CVE-2025-32187

CVE-2025-32187 is referenced in connected data as a vulnerability in the WordPress plugin Administrator Z, described by Wordfence as an Authenticated (Contributor+) Stored Cross-Site Scripting (XSS). The document does not detail the exact vulnerable input, affected versions, or remediation within...

CVE-2025-32187 WordPress Administrator Z plugin <= 2026.03.02 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Quý Lê 91 Administrator Z administrator-z allows DOM-Based XSS.This issue affects Administrator Z: from n/a through = 2026.03.02...

CVE-2025-32186 WordPress Turbo Addons for Elementor plugin <= 1.7.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Turbo Addons Turbo Addons for Elementor allows DOM-Based XSS. This issue affects Turbo Addons for Elementor: from n/a through 1.7.1...

CVE-2025-32186

CVE-2025-32186 is a DOM-based XSS risk in Turbo Addons for Elementor (vulnerable up to 1.7.1; 1.7.2 reportedly affected per Wordfence) that remains unpatched according to the connected Wordfence vulnerability report. Affects Turbo Addons for Elementor; impact is Cross-site Scripting via input dur...

CVE-2025-32174 WordPress Tockify Events Calendar plugin <= 2.2.13 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tockify Tockify Events Calendar allows DOM-Based XSS. This issue affects Tockify Events Calendar: from n/a through 2.2.13...

CVE-2025-32174 WordPress Tockify Events Calendar plugin <= 2.2.13 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tockify Tockify Events Calendar tockify-events-calendar allows DOM-Based XSS.This issue affects Tockify Events Calendar: from n/a through = 2.2.13...

CVE-2025-32169 WordPress Showeblogin Social plugin <= 7.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Suresh Prasad Showeblogin Social allows DOM-Based XSS. This issue affects Showeblogin Social: from n/a through 7.0...

CVE-2025-32162 WordPress Chamber Dashboard Business Directory plugin <= 3.3.11 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Morgan Kay Chamber Dashboard Business Directory allows DOM-Based XSS. This issue affects Chamber Dashboard Business Directory: from n/a through 3.3.11...

PT-2025-14957 · Unknown · Tockify Events Calendar

Name of the Vulnerable Software and Affected Versions: Tockify Events Calendar versions through 2.2.13 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows DOM-Based XSS. This means that an attacker coul...

WordPress plugin Administrator Z 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin.... A cross-site scripting...

WordPress plugin Musician s Pack for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin Chamber Dashboard Business Directory 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerabili...

CVE-2025-31455

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ralxz Limit Max IPs Per User limit-max-ips-per-user allows DOM-Based XSS.This issue affects Limit Max IPs Per User: from n/a through = 1.5...

CVE-2025-31747

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in milan.latinovic WP Chrono wp-chrono allows DOM-Based XSS.This issue affects WP Chrono: from n/a through = 1.5.4...

CVE-2025-31734

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Syed Balkhi Simple Post Expiration simple-post-expiration allows DOM-Based XSS.This issue affects Simple Post Expiration: from n/a through = 1.0.1...

CVE-2025-31790

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Binsaifullah Posten posten-post-blocks allows DOM-Based XSS.This issue affects Posten: from n/a through = 0.0.1...

CVE-2025-31835

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brice Capobianco WP Plugin Info Card wp-plugin-info-card allows DOM-Based XSS.This issue affects WP Plugin Info Card: from n/a through = 5.3.0...

CVE-2025-31817

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPWheels BlockWheels blockwheels allows DOM-Based XSS.This issue affects BlockWheels: from n/a through = 1.0.2...

CVE-2025-31741

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Filtr8 Easy Magazine filtr8-magazine allows DOM-Based XSS.This issue affects Easy Magazine: from n/a through = 2.1.13...

CVE-2025-31875

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pluginic FancyPost post-block allows DOM-Based XSS.This issue affects FancyPost: from n/a through = 6.0.6...