WordPress plugin mLanguage 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

CVE-2025-32614 WordPress EventON plugin <= 2.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Ashan Perera EventON eventon-lite allows PHP Local File Inclusion.This issue affects EventON: from n/a through = 2.4...

WordPress Wallet System for WooCommerce plugin <= 2.6.8 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Wallet System for WooCommerce versions = 2.6.8...

CVE-2025-31411 WordPress Linet ERP-Woocommerce Integration plugin <= 3.5.12 - Arbitrary File Read/Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in aribhour Linet ERP-Woocommerce Integration linet-erp-woocommerce-integration allows Path Traversal.This issue affects Linet ERP-Woocommerce Integration: from n/a through = 3.5.12...

CVE-2025-32275 WordPress Survey Maker plugin <= 5.1.6.3 - Bypass vulnerability

Authentication Bypass by Spoofing vulnerability in Ays Pro Survey Maker survey-maker allows Identity Spoofing.This issue affects Survey Maker: from n/a through = 5.1.6.3...

CVE-2025-32230 WordPress Tutor LMS plugin <= 3.4.0 - HTML Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Themeum Tutor LMS tutor.This issue affects Tutor LMS: from n/a through = 3.4.0...

CVE-2025-31032 WordPress Pagopar – WooCommerce Gateway plugin <= 2.7.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Pagopar - Grupo M S.A. Pagopar – WooCommerce Gateway pagopar-woocommerce-gateway allows Stored XSS.This issue affects Pagopar – WooCommerce Gateway: from n/a through = 2.7.1...

CVE-2025-31036 WordPress WPSolr plugin <= 24.0 - CSRF to Privilege Escalation vulnerability

Cross-Site Request Forgery CSRF vulnerability in WPSOLR WPSolr wpsolr-free allows Privilege Escalation.This issue affects WPSolr: from n/a through = 24.0...

CVE-2025-32477 WordPress WP-Easy Menu plugin <= 0.41 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Jordi Salord WP-Easy Menu allows Stored XSS. This issue affects WP-Easy Menu: from n/a through 0.41...

CVE-2025-32518 WordPress ALD Login Page plugin <= 1.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in hossainawlad ALD Login Page allows Stored XSS. This issue affects ALD Login Page: from n/a through 1.1...

CVE-2025-32547 WordPress All push notification for WP Plugin <= 1.5.3 - CSRF to SQL Injection vulnerability

Cross-Site Request Forgery CSRF vulnerability in gtlwpdev All push notification for WP all-push-notification allows Blind SQL Injection.This issue affects All push notification for WP: from n/a through = 1.5.3...

CVE-2025-32624 WordPress Czater.pl – live chat i telefon plugin <= 1.0.5 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Missing Authorization vulnerability in czater Czater.pl – live chat i telefon allows Cross Site Request Forgery. This issue affects Czater.pl – live chat i telefon: from n/a through 1.0.5...

CVE-2025-32669

CVE-2025-32669 describes a CSRF-to-Stored XSS in the WordPress plugin set “Mergado Pack.” The connected documents confirm the impact is stored XSS triggered via CSRF and that affected software is Mergado Pack up to version 4.1.1 . Technical details in the connected sources identify the vulnerabil...

CVE-2024-6857

CVE-2024-6857 concerns the WP MultiTasking WordPress plugin (versions &lt;= 0.1.12) where updating Header/Footer/Body Script Settings lacks CSRF protection. Exploitation could allow an attacker to force logged-in admins to perform these updates via CSRF. Public sources in connected docs confirm t...

WordPress plugin Spoiler Block 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

WordPress Spider Elements – Addons for Elementor plugin <= 1.6.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abu Hurayra in WordPress Plugin Spider Elements versions = 1.6.6...

CVE-2025-32267

Technical details about CVE-2025-32267 are not provided in the connected documents. Public info is high‑level (CSRF in the WordPress plugin wp-to-hootsuite up to version 1.5.8). Monitor official advisories for impacted versions, impact, and remediation.

CVE-2025-32127

CVE-2025-32127 concerns an SQL Injection in onOffice for WP-Websites (WordPress plugin) where improper neutralization of special elements in SQL commands is reported. Affected version range is onOffice for WP-Websites: from n/a through 5.7. The provided material cites a base score of 7.6 (HIGH) w...

CVE-2025-32124

CVE-2025-32124 corresponds to a SQL Injection issue in the WordPress plugin Behance Portfolio Manager. Connected documents confirm that versions up to 1.7.4 are affected and that the vulnerability is an authenticated SQL Injection (Contributor+ required). The root cause is improper handling of in...

WordPress Ecwid Shopping Cart plugin <= 7.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Ngô Thiên An ancorn from VNPT-VCI in WordPress Plugin Ecwid Shopping Cart versions = 7.0...