PT-2025-17486

Name of the Vulnerable Software and Affected Versions Front End Users WordPress plugin versions 3.2.32 and earlier Description The issue is related to a Reflected Cross-Site Scripting problem, where the Front End Users WordPress plugin does not properly sanitise and escape a parameter before...

WordPress AFI plugin < 1.100.0 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Advanced Form Integration versions 1.100.0...

WordPress User Registration & Membership Pro plugin <= 5.1.3 - Cross-Site Request Forgery to User Deletion vulnerability

Cross-Site Request Forgery to User Deletion vulnerability discovered by wesley wcraft in WordPress Plugin User Registration & Membership Pro versions = 5.1.3...

WordPress JetElements For Elementor plugin <= 2.7.4.1 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin JetElements For Elementor versions = 2.7.4.1...

CVE-2025-3487

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘limit’ parameter in all versions up to, and including, 1.42.0 due to insufficient input sanitization and output escaping. This makes it possible for...

WordPress WPCOM Member plugin <= 1.7.7 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by astra.r3verii in WordPress Plugin WPCOM Member versions = 1.7.7...

WordPress Eventin plugin <= 4.0.25 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by theviper17 in WordPress Plugin Eventin versions = 4.0.25...

CVE-2025-26996 WordPress Sign-up Sheets plugin <= 2.3.0.1 - Shortcode Injection vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Fetch Designs Sign-up Sheets sign-up-sheets allows Code Injection.This issue affects Sign-up Sheets: from n/a through = 2.3.0.1...

WordPress WP_DEBUG Toggle plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin WPDEBUG Toggle versions = 1.1...

CVE-2025-3422

The The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.1.1. This is due to the software allowing users to execute an action that does not proper...

WordPress WP Easy Poll Plugin <= 2.2.9 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh in WordPress Plugin WP Easy Poll versions = 2.2.9...

CVE-2025-32525 WordPress Interactive Geo Maps plugin <= 1.6.24 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in MapGeo Interactive Geo Maps interactive-geo-maps allows Reflected XSS.This issue affects Interactive Geo Maps: from n/a through = 1.6.24...

CVE-2025-3433

The Advanced Advertising System plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.3.1. This is due to insufficient validation on the redirect url supplied via the 'redir' parameter. This makes it possible for unauthenticated attackers to redirect users to...

WordPress More Mime Type Filters plugin <= 0.3 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by johska in WordPress Plugin More Mime Type Filters versions = 0.3...

CVE-2025-32498

CVE-2025-32498 (VKontakte Cross-Post) describes a CSRF-to-Stored XSS in VKontakte Cross-Post up to version 0.3.2. The CVSS 3.1 base score is 7.1 (HIGH). Affected: VKontakte Cross-Post plugin; root cause: CSRF enables stored XSS. Remediation: upgrade to version 0.3.2 or apply provided fix (no othe...

WordPress Testimonial Slider and Showcase Pro plugin <= 2.3.15 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by LVT-tholv2k in WordPress Plugin Testimonial Slider And Showcase Pro versions = 2.3.15...

WordPress Review Stream plugin <= 1.6.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan in WordPress Plugin Review Stream versions = 1.6.7...

WordPress Advanced Advertising System plugin <= 1.3.1 - Open Redirect vulnerability

Open Redirect vulnerability discovered by Gabriele Zuddas in WordPress Plugin Advanced Advertising System versions = 1.3.1...

WordPress Internal Link Optimiser plugin <= 5.1.2 - Settings Change vulnerability

Settings Change vulnerability discovered by Mika in WordPress Plugin Internal Link Optimiser versions = 5.1.2...

CVE-2025-32226

Technical details for CVE-2025-32226 are not provided in the supplied documents; no root-cause, affected versions beyond