CVE-2025-32525 WordPress Interactive Geo Maps plugin <= 1.6.24 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in MapGeo Interactive Geo Maps interactive-geo-maps allows Reflected XSS.This issue affects Interactive Geo Maps: from n/a through = 1.6.24...

CVE-2025-32143 WordPress Accordion plugin <= 2.3.11 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in PickPlugins Accordion accordions allows Object Injection.This issue affects Accordion: from n/a through = 2.3.11...

CVE-2025-32461

wikipluginincludetpl in lib/wiki-plugins/wikipluginincludetpl.php in Tiki before 28.3 mishandles input to an eval. The fixed versions are 21.12, 24.8, 27.2, and 28.3...

CVE-2025-3433

The Advanced Advertising System plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.3.1. This is due to insufficient validation on the redirect url supplied via the 'redir' parameter. This makes it possible for unauthenticated attackers to redirect users to...

WordPress plugin Site Notify 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress More Mime Type Filters plugin <= 0.3 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by johska in WordPress Plugin More Mime Type Filters versions = 0.3...

CVE-2025-32484 WordPress WP-Planification – WP-Planning plugin <= 2.3.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Mathieu Chartier WP-Planification allows Stored XSS. This issue affects WP-Planification: from n/a through 2.3.1...

CVE-2025-32498

CVE-2025-32498 (VKontakte Cross-Post) describes a CSRF-to-Stored XSS in VKontakte Cross-Post up to version 0.3.2. The CVSS 3.1 base score is 7.1 (HIGH). Affected: VKontakte Cross-Post plugin; root cause: CSRF enables stored XSS. Remediation: upgrade to version 0.3.2 or apply provided fix (no othe...

WordPress Testimonial Slider and Showcase Pro plugin <= 2.3.15 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by LVT-tholv2k in WordPress Plugin Testimonial Slider And Showcase Pro versions = 2.3.15...

WordPress ALD Login Page plugin <= 1.1 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO in WordPress Plugin ALD Login Page versions = 1.1...

WordPress Review Stream plugin <= 1.6.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan in WordPress Plugin Review Stream versions = 1.6.7...

WordPress Advanced Advertising System plugin <= 1.3.1 - Open Redirect vulnerability

Open Redirect vulnerability discovered by Gabriele Zuddas in WordPress Plugin Advanced Advertising System versions = 1.3.1...

WordPress Internal Link Optimiser plugin <= 5.1.2 - Settings Change vulnerability

Settings Change vulnerability discovered by Mika in WordPress Plugin Internal Link Optimiser versions = 5.1.2...

CVE-2025-31795

Missing Authorization vulnerability in Plugin Devs Shopify to WooCommerce Migration migrate-shopify-to-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shopify to WooCommerce Migration: from n/a through = 1.3.0...

CVE-2025-32226

Technical details for CVE-2025-32226 are not provided in the supplied documents; no root-cause, affected versions beyond

CVE-2025-32203 WordPress Falling things Plugin <= 1.08 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in manu225 Falling things falling-things allows SQL Injection.This issue affects Falling things: from n/a through = 1.08...

WordPress Simple WP Events plugin <= 1.8.17 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin Simple WP Events versions = 1.8.17...

CVE-2025-31795 WordPress Shopify to WooCommerce Migration plugin <= 1.3.0 - Settings Change vulnerability

Missing Authorization vulnerability in Plugin Devs Shopify to WooCommerce Migration migrate-shopify-to-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shopify to WooCommerce Migration: from n/a through = 1.3.0...

WordPress plugin XV Random Quotes 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Big Boom Directory plugin <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin Big Boom Directory versions = 2.5.0...