CVE-2025-32477 WordPress WP-Easy Menu plugin <= 0.41 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Jordi Salord WP-Easy Menu allows Stored XSS. This issue affects WP-Easy Menu: from n/a through 0.41...

CVE-2025-32518 WordPress ALD Login Page plugin <= 1.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in hossainawlad ALD Login Page allows Stored XSS. This issue affects ALD Login Page: from n/a through 1.1...

CVE-2025-32547 WordPress All push notification for WP Plugin <= 1.5.3 - CSRF to SQL Injection vulnerability

Cross-Site Request Forgery CSRF vulnerability in gtlwpdev All push notification for WP all-push-notification allows Blind SQL Injection.This issue affects All push notification for WP: from n/a through = 1.5.3...

CVE-2025-32624 WordPress Czater.pl – live chat i telefon plugin <= 1.0.5 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Missing Authorization vulnerability in czater Czater.pl – live chat i telefon allows Cross Site Request Forgery. This issue affects Czater.pl – live chat i telefon: from n/a through 1.0.5...

CVE-2025-32669

CVE-2025-32669 describes a CSRF-to-Stored XSS in the WordPress plugin set “Mergado Pack.” The connected documents confirm the impact is stored XSS triggered via CSRF and that affected software is Mergado Pack up to version 4.1.1 . Technical details in the connected sources identify the vulnerabil...

CVE-2024-6857

CVE-2024-6857 concerns the WP MultiTasking WordPress plugin (versions &lt;= 0.1.12) where updating Header/Footer/Body Script Settings lacks CSRF protection. Exploitation could allow an attacker to force logged-in admins to perform these updates via CSRF. Public sources in connected docs confirm t...

WordPress plugin Spoiler Block 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

WordPress Spider Elements – Addons for Elementor plugin <= 1.6.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abu Hurayra in WordPress Plugin Spider Elements versions = 1.6.6...

CVE-2025-32267

Technical details about CVE-2025-32267 are not provided in the connected documents. Public info is high‑level (CSRF in the WordPress plugin wp-to-hootsuite up to version 1.5.8). Monitor official advisories for impacted versions, impact, and remediation.

CVE-2025-32127

CVE-2025-32127 concerns an SQL Injection in onOffice for WP-Websites (WordPress plugin) where improper neutralization of special elements in SQL commands is reported. Affected version range is onOffice for WP-Websites: from n/a through 5.7. The provided material cites a base score of 7.6 (HIGH) w...

CVE-2025-32124

CVE-2025-32124 corresponds to a SQL Injection issue in the WordPress plugin Behance Portfolio Manager. Connected documents confirm that versions up to 1.7.4 are affected and that the vulnerability is an authenticated SQL Injection (Contributor+ required). The root cause is improper handling of in...

WordPress Ecwid Shopping Cart plugin <= 7.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Ngô Thiên An ancorn from VNPT-VCI in WordPress Plugin Ecwid Shopping Cart versions = 7.0...

WordPress plugin Catch Dark Mode 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2025-31586

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GhozyLab Gallery – Photo Albums Plugin easy-media-gallery allows Stored XSS.This issue affects Gallery – Photo Albums Plugin: from n/a through = 1.3.170...

CVE-2025-31078 WordPress Small Package Quotes – Worldwide Express Edition plugin <= 5.2.18 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in enituretechnology Small Package Quotes – Worldwide Express Edition small-package-quotes-wwe-edition allows Reflected XSS.This issue affects Small Package Quotes – Worldwide Express Edition: from n/...

WordPress ACF City Selector plugin <= 1.17.0 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Abdi Pranata in WordPress Plugin ACF City Selector versions = 1.17.0...

CVE-2025-31908 WordPress JSON Structuring Markup plugin <= 0.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Sami Ahmed Siddiqui JSON Structuring Markup allows Stored XSS. This issue affects JSON Structuring Markup: from n/a through 0.1...

CVE-2025-31822 WordPress WordPress Simple HTML Sitemap plugin <= 3.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Ashish Ajani WP Simple HTML Sitemap wp-simple-html-sitemap allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Simple HTML Sitemap: from n/a through = 3.5...

CVE-2025-31796 WordPress ElementsCSS Addons for Elementor plugin <= 1.0.8.9 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in TheInnovs ElementsCSS Addons for Elementor css-for-elementor allows Server Side Request Forgery.This issue affects ElementsCSS Addons for Elementor: from n/a through = 1.0.8.9...

CVE-2025-31738 WordPress LeadQuizzes Plugin <= 1.1.0 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in yazamodeveloper LeadQuizzes allows Stored XSS. This issue affects LeadQuizzes: from n/a through 1.1.0...