommerce

Researcher

João Pedro Soares de Alcântara

More Details >

Custom Posts Order <= 4.4 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32645

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Custom Posts Order

Researcher

0xd4rk5id3

More Details >

Czater.pl – live chat i telefon <= 1.0.5 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32624

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Czater.pl – live chat i telefon

Researcher

Abdi Pranata

More Details >

DeBounce Email Validator <= 5.7.1 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32580

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
DeBounce Email Validator

Researcher

Abdi Pranata

More Details >

Deliver via Shipos for WooCommerce <= 2.1.7 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32533

Patch Status
Patched

Published
Apr 10, 2025

Affected Software
Deliver via Shipos for WooCommerce

Researcher

João Pedro Soares de Alcântara

More Details >

DN Shipping by Weight for WooCommerce <= 1.2 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32535

Patch Status
Patched

Published
Apr 10, 2025

Affected Software
Shipping by Weight for WooCommerce

Researcher

Le Ngoc Anh

More Details >

Doppler Forms <= 2.4.5 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32667

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Doppler Forms

Researcher

Skalucy

More Details >

Easy Custom CSS <= 1.0 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-31395

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Easy custom css by webriti

Researcher

johska

More Details >

Easy Post Duplicator <= 1.0.1 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32538

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Easy Post Duplicator

Researcher

Le Ngoc Anh

More Details >

ePaper Lister for Yumpu <= 1.4.0 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32502

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
ePaper Lister for Yumpu

Researcher

SOPROBRO

More Details >

Epeken All Kurir <= 1.4.6.2 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32673

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Epeken All Kurir Plugin for Woocommerce Full Version

Researcher

Nguyen Xuan Chien

More Details >

Everest Forms <= 3.1.1 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-3421

Patch Status
Patched

Published
Apr 10, 2025

Affected Software
Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress

Researcher

mikemyers

More Details >

FireDrum Email Marketing <= 1.64 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-31018

Patch Status
Unpatched

Published
Apr 10, 2025

Affected Software
FireDrum Email Marketing

Researcher

johska

More Details >

Flags Widget <= 1.0.7 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32479

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Flags Widget

Researcher

johska

More Details >

Foliopress WYSIWYG <= 2.6.18 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32610

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Foliopress WYSIWYG

Researcher

Abdi Pranata

More Details >

FraudLabs Pro for WooCommerce <= 2.22.7 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32659

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
FraudLabs Pro for WooCommerce

Researcher

Skalucy

More Details >

FrescoChat Live Chat <= 3.2.6 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-31383

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
FrescoChat Live Chat

Researcher

johska

More Details >

FS Poster <= 6.5.8 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-30962

Patch Status
Unpatched

Published
Apr 10, 2025

Affected Software
FS Poster – WordPress Social media Auto Poster & Scheduler [Facebook, Instagram, Twitter, Pinterest]

Researcher

Rafie Muhammad

More Details >

GB Gallery Slideshow <= 1.3 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32649

Patch Status
Unpatched

Published
Apr 10, 2025

Affected Software
GB Gallery Slideshow

Researcher

0xd4rk5id3

More Details >

Global Gallery <= 8.8.0 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-22263

Patch Status
Unpatched

Published
Apr 7, 2025

Affected Software
Global Gallery – WordPress Responsive Gallery

Researcher

Bonds

More Details >

Hamburger Icon Menu Lite <= 1.0 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32548

Patch Status
Unpatched

Published
Apr 10, 2025

Affected Software
Hamburger Icon Menu Lite

Researcher

Le Ngoc Anh

More Details >

HTML5 Video Player with Playlist <= 2.50 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32536

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
HTML5 Video Player with Playlist

Researcher

João Pedro Soares de Alcântara

More Details >

iCal Feeds <= 1.5.3 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32528

Patch Status
Unpatched

Published
Apr 10, 2025

Affected Software
iCal Feeds

Researcher

João Pedro Soares de Alcântara

More Details >

Insert HTML Here <= 1.0 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-31379

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Insert HTML Here

Researcher

johska

More Details >

Interactive Geo Maps <= 1.6.24 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32525

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
MapGeo – Interactive Geo Maps

Researcher

Le Ngoc Anh

More Details >

Interactive US Map <= 2.7 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32661

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Interactive US Map

Researcher

Nguyen Xuan Chien

More Details >

iONE360 configurator <= 2.0.56 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32529

Patch Status
Unpatched

Published
Apr 10, 2025

Affected Software
iONE360 configurator

Researcher(s): Unknown

More Details >

IP2Location World Clock <= 1.1.9 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32644

Patch Status
Patched

Published
Apr 9, 2025

Affected Software
IP2Location World Clock

Researcher

0xd4rk5id3

More Details >

KeyCAPTCHA <= 2.5.1 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32619

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
KeyCAPTCHA – Social WordPress CAPTCHA

Researcher

Abdi Pranata

More Details >

Language Field <= 0.9 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-31382

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Language Field

Researcher

johska

More Details >

License For Envato <= 1.0.0 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32566

Patch Status
Unpatched

Published
Apr 10, 2025

Affected Software
License For Envato

Researcher

0xd4rk5id3

More Details >

License Manager for WooCommerce <= 3.0.9 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32522

Patch Status
Patched

Published
Apr 10, 2025

Affected Software
License Manager for WooCommerce

Researcher

Peter Thaleikis

More Details >

Link Shield <= 0.5.4 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32503

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Link Shield

Researcher

SOPROBRO

More Details >

Listings for Buildium <= 0.1.4 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32606

Patch Status
Unpatched

Published
Apr 11, 2025

Affected Software
Listings for Buildium

Researcher

Abdi Pranata

More Details >

Lock Your Updates <= 1.1 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32537

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Lock Your Updates Plugins/Themes Manager

Researcher

João Pedro Soares de Alcântara

More Details >

Make Email Customizer for WooCommerce <= 1.0.5 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32511

Patch Status
Unpatched

Published
Apr 10, 2025

Affected Software
Make Email Customizer for WooCommerce

Researcher

thiennv

More Details >

Mergado Pack <= 4.1.1 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32669

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Mergado Pack

Researcher

Nguyen Xuan Chien

More Details >

MMX – Make Me Christmas <= 1.0.0 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-31401

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
MMX – Make Me Christmas

Researcher

johska

More Details >

Mobile Pages <= 1.0.2 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32625

Patch Status
Unpatched

Published
Apr 11, 2025

Affected Software
Mobile Blocks

Researcher

João Pedro Soares de Alcântara

More Details >

Mobile Smart <= v1.3.16 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-31021

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Mobile Smart

Researcher

Skalucy

More Details >

More Mime Type Filters <= 0.3 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-31394

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
More Mime Type Filters

Researcher

johska

More Details >

MSRP (RRP) Pricing for WooCommerce <= 1.8.1 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32552

Patch Status
Patched

Published
Apr 10, 2025

Affected Software
MSRP (RRP) Pricing for WooCommerce

Researcher

0xd4rk5id3

More Details >

MultiMailer <= 1.0.3 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32505

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
MultiMailer

Researcher

SOPROBRO

More Details >

MultiMailer <= 1.0.3 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32517

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
MultiMailer

Researcher

thiennv

More Details >

Multiple Location Google Map <= 1.1 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32617

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Multiple Location Google Map

Researcher

Abdi Pranata

More Details >

MyWorks WooCommerce Sync for QuickBooks Online <= 2.9.1 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32524

Patch Status
Patched

Published
Apr 9, 2025

Affected Software
WooCommerce Sync for QuickBooks Online – by MyWorks

Researcher

João Pedro Soares de Alcântara

More Details >

Nepali Date Utilities <= 1.0.13 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32664

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Nepali Date Utilities

Researcher

Skalucy

More Details >

NewsBoard Post and RSS Scroller <= 1.2.12 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-31402

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
NewsBoard Post and RSS Scroller

Researcher

johska

More Details >

Nimbata Call Tracking <= 1.7.2 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32616

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Nimbata Call Tracking

Researcher

Abdi Pranata

More Details >

Nino Social Connect <= 2.0 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32481

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Nino Social Connect

Researcher

johska

More Details >

Oppso Unit Converter <= 1.1.1 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-31378

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Oppso Unit Converter

Researcher

johska

More Details >

Pagopar – WooCommerce Gateway <= 2.7.1 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-31032

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Pagopar – WooCommerce Gateway

Researcher

Nguyen Xuan Chien

More Details >

Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.34 Reflected Cross-Site Scripting via ‘image_id’ Parameter

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-2269

Patch Status
Patched

Published
Apr 11, 2025

Affected Software
Photo Gallery by 10Web – Mobile-Friendly Image Gallery

Researcher

Ivan Kuzymchak

More Details >

PlainInventory <= 3.1.9 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32623

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
PlainInventory – Inventory Management Plugin

Researcher

Abdi Pranata

More Details >

Popping Content Light <= 2.4 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32115

Patch Status
Unpatched

Published
Apr 7, 2025

Affected Software
Popping Content Light

Researcher

SOPROBRO

More Details >

Product Excel Import Export & Bulk Edit for WooCommerce <= 4.7 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32674

Patch Status
Unpatched

Published
Apr 10, 2025

Affected Software
Product Excel Import Export & Bulk Edit for WooCommerce

Researcher

0xd4rk5id3

More Details >

QR Master <= 1.0.5 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32116

Patch Status
Unpatched

Published
Apr 7, 2025

Affected Software
QR Master

Researcher

SOPROBRO

More Details >

Question Answer <= 1.2.70 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32646

Patch Status
Unpatched

Published
Apr 10, 2025

Affected Software
Question Answer

Researcher

LVT-tholv2k

More Details >

Raptive Ads <= 3.7.3 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32554

Patch Status
Unpatched

Published
Apr 10, 2025

Affected Software
Raptive Ads

Researcher

Parasimpaticki

More Details >

Related Videos for JW Player <= 1.2.0 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32516

Patch Status
Unpatched

Published
Apr 10, 2025

Affected Software
Related Videos for JW Player

Researcher

SOPROBRO

More Details >

RentSyst <= 2.0.72 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32501

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
RentSyst – CRM solution for fleet management

Researcher

SOPROBRO

More Details >

Restrict User Registration <= 1.0.1 Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32655

Patch Status
Unpatched

Published
Apr 10, 2025

Affected Software
Restrict User Registration

Researcher

Abdi Pranata

More Details >

RestroPress <= 3.1.8.4 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32553

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
RestroPress – Online Food Ordering System

Researcher

0xd4rk5id3

More Details >

Revamp CRM for WooCommerce <= 1.1.2 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32512

Patch Status
Unpatched

Published
Apr 10, 2025

Affected Software
Revamp CRM for WooCommerce

Researcher

thiennv

More Details >

REVE Chat <= 6.2.2 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32559

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
REVE Chat – AI-powered Chatbot & Live Chat Plugin for WordPress

Researcher

Dhabaleshwar Das

More Details >

Scheduled <= 1.0 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-31375

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Scheduled

Researcher

Skalucy

More Details >

Script Compressor <= 1.7.1 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-31391

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Script Compressor

Researcher

johska

More Details >

SEO, Nutrition and Print for Recipes by Edamam <= 3.3 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32555

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
SEO, Nutrition and Print for Recipes by Edamam

Researcher

SOPROBRO

More Details >

SERPed.net <= 4.6 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32651

Patch Status
Unpatched

Published
Apr 10, 2025

Affected Software
SERPed.net

Researcher

0xd4rk5id3

More Details >

Silvasoft boekhouden <= 3.0.5 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32504

Patch Status
Unpatched

Published
Apr 10, 2025

Affected Software
Silvasoft boekhouden

Researcher

João Pedro Soares de Alcântara

More Details >

Simple Post Meta Manager <= 1.0.9 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32556

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Simple Post Meta Manager

Researcher

thiennv

More Details >

Site Table of Contents <= 0.3 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-31385

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Site Table of Contents

Researcher

johska

More Details >

Smart Product Gallery Slider <= 1.0.4 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-31392

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Smart Product Gallery Slider

Researcher

Nguyen Xuan Chien

More Details >

Social Bookmarking RELOADED <= 3.18 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-31393

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Social Bookmarking RELOADED

Researcher

Nguyen Xuan Chien

More Details >

Social Crowd <= 0.9.6.1 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-31390

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Social Crowd

Researcher

johska

More Details >

Spark GF Failed Submissions <= 1.3.5 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32670

Patch Status
Unpatched

Published
Apr 10, 2025

Affected Software
Spark GF Failed Submissions

Researcher

0xd4rk5id3

More Details >

Spoiler Block <= 1.7 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32497

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Spoiler Block

Researcher

johska

More Details >

Stop Registration Spam <= 1.24 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32564

Patch Status
Unpatched

Published
Apr 10, 2025

Affected Software
Stop Registration Spam

Researcher

LVT-tholv2k

More Details >

Task Scheduler <= 1.6.3 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32599

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Task Scheduler

Researcher

0xd4rk5id3

More Details >

Terminal Africa <= 1.13.17 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32515

Patch Status
Unpatched

Published
Apr 10, 2025

Affected Software
Terminal Africa

Researcher

thiennv

More Details >

The World <= 0.4 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-31388

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
The World

Researcher

johska

More Details >

Tournamatch <= 4.6.1 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32600

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Tournamatch

Researcher

0xd4rk5id3

More Details >

Twispay Credit Card Payments <= 2.1.2 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32601

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Twispay Credit Card Payments

Researcher

0xd4rk5id3

More Details >

Ultimate WP Mail <= 1.3.3 – Open Redirect

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32694

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Ultimate WP Mail

Researcher

Le Ngoc Anh

More Details >

User Session Synchronizer <= 1.4.0 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32612

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
User Session Synchronizer

Researcher

Abdi Pranata

More Details >

UXsniff <= 1.2.4 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32532

Patch Status
Unpatched

Published
Apr 10, 2025

Affected Software
UXsniff AI-powered Heatmaps and Session Recordings

Researcher

João Pedro Soares de Alcântara

More Details >

Vice Versa <= 2.2.3 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-27350

Patch Status
Unpatched

Published
Apr 10, 2025

Affected Software
Vice Versa

Researcher

Nguyen Xuan Chien

More Details >

VKontakte Cross-Post <= 0.3.2 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32498

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
VKontakte Cross-Post

Researcher

johska

More Details >

Wallet System for WooCommerce <= 2.6.5 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32530

Patch Status
Unpatched

Published
Apr 10, 2025

Affected Software
Wallet System for WooCommerce

Researcher

0xd4rk5id3

More Details >

Web2application <= 5.6 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32590

Patch Status
Unpatched

Published
Apr 10, 2025

Affected Software
Web2application Convert your website to android and IOS apps with push notifications , web push , free ajax products search for woocommerce and many more advanced features

Researcher

João Pedro Soares de Alcântara

More Details >

WebinarPress <= 1.33.27 – Open Redirect

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32693

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
WordPress Webinar Plugin – WebinarPress

Researcher

Le Ngoc Anh

More Details >

Widgetize Pages Light <= 3.0 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32117

Patch Status
Unpatched

Published
Apr 7, 2025

Affected Software
Widgetize Pages Light

Researcher

SOPROBRO

More Details >

Windows Live Writer <= 0.1 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32480

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Windows Live Writer

Researcher

johska

More Details >

Wireless Butler <= 1.0.11 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-26997

Patch Status
Unpatched

Published
Apr 11, 2025

Affected Software
wireless-butler

Researcher

0xd4rk5id3

More Details >

WooCommerce – Payphone Gateway <= 3.2.0 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32523

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
WooCommerce – Payphone Gateway

Researcher

João Pedro Soares de Alcântara

More Details >

WooCommerce – Store Exporter <= 2.7.4 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32539

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Store Exporter – Export WooCommerce Products, Orders, Subscriptions, Customers

Researcher

0xd4rk5id3

More Details >

WooCommerce Estimate and Quote <= 1.0.2.5 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32514

Patch Status
Unpatched

Published
Apr 10, 2025

Affected Software
WooCommerce Estimate and Quote – Live Product Cost Estimation and Quotation system for WordPress

Researcher

João Pedro Soares de Alcântara

More Details >

WooCommerce Sales MIS Report <= 4.0.3 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32541

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
WooCommerce Sales MIS Report

Researcher

João Pedro Soares de Alcântara

More Details >

WooCommerce TBC Credit Card Payment Gateway (Free) <= 2.0.0 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32611

Patch Status
Unpatched

Published
Apr 10, 2025

Affected Software
WooCommerce TBC Credit Card Payment Gateway (Free)

Researcher

João Pedro Soares de Alcântara

More Details >

WordPress Events Calendar Plugin – connectDaily <= 1.4.8 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32597

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
WordPress Events Calendar Plugin – connectDaily

Researcher

Dhabaleshwar Das

More Details >

WordPress Health and Server Condition – Integrated with Google Page Speed <= 4.1.1 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32520

Patch Status
Unpatched

Published
Apr 10, 2025

Affected Software
WordPress Health and Server Condition – Integrated with Google Page Speed

Researcher

Kévin Mosbahi (Mika)

More Details >

WordPress Spam Blocker <= 2.0.4 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32581

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
WordPress Spam Blocker | Stop Spam for Contact Form 7, WP Forms and Formidable Forms

Researcher

Abdi Pranata

More Details >

Workbox Video from Vimeo & Youtube <= 3.2.2 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32534

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Workbox Video from Vimeo & Youtube Plugin

Researcher

João Pedro Soares de Alcântara

More Details >

WP Abstracts <= 2.7.4 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32591

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
WP Abstracts

Researcher

Abdi Pranata

More Details >

WP AutoKeyword <= 1.0 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32582

Patch Status
Unpatched

Published
Apr 10, 2025

Affected Software
WP AutoKeyword

Researcher

Abdi Pranata

More Details >

WP Calais Auto Tagger <= 2.0 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32563

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
WP Calais Auto Tagger

Researcher

SOPROBRO

More Details >

WP Easy Poll <= 2.2.9 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32562

Patch Status
Unpatched

Published
Apr 11, 2025

Affected Software
WP Easy Poll

Researcher

Le Ngoc Anh

More Details >

WP Featured Screenshot <= 1.3 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32557

Patch Status
Unpatched

Published
Apr 11, 2025

Affected Software
WP Featured Screenshot

Researcher

Le Ngoc Anh

More Details >

WP Hide Categories <= 1.0 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-31028

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
WP Hide Categories

Researcher

Nguyen Xuan Chien

More Details >

WP Map Route Planner <= 1.0.0 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32621

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
WP Map Route Planner

Researcher

Abdi Pranata

More Details >

wp secure <= 1.2 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32490

Patch Status
Unpatched

Published
Apr 10, 2025

Affected Software
wp secure

Researcher

johska

More Details >

WP SexyLightBox <= 0.5.3 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32478

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
WP SexyLightBox

Researcher

johska

More Details >

WP Table Builder <= 2.0.4 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32598

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
WP Table Builder – WordPress Table Plugin

Researcher

Peter Thaleikis

More Details >

WP w3all phpBB <= 2.9.2 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32575

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
WP w3all phpBB

Researcher

Abdi Pranata

More Details >

WP-BusinessDirectory <= 3.1.2 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32630

Patch Status
Unpatched

Published
Apr 10, 2025

Affected Software
WP-BusinessDirectory – Business directory plugin for WordPress

Researcher

LVT-tholv2k

More Details >

WP-Easy Menu <= 0.41 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32477

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
WP-Easy Menu

Researcher

johska

More Details >

WP-Hijri <= 1.5.3 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32560

Patch Status
Unpatched

Published
Apr 10, 2025

Affected Software
WP-Hijri

Researcher

Le Ngoc Anh

More Details >

WP-Planification <= 2.3.1 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32484

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
WP-Planification – WP-Planning

Researcher

johska

More Details >

WS Audio Player <= 1.1.8 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-31400

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
WS Audio Player

Researcher

johska

More Details >

Zephyr Project Manager <= 3.3.101 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2025-32526

Patch Status
Patched

Published
Apr 10, 2025

Affected Software
Zephyr Project Manager

Researcher

Dimas Maulana

More Details >

Royal Elementor Addons <= 1.7.1006 – Authenticated (Admin+) Server Side Request Forgery

5.5

CVSS Rating
Medium (5.5)

CVE-ID
CVE-2025-26990

Patch Status
Patched

Published
Apr 11, 2025

Affected Software
Royal Elementor Addons and Templates

Researcher

Marek Mikita

More Details >

SEO Help <= 6.6.1 – Authenticated (Admin+) Server-Side Request Forgery

5.5

CVSS Rating
Medium (5.5)

CVE-ID
CVE-2025-32675

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
AI Content Writer, Autoblogging, Youtube Subtitle to Article – SEO Help

Researcher

Phan Trong Quan

More Details >

Everest Forms <= 3.1.1 – Authenticated (Subscriber+) Arbitrary Shortcode Execution

5.4

CVSS Rating
Medium (5.4)

CVE-ID
CVE-2025-3422

Patch Status
Patched

Published
Apr 10, 2025

Affected Software
Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress

Researcher

mikemyers

More Details >

Motors – Car Dealership & Classified Listings Plugin <= 1.4.63 – Authenticated (Subscriber+) Stored Cross-Site Scripting

5.4

CVSS Rating
Medium (5.4)

CVE-ID
CVE-2025-2808

Patch Status
Unpatched

Published
Apr 7, 2025

Affected Software
Motors – Car Dealership & Classified Listings Plugin

Researcher

siavashvafshar

More Details >

PowerPress Podcasting <= 11.12.6 – Authenticated (Contributor+) Server-Side Request Forgery

5.4

CVSS Rating
Medium (5.4)

CVE-ID
CVE-2025-32691

Patch Status
Patched

Published
Apr 9, 2025

Affected Software
PowerPress Podcasting plugin by Blubrry

Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Accept SagePay Payments Using Contact Form 7 <= 2.0 – Unauthenticated Information Exposure

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-2883

Patch Status
Patched

Published
Apr 7, 2025

Affected Software
Accept SagePay Payments Using Contact Form 7

Researcher

Avraham Shemesh

More Details >

Add Product Frontend for WooCommerce <= 1.0.6 – Missing Authorization to Unauthenticated Arbitrary Content Deletion

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-32593

Patch Status
Unpatched

Published
Apr 11, 2025

Affected Software
Add Product Frontend for WooCommerce

Researcher

Kévin Mosbahi (Mika)

More Details >

Age Gate <= 3.5.4 – Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-31012

Patch Status
Patched

Published
Apr 9, 2025

Affected Software
Age Gate

Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

AnyTrack Affiliate Link Manager <= 1.0.4 – Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-31041

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
AnyTrack Affiliate Link Manager

Researcher

timomangcut

More Details >

Bulk <= 1.0.11 – Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-26867

Patch Status
Unpatched

Published
Apr 11, 2025

Affected Software
Bulk

Researcher

Fariq Fadillah Gusti Insani (fariqfgi)

More Details >

Cart66 Cloud <= 2.3.7 – Unauthenticated Information Exposure

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-2841

Patch Status
Unpatched

Published
Apr 11, 2025

Affected Software
Cart66 Cloud :: WordPress Ecommerce The Easy Way

Researcher

Avraham Shemesh

More Details >

Developer Toolbar <= 1.0.3 – Unauthenticated Information Exposure

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-2881

Patch Status
Unpatched

Published
Apr 11, 2025

Affected Software
Developer Toolbar

Researcher

Avraham Shemesh

More Details >

GreenPay(tm) by Green.Money 3.0.0 – 3.0.9 – Unauthenticated Information Exposure

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-2882

Patch Status
Patched

Published
Apr 7, 2025

Affected Software
GreenPay(tm) by Green.Money

Researcher

Avraham Shemesh

More Details >

Hive Support <= 1.2.2 – Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-32242

Patch Status
Unpatched

Published
Apr 7, 2025

Affected Software
Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress

Researcher

stealthcopter

More Details >

Internal Link Optimiser <= 5.1.2 – Missing Authorization to Unauthenticated Settings Update

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-32243

Patch Status
Patched

Published
Apr 7, 2025

Affected Software
WordPress Internal Link Optimiser

Researcher

Kévin Mosbahi (Mika)

More Details >

MelaPress Login Security and MelaPress Login Security Premium 2.1.0 – Missing Authorization to Unauthenticated Arbitrary User Deletion

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-2876

Patch Status
Patched

Published
Apr 7, 2025

Affected Software
MelaPress Login Security Premium
MelaPress Login Security

Researcher

Michelle Porter

More Details >

Melhor Envio <= 2.15.11 – Unauthenticated Sensitive Information Exposure via Hardcoded Hash

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-13820

Patch Status
Patched

Published
Apr 7, 2025

Affected Software
Melhor Envio

Researcher

Luciano Hanna

More Details >

Sandwich Adsense <= 4.0.2 – Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-31042

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Sandwich Adsense

Researcher

timomangcut

More Details >

SEO Help <= 6.6.1 – Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-32244

Patch Status
Unpatched

Published
Apr 7, 2025

Affected Software
AI Content Writer, Autoblogging, Youtube Subtitle to Article – SEO Help

Researcher

Kévin Mosbahi (Mika)

More Details >

Simple WP Events <= 1.8.17 – Unauthenticated Sensitive Information Exposure

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-32594

Patch Status
Unpatched

Published
Apr 10, 2025

Affected Software
Simple WP Events

Researcher

Kévin Mosbahi (Mika)

More Details >

Site Notify <= 1.0 – Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-32240

Patch Status
Unpatched

Published
Apr 8, 2025

Affected Software
Site Notify

Researcher

Vo Thi Ngoc Nhi

More Details >

Survey Maker <= 5.1.5.5 – Unauthenticated Authorization Bypass

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-32275

Patch Status
Unpatched

Published
Apr 7, 2025

Affected Software
Survey Maker

Researcher

astra.r3verii

More Details >

User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.1.3 – Insecure Direct Object Reference to Unauthenticated Membership Modification

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-3282

Patch Status
Patched

Published
Apr 11, 2025

Affected Software
User Registration & Membership – Custom Registration Form, Login Form, and User Profile

Researcher

wesley (wcraft)

More Details >

Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce 1.0.4 – 1.2.1 – Missing Authorization to Unauthenticated Limited Arbitrary Options Update

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-2568

Patch Status
Patched

Published
Apr 7, 2025

Affected Software
Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce

Researcher

kr0d

More Details >

Webcraftic Clearfy – WordPress optimization plugin <= 2.3.1 – Cross-Site Request Forgery to Clear Cache

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-13338

Patch Status
Patched

Published
Apr 11, 2025

Affected Software
Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer

Researcher

Whit Taylor

More Details >

WooCommerce Loyal Customers <= 2.6 – Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-32544

Patch Status
Unpatched

Published
Apr 11, 2025

Affected Software
WooCommerce Loyal Customers

Researcher

Kévin Mosbahi (Mika)

More Details >

WooCommerce Multilingual & Multicurrency <= 5.3.8 – Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2025-26888

Patch Status
Patched

Published
Apr 9, 2025

Affected Software
WooCommerce Multilingual & Multicurrency with WPML

Researcher

Rafie Muhammad

More Details >

3DPrint Lite <=2.1.3.6 – Authenticated (Admin+) SQL Injection via ‘coating_text’

4.9

CVSS Rating
Medium (4.9)

CVE-ID
CVE-2025-3428

Patch Status
Patched

Published
Apr 7, 2025

Affected Software
3DPrint Lite

Researchers

Jon Cagan

VigilAInce Seeker

More Details >

3DPrint Lite <=2.1.3.6 – Authenticated (Admin+) SQL Injection via ‘infill_text’

4.9

CVSS Rating
Medium (4.9)

CVE-ID
CVE-2025-3427

Patch Status
Patched

Published
Apr 7, 2025

Affected Software
3DPrint Lite

Researchers

Jon Cagan

VigilAInce Seeker

More Details >

3DPrint Lite <=2.1.3.6 – Authenticated (Admin+) SQL Injection via ‘material_text’

4.9

CVSS Rating
Medium (4.9)

CVE-ID
CVE-2025-3429

Patch Status
Patched

Published
Apr 7, 2025

Affected Software
3DPrint Lite

Researchers

Jon Cagan

VigilAInce Seeker

More Details >

3DPrint Lite <=2.1.3.6 – Authenticated (Admin+) SQL Injection via ‘printer_text’

4.9

CVSS Rating
Medium (4.9)

CVE-ID
CVE-2025-3430

Patch Status
Patched

Published
Apr 7, 2025

Affected Software
3DPrint Lite

Researchers

Jon Cagan

VigilAInce Seeker

More Details >

Accredible Certificates & Open Badges <= 1.4.9 – Authenticated (Administrator+) SQL Injection via orderby Parameter

4.9

CVSS Rating
Medium (4.9)

CVE-ID
CVE-2024-13909

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Accredible Certificates & Open Badges

Researcher

oncybersec

More Details >

CardGate Payments for WooCommerce <= 3.2.1 – Authenticated (Administrator+) SQL Injection

4.9

CVSS Rating
Medium (4.9)

CVE-ID
CVE-2025-32119

Patch Status
Patched

Published
Apr 7, 2025

Affected Software
CardGate Payments for WooCommerce

Researcher

João Pedro Soares de Alcântara

More Details >

Kargo Entegratör <= 1.1.14 – Authenticated (Shop Manager+) SQL Injection

4.9

CVSS Rating
Medium (4.9)

CVE-ID
CVE-2025-26908

Patch Status
Patched

Published
Apr 11, 2025

Affected Software
Kargo Entegratör – WooCommerce Kargo Entegrasyon Eklentisi

Researcher

Le Ngoc Anh

More Details >

Nearby Locations <= 1.1.1 – Authenticated (Administrator+) SQL Injection

4.9

CVSS Rating
Medium (4.9)

CVE-ID
CVE-2025-32128

Patch Status
Unpatched

Published
Apr 7, 2025

Affected Software
Nearby Locations

Researcher

João Pedro Soares de Alcântara

More Details >

Team Circle Image Slider With Lightbox <= 1.0.4 – Authenticated (Admin+) SQL Injection

4.9

CVSS Rating
Medium (4.9)

CVE-ID
CVE-2019-25223

Patch Status
Patched

Published
Apr 7, 2025

Affected Software
Team Circle Image Slider With Lightbox

Researcher

Ala Arfaoui

More Details >

Verowa Connect <= 3.0.5 – Authenticated (Administrator+) SQL Injection

4.9

CVSS Rating
Medium (4.9)

CVE-ID
CVE-2025-32676

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Verowa Connect

Researcher

Phan Trong Quan

More Details >

WP Inquiries <= 0.2.1 – Authenticated (Administrator+) SQL Injection

4.9

CVSS Rating
Medium (4.9)

CVE-ID
CVE-2025-32685

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
WP Inquiries

Researcher

Phan Trong Quan

More Details >

WP Social Stream Designer <= 1.3 – Authenticated (Administrator+) SQL Injection

4.9

CVSS Rating
Medium (4.9)

CVE-ID
CVE-2025-32677

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
WP Social Stream Designer

Researcher

Phan Trong Quan

More Details >

Admin Menu Post List <= 2.0.7 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2025-32492

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Admin Menu Post List

Researcher

Nabil Irawan

More Details >

Aria Font <= 1.4 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2025-32488

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Aria Font

Researcher

Nabil Irawan

More Details >

BP Social Connect <= 1.6.2 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2025-32493

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
BP Social Connect

Researcher

Nabil Irawan

More Details >

One Click Accessibility <= 3.1.0 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2025-32640

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Ally – Web Accessibility & Usability

Researcher

ayato

More Details >

Request Call Back <= 1.4.1 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2025-32483

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Request Call Back

Researcher

Nabil Irawan

More Details >

Review Stream <= 1.6.7 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2025-32680

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Review Stream

Researcher

Nabil Irawan

More Details >

Wetterwarner <= 2.7.2 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2025-32489

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Wetterwarner

Researcher

Nabil Irawan

More Details >

WP Editor.md – The Perfect WordPress Markdown Editor <= 10.2.1 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2025-31035

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
WP Editor.md – The Perfect WordPress Markdown Editor

Researcher(s): Unknown

More Details >

YouTube Embed <= 5.3.1 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2025-31008

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
YouTube Embed

Researcher

Abhinav Porwal

More Details >

All push notification for WP <= 1.5.3 – Cross-Site Request Forgery to SQL Injection

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-32547

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
All push notification for WP

Researcher

João Pedro Soares de Alcântara

More Details >

Anant Addons for Elementor <= 1.1.5 – Cross-Site Request Forgery to Arbitrary Plugin Installation

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-32641

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Anant Addons for Elementor

Researcher

stealthcopter

More Details >

Asgaros Forum <= 3.0.0 – Authenticated (Subscriber+) Authorization Bypass

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-32227

Patch Status
Unpatched

Published
Apr 7, 2025

Affected Software
Asgaros Forum

Researcher

20kilograma

More Details >

Brizy Pro <= 2.6.1 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-26902

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Brizy Pro

Researcher

Rafie Muhammad

More Details >

Brizy Pro <= 2.6.1 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-26901

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Brizy Pro

Researcher

Rafie Muhammad

More Details >

CM Registration and Invitation Codes <= 2.5.2 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-32210

Patch Status
Unpatched

Published
Apr 7, 2025

Affected Software
CM Registration – Tailored tool for seamless login and invitation-based registrations

Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Customify <= 0.4.8 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-26920

Patch Status
Unpatched

Published
Apr 10, 2025

Affected Software
customify-theme

Researcher

Fariq Fadillah Gusti Insani (fariqfgi)

More Details >

Customize Login Page <= 1.1 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-31034

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Customize Login Page

Researcher

Skalucy

More Details >

Doppler Forms <= 2.4.5 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-32620

Patch Status
Unpatched

Published
Apr 10, 2025

Affected Software
Doppler Forms

Researcher

Tran Nguyen Bao Khanh

More Details >

Easyfonts <= 1.1.2 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-31005

Patch Status
Patched

Published
Apr 9, 2025

Affected Software
Local google fonts, host google fonts locally by Easyfonts

Researcher

Skalucy

More Details >

Eazy Plugin Manager <= 4.3.0 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-32542

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Eazy Plugin Manager – Powerful Plugin Management Solution for WordPress

Researcher

Phúc ton luoi

More Details >

EazyDocs <= 2.6.4 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-32221

Patch Status
Unpatched

Published
Apr 7, 2025

Affected Software
EazyDocs – Most Powerful Knowledge base, wiki, Documentation Builder Plugin

Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Flo Forms <= 1.0.43 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-32213

Patch Status
Unpatched

Published
Apr 7, 2025

Affected Software
Flo Forms – Easy Drag & Drop Form Builder

Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Hive Support <= 1.2.2 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-32208

Patch Status
Unpatched

Published
Apr 7, 2025

Affected Software
Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress

Researcher

stealthcopter

More Details >

Industrial Lite <= 1.0.8 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-26955

Patch Status
Unpatched

Published
Apr 10, 2025

Affected Software
Industrial Lite

Researcher

Kévin Mosbahi (Mika)

More Details >

InPost Gallery <= 2.1.4.3 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-26903

Patch Status
Patched

Published
Apr 11, 2025

Affected Software
InPost Gallery

Researcher

Skalucy

More Details >

MapSVG Lite <= 8.5.34 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-32684

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
MapSVG – Vector maps, Image maps, Google Maps

Researcher

Nguyễn Trung Kiên

More Details >

Motors – Car Dealership & Classified Listings Plugin <= 1.4.66 – Missing Authorization to Authenticated (Subscriber+) Wizard Set-up

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-3437

Patch Status
Unpatched

Published
Apr 7, 2025

Affected Software
Motors – Car Dealership & Classified Listings Plugin

Researcher

Chloe Chamberland

More Details >

reCAPTCHA Jetpack <= 0.2.2 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-32494

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
reCAPTCHA Jetpack

Researcher

Nabil Irawan

More Details >

Rich Table of Contents <= 1.4.0 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-31004

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Rich Table of Contents

Researcher

Peter Thaleikis

More Details >

Specia Companion <= 4.6 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-32212

Patch Status
Unpatched

Published
Apr 7, 2025

Affected Software
Specia Companion

Researcher

Aiden (Thái An)

More Details >

Spider Elements – Addons for Elementor <= 1.6.2 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-32216

Patch Status
Unpatched

Published
Apr 7, 2025

Affected Software
Spider Elements – Crafted UX First Addons for Elementor

Researcher

Khalid Yusuf

More Details >

Tutor LMS <= 3.4.0 – Authenticated (Subscriber+) HTML Injection

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-32230

Patch Status
Unpatched

Published
Apr 7, 2025

Affected Software
Tutor LMS – eLearning and online course solution

Researcher

Revan Arifio

More Details >

User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.1.3 – Insecure Direct Object Reference to Authenticated (Subscriber+) User Password Update

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-3292

Patch Status
Patched

Published
Apr 11, 2025

Affected Software
User Registration & Membership – Custom Registration Form, Login Form, and User Profile

Researcher

wesley (wcraft)

More Details >

User Registration Using Contact Form 7 <= 2.2 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-32679

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
User Registration Using Contact Form 7

Researcher

Nabil Irawan

More Details >

Webcraftic Clearfy – WordPress optimization plugin <= 2.3.2 – Cross-Site Request Forgery to Plugin Settings Update via ‘setup-wbcr_clearfy’

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-13337

Patch Status
Patched

Published
Apr 11, 2025

Affected Software
Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer

Researcher

Whit Taylor

More Details >

Woo Product Feed For Marketing Channels <= 1.9.0 – Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-31377

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
Woo Product Feed For Marketing Channels

Researcher

theviper17y

More Details >

WordPress Mega Menu – QuadMenu <= 3.2.0 – Cross-Site Request Forgery to Limited User Meta Update

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-2871

Patch Status
Patched

Published
Apr 11, 2025

Affected Software
WordPress Mega Menu – QuadMenu

Researcher

Peter Thaleikis

More Details >

WP Performance Pack <= 2.5.4 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-32485

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
WP Performance Pack

Researcher

Nabil Irawan

More Details >

WP Show Stats <= 1.5 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-32678

Patch Status
Unpatched

Published
Apr 9, 2025

Affected Software
WP Show Stats

Researcher

Nabil Irawan

More Details >

WPJobBoard < 5.11.1 – Authenticated (Subscriber+) Path Traversal

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-30966

Patch Status
Patched

Published
Apr 10, 2025

Affected Software
WP Job Board

Researcher

Ananda Dhakal

More Details >

WPJobBoard < 5.11.1 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2025-30965

Patch Status
Patched

Published
Apr 9, 2025

Affected Software
WP Job Board

Researcher

Ananda Dhakal

More Details >

Piotnet Forms <= 1.0.30 – Authenticated (Editor+) Path Traversal

3.8

CVSS Rating
Low (3.8)

CVE-ID
CVE-2025-32205

Patch Status
Unpatched

Published
Apr 7, 2025

Affected Software
Piotnet Forms

Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Advanced Contact form 7 DB <= 2.0.8 & Import any XML, CSV or Excel File to WordPress <= 3.8.0 – Use of Vulnerable Component (PHPExcel)

3.7

CVSS Rating
Low (3.7)

CVE-ID
CVE-2014-2054

Patch Status
Patched

Published
Apr 7, 2025

Affected Software
Advanced Contact form 7 DB
Import any XML, CSV or Excel File to WordPress

Researcher(s): Unknown

More Details >

Squeeze <= 1.6 – Authenticated (Admin+) Full Path Disclosure

2.7

CVSS Rating
Low (2.7)

CVE-ID
CVE-2025-31003

Patch Status
Patched

Published
Apr 9, 2025

Affected Software
Squeeze – Image Optimization & Compression, WebP Conversion

Researcher

astra.r3verii

More Details >