Wordfence Intelligence Weekly WordPress Vulnerability Report (April 7, 2025 to April 13, 2025)

by

📢 In case you missed it, Wordfence just published its annual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond.  

Last week, there were 340 vulnerabilities disclosed in 303 WordPress Plugins and 8 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 67 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to implement layered security, aligning with our overarching mission to secure WordPress with defense in depth strategies. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.

Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 25,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

Total Unpatched & Patched Vulnerabilities Last Week

Patch Status Number of Vulnerabilities
Patched 79
Unpatched 261

Total Vulnerabilities by CVSS Severity Last Week

Severity Rating Number of Vulnerabilities
Low Severity 3
Medium Severity 264
High Severity 49
Critical Severity 24

Total Vulnerabilities by CWE Type Last Week

Vulnerability Type by CWE Number of Vulnerabilities
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 121
Cross-Site Request Forgery (CSRF) 86
Missing Authorization 32
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) 25
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) 21
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) 9
Deserialization of Untrusted Data 7
Exposure of Sensitive Information to an Unauthorized Actor 7
Unrestricted Upload of File with Dangerous Type 7
Server-Side Request Forgery (SSRF) 6
Authorization Bypass Through User-Controlled Key 3
Improper Control of Generation of Code (‘Code Injection’) 3
URL Redirection to Untrusted Site (‘Open Redirect’) 3
External Control of File Name or Path 2
Improper Authorization 2
Improper Privilege Management 2
Authentication Bypass Using an Alternate Path or Channel 1
Dependency on Vulnerable Third-Party Component 1
Improper Input Validation 1
Incorrect Comparison 1

Researchers That Contributed to WordPress Security Last Week

Researcher Name Number of Vulnerabilities
31
28
26
26
16
12
12
10
10
9
9
9
8
8
8
8
6
6
5
5
5
5
5
5
4
4
4
4
4
3
3

Gab
2
2
2
2
2
2
2
2
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.

WordPress Plugins with Reported Vulnerabilities Last Week

Software Name Software Slug
3DPrint Lite 3dprint-lite
5sterrenspecialist 5-sterrenspecialist
AAWP Obfuscator aawp-obfuscator
ABA PayWay Payment Gateway for WooCommerce aba-payway-woocommerce-payment-gateway
Accept SagePay Payments Using Contact Form 7 accept-sagepay-payments-using-contact-form-7
Accessibility Suite by Ability, Inc online-accessibility
Accordion – AI FAQ, Accordion, Tabs, Image Accordion, Product FAQ, FAQ Builder, FAQ Grid accordions
Accredible Certificates & Open Badges accredible-certificates
Activity Reactions For Buddypress activity-reactions-for-buddypress
Add Product Frontend for WooCommerce add-product-frontend-for-woocommerce
Additional Custom Product Tabs for WooCommerce product-tabs-for-woocommerce
Admin Menu Post List admin-menu-post-list
Advance WP Query Search Filter advance-wp-query-search-filter
Advanced Advertising System advanced-advertising-system
Advanced Contact form 7 DB advanced-cf7-db
Advanced Custom Fields: Link Picker Field acf-link-picker-field
Advanced Tag Lists advanced-tag-list
AF Tell a Friend af-tell-a-friend
Affiliate Links: WordPress Plugin for Link Cloaking and Link Management affiliate-links
Age Gate age-gate
AI Content Writer, Autoblogging, Youtube Subtitle to Article – SEO Help seo-help
ALD Login Page ald-login-page
All push notification for WP all-push-notification
Ally – Web Accessibility & Usability pojo-accessibility
Anant Addons for Elementor anant-addons-for-elementor
AnyTrack Affiliate Link Manager anytrack-affiliate-link-manager
Arconix FAQ arconix-faq
Aria Font aria-font
Asgaros Forum asgaros-forum
AT Internet SmartTag at-internet
Automatic Ban IP automatic-ban-ip
AWSA Shipping – Advanced Shipping for Woocommerce and Dokan awsa-shipping
azurecurve Shortcodes in Comments azurecurve-shortcodes-in-comments
Booking and Rental Manager for Bike | Car | Resort | Appointment | Dress | Equipment booking-and-rental-manager-for-woocommerce
BP Social Connect bp-social-connect
Brizy Pro brizy-pro
Broadstreet broadstreet
Buddypress Humanity buddypress-humanity
Build App Online build-app-online
Bulk Product Sync – Bulk Product Editor for WooCommerce with Google Sheets™ sync-wc-google
C9 Blocks c9-blocks
Canonical Attachments canonical-attachments
CardGate Payments for WooCommerce cardgate
Cart66 Cloud :: WordPress Ecommerce The Easy Way cart66-cloud
CG Scroll To Top cg-scroll-to-top
Chat2 chat2
ChillPay WooCommerce chillpay-payment-gateway
Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer clearfy
Click & Pledge Connect Plugin click-pledge-connect
Clinked Client Portal clinked-client-portal
CM Registration – Tailored tool for seamless login and invitation-based registrations cm-invitation-codes
Codescar Radio Widget codescar-radio-widget
Coming Soon Countdown coming-soon-countdown
Coming Soon, Maintenance Mode & Under Construction Page Builder by Site Mode site-mode
Comment Validation Reloaded comment-validation-reloaded
Connector to CiviCRM with CiviMcRestFace connector-civicrm-mcrestface
Cool Flipbox – Shortcode & Gutenberg Block flip-boxes
coreActivity: Activity Logging for WordPress coreactivity
Cost Calculator Builder cost-calculator-builder
Credova Financial credova-financial
Crowdfunding for WooCommerce crowdfunding-for-woocommerce
Custom Posts Order custom-posts-order
Custom Smilies custom-smilies
Customize Login Page customize-login-page
Czater.pl – live chat i telefon czater
Database Toolset database-toolset
DeBounce Email Validator debounce-io-email-validator
Deliver via Shipos for WooCommerce wc-shipos-delivery
Developer Toolbar developer-toolbar
Doppler Forms doppler-form
DSGVO Youtube dsgvo-youtube
Duplicate Title Checker duplicate-title-checker
Easy custom css by webriti easy-custom-css
Easy Post Duplicator easy-post-duplicator
Eazy Plugin Manager – Powerful Plugin Management Solution for WordPress plugins-on-steroids
EazyDocs – Most Powerful Knowledge base, wiki, Documentation Builder Plugin eazydocs
Embedder embedder
EmpikPlace for Woocommerce empik-for-woocommerce
ePaper Lister for Yumpu magazine-lister-for-yumpu
Epeken All Kurir Plugin for Woocommerce Full Version epeken-all-kurir
Error Log Viewer By WP Guru error-log-viewer-wp
Essential Breadcrumbs essential-breadcrumbs
Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin mage-eventpress
EventON – Events Calendar eventon-lite
Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress everest-forms
FAT Cooming Soon fat-coming-soon
FireDrum Email Marketing firedrum-email-marketing
Flags Widget flags-widget
Flexi – Guest Submit flexi
Flo Forms – Easy Drag & Drop Form Builder flo-forms
Foliopress WYSIWYG foliopress-wysiwyg
FraudLabs Pro for WooCommerce fraudlabs-pro-for-woocommerce
FrescoChat Live Chat flexytalk-widget
FS Poster – WordPress Social media Auto Poster & Scheduler [Facebook, Instagram, Twitter, Pinterest] fs-poster
GB Gallery Slideshow gb-gallery-slideshow
Global Gallery – WordPress Responsive Gallery global-gallery
GreenPay(tm) by Green.Money green-money-payment-gateway
Hamburger Icon Menu Lite hamburger-icon-menu-lite
Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress hive-support
HTML5 Video Player with Playlist html5-video-player-with-playlist
iCal Feeds ical-feeds
IDonate – Blood Donation, Request And Donor Management System idonate
Import any XML, CSV or Excel File to WordPress wp-all-import
IndieBlocks indieblocks
InPost Gallery inpost-gallery
Insert HTML Here insert-html-here
Insert or Embed Articulate Content into WordPress insert-or-embed-articulate-content-into-wordpress
InstaWP Connect – 1-click WP Staging & Migration instawp-connect
Interactive US Map interactive-us-map
iONE360 configurator ione360-configurator
IP2Location World Clock ip2location-world-clock
JetBlog for Elementor jet-blog
JetCompareWishlist for Elementor jet-compare-wishlist
JetEngine jet-engine
Job Board Manager job-board-manager
JS Job Manager js-jobs
Kargo Entegratör – WooCommerce Kargo Entegrasyon Eklentisi kargo-entegrator
KeyCAPTCHA – Social WordPress CAPTCHA keycaptcha
Language Field language-field
License For Envato license-envato
License Manager for WooCommerce license-manager-for-woocommerce
Linet ERP-Woocommerce Integration Plugin linet-erp-woocommerce-integration
Link Shield link-shield
Listings for Buildium listings-for-buildium
Local google fonts, host google fonts locally by Easyfonts easyfonts
Lock Your Updates Plugins/Themes Manager lock-your-updates
Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid logo-showcase-ultimate
Make Email Customizer for WooCommerce make-email-customizer-for-woocommerce
MapGeo – Interactive Geo Maps interactive-geo-maps
MapSVG – Vector maps, Image maps, Google Maps mapsvg-lite-interactive-vector-maps
Material Dashboard material-dashboard
MelaPress Login Security melapress-login-security
MelaPress Login Security Premium melapress-login-security-premium
Melhor Envio melhor-envio-cotacao
Mergado Pack mergado-marketing-pack
MMX – Make Me Christmas mmx-make-me-christmas
Mobile Blocks mobile-pages
Mobile Smart mobile-smart
More Mime Type Filters more-mime-type-filters
Motors – Car Dealership & Classified Listings Plugin motors-car-dealership-classified-listings
MSRP (RRP) Pricing for WooCommerce msrp-for-woocommerce
MultiMailer scand-multi-mailer
Multiple Location Google Map multiple-location-google-map
Nav Menu Manager noakes-menu-manager
Nearby Locations nearby-locations
Neon Product Designer neon-product-designer-for-woocommerce
Nepali Date Converter nepali-date-converter
Nepali Date Utilities nepali-date-utilities
NewsBoard Post and RSS Scroller newsboard
Nimbata Call Tracking nimbata-call-tracking
Nino Social Connect nino-social-connect
Oppso Unit Converter oppso-unit-converter
ORDER POST order-post
OttoKit: All-in-One Automation Platform (Formerly SureTriggers) suretriggers
Oxygen MyData for WooCommerce oxygen-mydata
Pagopar – WooCommerce Gateway pagopar-woocommerce-gateway
Paid Videochat Turnkey Site – HTML5 PPV Live Webcams ppv-live-webcams
Payment Forms for Paystack payment-forms-for-paystack
Photo Gallery by 10Web – Mobile-Friendly Image Gallery photo-gallery
Piotnet Forms piotnetforms
PlainInventory – Inventory Management Plugin z-inventory-manager
Popping Content Light popping-content-light
PowerPress Podcasting plugin by Blubrry powerpress
Print Science Designer print-science-designer
Processing Projects processing-projects
Product Excel Import Export & Bulk Edit for WooCommerce webd-woocommerce-product-excel-importer-bulk-edit
QR Master qr-master
Question Answer question-answer
Rankology SEO – On-site SEO rankology-seo-all-in-one-seo-analytics
Raptive Ads adthrive-ads
Ray Enterprise Translation lingotek-translation
Real Estate Manager – Property Listing and Agent Management real-estate-manager
Real Testimonials – Testimonial Slider, Carousel, Grid | Collect Customer Reviews and Video Testimonial with Testimonial Form | Social Proof Reviews and Review Slider testimonial-free
reCAPTCHA Jetpack recaptcha-jetpack
Related Videos for JW Player related-videos-for-jw-player
RentSyst – CRM solution for fleet management rentsyst
Request Call Back request-call-back
Restrict User Registration restrict-user-registration
RestroPress – Online Food Ordering System restropress
Revamp CRM for WooCommerce revampcrm-woocommerce
REVE Chat – AI-powered Chatbot & Live Chat Plugin for WordPress revechat
Review Stars Count For WooCommerce review-stars-count-for-woocommerce
Review Stream review-stream
Rich Table of Contents rich-table-of-content
Royal Elementor Addons and Templates royal-elementor-addons
RS Elements Elementor Addon rselements-lite
Sandwich Adsense firsth3tagadsense
Scheduled scheduled
Script Compressor script-compressor
Seo Meta Tags seo-meta-tags
SEO, Nutrition and Print for Recipes by Edamam seo-nutrition-and-print-for-recipes-by-edamam
SERPed.net serped-net
Service Booking & Scheduling Solution | All-in-one Booking Systems service-booking-manager
Shipping by Weight for WooCommerce dn-shipping-by-weight
Shop Products Filter trusty-woo-products-filter
Silvasoft boekhouden silvasoft-boekhouden
Simple Post Meta Manager simple-post-meta-manager
Simple Spoiler simple-spoiler
Simple WP Events simple-wp-events
Site Notify site-notify
Site Table of Contents site-table-of-contents
SKT Blocks – Gutenberg based Page Builder skt-blocks
SKT Skill Bar skt-skill-bar
Smart Product Gallery Slider smart-product-gallery-slider
SMTP for Amazon SES – YaySMTP smtp-amazon-ses
Social Bookmarking RELOADED social-bookmarking-reloaded
Social Crowd social-crowd
Solace Extra solace-extra
Spark GF Failed Submissions spark-gf-failed-submissions
Specia Companion specia-companion
Spider Elements – Crafted UX First Addons for Elementor spider-elements
Spoiler Block spoiler-block
Squeeze – Image Optimization & Compression, WebP Conversion squeeze
Stop Registration Spam stop-registration-spam
Store Exporter – Export WooCommerce Products, Orders, Subscriptions, Customers woocommerce-exporter
Survey Maker survey-maker
Swatchly – WooCommerce Variation Swatches for Products (product attributes: Image swatch, Color swatches, Label swatches) swatchly
Sync Posts sync-posts
TableOn – WordPress Posts Table Filterable  posts-table-filterable
Task Scheduler task-scheduler
Team Circle Image Slider With Lightbox circle-image-slider-with-lightbox
Terminal Africa terminal-africa
Testimonial Slider And Showcase Pro testimonial-slider-showcase-pro
The World the-world
Total processing card payments for WooCommerce totalprocessing-card-payments
Tournamatch tournamatch
Tutor LMS – eLearning and online course solution tutor
Twispay Credit Card Payments twispay
Ultimate Bootstrap Elements for Elementor ultimate-bootstrap-elements-for-elementor
Ultimate WP Mail ultimate-wp-mail
Ultra Demo Importer ut-demo-importer
Uncanny Toolkit for LearnDash uncanny-learndash-toolkit
User Registration & Membership – Custom Registration Form, Login Form, and User Profile user-registration
User Registration Using Contact Form 7 user-registration-using-contact-form-7
User Session Synchronizer user-session-synchronizer
UXsniff AI-powered Heatmaps and Session Recordings ux-sniff
Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce vayu-blocks
Verowa Connect verowa-connect
Vice Versa vice-versa
Vite Coupon vite-coupon
VKontakte Cross-Post vkontakte-cross-post
Wallet System for WooCommerce wallet-system-for-woocommerce
Waymark waymark
Web2application Convert your website to android and IOS apps with push notifications , web push , free ajax products search for woocommerce and many more advanced features web2application
Wetterwarner wetterwarner
Widgetize Pages Light widgetize-pages-light
Windows Live Writer windows-live-writer
Wishlist wishlist
Woo Product Feed For Marketing Channels woocommerce-to-google-merchant-center
WooCommerce Estimate and Quote – Live Product Cost Estimation and Quotation system for WordPress wc-estimate-and-quote
WooCommerce Loyal Customers woocommerce-loyal-customer
WooCommerce Multilingual & Multicurrency with WPML woocommerce-multilingual
WooCommerce Pickupp wc-pickupp
WooCommerce Sales MIS Report woocommerce-mis-report
WooCommerce Sync for QuickBooks Online – by MyWorks myworks-woo-sync-for-quickbooks-online
WooCommerce TBC Credit Card Payment Gateway (Free) woo-tbc-payment-gateway
WooCommerce – Payphone Gateway wc-payphone-gateway
WordPress Events Calendar Plugin – connectDaily connect-daily-web-calendar
WordPress Health and Server Condition – Integrated with Google Page Speed wp-condition
WordPress Internal Link Optimiser internal-link-finder
WordPress Mega Menu – QuadMenu quadmenu
WordPress SMTP Service, Email Delivery Solved! — MailHawk mailhawk
WordPress Spam Blocker | Stop Spam for Contact Form 7, WP Forms and Formidable Forms cf7-manual-spam-blocker
WordPress Webinar Plugin – WebinarPress wp-webinarsystem
Workbox Video from Vimeo & Youtube Plugin workbox-video-from-vimeo-youtube-plugin
WP Abstracts wp-abstracts-manuscripts-manager
WP AutoKeyword wp-autokeyword
WP Calais Auto Tagger calais-auto-tagger
WP Delete User Accounts wp-delete-user-accounts
WP Easy Poll wp-easy-poll-afo
WP Editor.md – The Perfect WordPress Markdown Editor wp-editormd
WP Featured Screenshot wp-featured-screenshot
WP Food ordering and Restaurant Menu wp-food
WP Hide Categories wp-hide-categories
WP Inquiries wp-inquiries
WP Job Board wpjobboard
WP Map Route Planner wp-map-route-planner
WP Online Users Stats wp-online-users-stats
WP Performance Pack wp-performance-pack
WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts wedevs-project-manager
WP Remote Thumbnail wp-remote-thumbnail
wp secure wp-secure-by-sitesecuritymonitorcom
WP SexyLightBox wp-sexylightbox
WP Show Stats wp-show-stats
WP Social Stream Designer social-stream-design
WP Subscription Forms – Subscription Form Plugin for WordPress wp-subscription-forms
WP Table Builder – WordPress Table Plugin wp-table-builder
WP User Profiles wp-user-profiles
WP w3all phpBB wp-w3all-phpbb-integration
WP-BusinessDirectory – Business directory plugin for WordPress wp-businessdirectory
WP-Easy Menu wp-easy-menu
WP-Hijri wp-hijri
WP-Planification – WP-Planning wp-planification
WPC Admin Columns wpc-admin-columns
WPFront User Role Editor wpfront-user-role-editor
WPshop 2 – E-Commerce wpshop
WPSmartContracts wp-smart-contracts
WPSolr – Local Search with AI, Hybrid or Keywords – Includes Related Posts Widgets wpsolr-free
WS Audio Player ws-audio-player
YouTube Embed youtube-embed
Z Companion z-companion
Zephyr Project Manager zephyr-project-manager
ZoomSounds – WordPress Wave Audio Player with Playlist dzs-zoomsounds

WordPress Themes with Reported Vulnerabilities Last Week

Software Name Software Slug
Arkhe arkhe
Bulk bulk
customify-theme customify-theme
Industrial Lite industrial-lite
photography photography
SpaBiz spabiz
Streamit streamit
wireless-butler wireless-butler

Vulnerability Details

Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.

Build App Online <= 1.0.23 – Unauthenticated Local File Inclusion

9.8
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-32577
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Build App Online
Researcher
More Details >

Coming Soon, Maintenance Mode <= 1.1.1 – Unauthenticated Local File Inclusion

9.8
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-26894
Patch Status
Unpatched
Published
Apr 11, 2025
Affected Software
Coming Soon, Maintenance Mode & Under Construction Page Builder by Site Mode
Researcher
More Details >

EventON <= 2.4 – Unauthenticated Local File Inclusion

9.8
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-32614
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
EventON – Events Calendar
Researcher
More Details >

Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress <= 3.1.1 – Unauthenticated PHP Object Injection

9.8
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-3439
Patch Status
Patched
Published
Apr 10, 2025
Affected Software
Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress
Researcher
More Details >

FAT Cooming Soon <= 1.1 – Unauthenticated Local File Inclusion

9.8
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-32663
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
FAT Cooming Soon
Researcher
More Details >

Flexi – Guest Submit <= 4.28 – Unauthenticated Local File Inclusion

9.8
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-32589
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Flexi – Guest Submit
Researcher
More Details >

IDonate <= 2.1.8 – Unauthenticated Local File Inclusion

9.8
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-32519
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
IDonate – Blood Donation, Request And Donor Management System
Researcher
More Details >

InstaWP Connect <= 0.1.0.85 – Unauthenticated Local PHP File Inclusion

9.8
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-2636
Patch Status
Patched
Published
Apr 10, 2025
Affected Software
InstaWP Connect – 1-click WP Staging & Migration
Researcher
More Details >

JS Job Manager <= 2.0.2 – Unauthenticated Local File Inclusion

9.8
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-32627
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
JS Job Manager
Researcher
More Details >

Motors <= 1.4.67 – Unauthenticated Local File Inclusion

9.8
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-32654
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Motors – Car Dealership & Classified Listings Plugin
Researcher
More Details >

Paid Videochat Turnkey Site <= 7.3.11 – Authentication Bypass

9.8
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-31380
Patch Status
Patched
Published
Apr 10, 2025
Affected Software
Paid Videochat Turnkey Site – HTML5 PPV Live Webcams
Researcher
More Details >

Ray Enterprise Translation <= 1.7.0 – Unauthenticated Local File Inclusion

9.8
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-31030
Patch Status
Unpatched
Published
Apr 10, 2025
Affected Software
Ray Enterprise Translation
Researcher
More Details >

Real Estate Manager <= 7.3 – Unauthenticated Local File Inclusion

9.8
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-32668
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Real Estate Manager – Property Listing and Agent Management
Researcher
More Details >

TableOn – WordPress Posts Table Filterable <= 1.0.4 – Unauthenticated PHP Object Injection

9.8
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-32569
Patch Status
Unpatched
Published
Apr 10, 2025
Affected Software
TableOn – WordPress Posts Table Filterable 
Researcher
More Details >

Testimonial Slider And Showcase Pro <= 2.3.15 – Unauthenticated Local File Inclusion

9.8
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-32656
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Testimonial Slider And Showcase Pro
Researcher
More Details >

Ultimate Bootstrap Elements for Elementor <= 1.4.9 – Unauthenticated Local File Inclusion

9.8
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-32672
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Ultimate Bootstrap Elements for Elementor
Researcher
More Details >

WooCommerce Pickupp <= 2.4.0 – Unauthenticated Local File Inclusion

9.8
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-32587
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
WooCommerce Pickupp
Researcher
More Details >

WordPress SMTP Service, Email Delivery Solved! — MailHawk <= 1.3.1 – Unauthenticated Local File Inclusion

9.8
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-31015
Patch Status
Patched
Published
Apr 9, 2025
Affected Software
WordPress SMTP Service, Email Delivery Solved! — MailHawk
Researcher
More Details >

WP Food ordering and Restaurant Menu <= 1.1 – Unauthenticated Local File Inclusion

9.8
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-31040
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
WP Food ordering and Restaurant Menu
Researcher
More Details >

WpBookingly <= 1.2.0 – Unauthenticated PHP Object Injection

9.8
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2025-32607
Patch Status
Unpatched
Published
Apr 10, 2025
Affected Software
Service Booking & Scheduling Solution | All-in-one Booking Systems
Researcher
More Details >

Database Toolset <= 1.8.4 – Unauthenticated Arbitrary File Deletion

9.1
CVSS Rating
Critical (9.1)
CVE-ID
CVE-2025-32633
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Database Toolset
Researcher
More Details >

Oxygen MyData for WooCommerce <= 1.0.63 – Unauthenticated Arbitrary File Deletion

9.1
CVSS Rating
Critical (9.1)
CVE-ID
CVE-2025-32631
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Oxygen MyData for WooCommerce
Researcher
More Details >

Simple WP Events <= 1.8.17 – Unauthenticated Arbitrary File Deletion

9.1
CVSS Rating
Critical (9.1)
CVE-ID
CVE-2025-2004
Patch Status
Unpatched
Published
Apr 7, 2025
Affected Software
Simple WP Events
Researcher
More Details >

WP-BusinessDirectory <= 3.1.2 – Unauthenticated Arbitrary File Deletion

9.1
CVSS Rating
Critical (9.1)
CVE-ID
CVE-2025-32629
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
WP-BusinessDirectory – Business directory plugin for WordPress
Researcher
More Details >

Accessibility Suite by Online ADA <= 4.18 – Authenticated (Subscriber+) Arbitrary File Upload

8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2025-32215
Patch Status
Unpatched
Published
Apr 7, 2025
Affected Software
Accessibility Suite by Ability, Inc
Researcher
More Details >

Accordion <= 2.3.10 – Authenticated (Contributor+) PHP Object Injection

8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2025-32143
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Accordion – AI FAQ, Accordion, Tabs, Image Accordion, Product FAQ, FAQ Builder, FAQ Grid
Researcher
More Details >

Arkhe <= 3.11.0 – Cross-Site Request Forgery to Local File Inclusion

8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2025-26748
Patch Status
Unpatched
Published
Apr 11, 2025
Affected Software
Arkhe
Researcher
More Details >

Booking and Rental Manager <= 2.2.8 – Authenticated (Contributor+) Local File Inclusion

8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2025-27011
Patch Status
Patched
Published
Apr 11, 2025
Affected Software
Booking and Rental Manager for Bike | Car | Resort | Appointment | Dress | Equipment
Researcher
More Details >

Buddypress Humanity <= 1.2 – Cross-Site Request Forgery to Privilege Escalation

8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2025-31033
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Buddypress Humanity
Researcher
More Details >

Embedder 1.3 – 1.3.5 – Authenticated (Subscriber+) Arbitrary Options Update

8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2025-3417
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Embedder
Researcher
More Details >

EmpikPlace for Woocommerce <= 1.4.3 – Authenticated (Subscriber+) PHP Object Injection

8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2025-32568
Patch Status
Unpatched
Published
Apr 10, 2025
Affected Software
EmpikPlace for Woocommerce
Researcher
More Details >

Essential Breadcrumbs <= 1.1.1 – Cross-Site Request Forgery to Privilege Escalation

8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2025-31038
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Essential Breadcrumbs
Researcher
More Details >

JetCompareWishlist <= 1.5.9 – Authenticated (Contributor+) Local File Inclusion

8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2025-22279
Patch Status
Patched
Published
Apr 10, 2025
Affected Software
JetCompareWishlist for Elementor
Researcher
More Details >

Job Board Manager <= 2.1.60 – Authenticated (Contributor+) PHP Object Injection

8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2025-32144
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Job Board Manager
Researcher
More Details >

Logo Showcase Ultimate <= 1.4.4 – Authenticated (Contributor+) Local File Inclusion

8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2025-32499
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid
Researcher
More Details >

Material Dashboard <= 1.4.5 – Authenticated (Subscriber+) Local File Inclusion

8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2025-31014
Patch Status
Patched
Published
Apr 9, 2025
Affected Software
Material Dashboard
Researcher
More Details >

Motors – Car Dealership & Classified Listings Plugin <= 1.4.64 – Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation

8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2025-2807
Patch Status
Unpatched
Published
Apr 7, 2025
Affected Software
Motors – Car Dealership & Classified Listings Plugin
Researcher
More Details >

Rankology SEO – On-site SEO <= 2.2.3 – Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update

8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2025-32491
Patch Status
Unpatched
Published
Apr 10, 2025
Affected Software
Rankology SEO – On-site SEO
Researcher
More Details >

Seo Meta Tags <= 1.4 – Cross-Site Request Forgery to Privilege Escalation

8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2025-31023
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Seo Meta Tags
Researcher
More Details >

Shop Products Filter <= 1.2 – Authenticated (Subscriber+) Local File Inclusion

8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2025-32585
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Shop Products Filter
Researcher
More Details >

Solace Extra <= 1.3.1 – Authenticated (Subscriber+) Arbitrary File Upload

8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2025-32652
Patch Status
Unpatched
Published
Apr 10, 2025
Affected Software
Solace Extra
Researcher
More Details >

Streamit <= 4.0.2 – Authenticated (Subscriber+) Privilege Escalation via User Email Change/Account Takeover

8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2025-2526
Patch Status
Patched
Published
Apr 7, 2025
Affected Software
Streamit
Researcher
More Details >

Sync Posts <= 1.0 – Authenticated (Subscriber+) Arbitrary File Upload

8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2025-32579
Patch Status
Unpatched
Published
Apr 10, 2025
Affected Software
Sync Posts
Researcher
More Details >

Ultra Demo Importer <= 1.0.5 – Cross-Site Request Forgery to Remote Code Execution

8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2025-32496
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Ultra Demo Importer
Researcher
More Details >

Vite Coupon <= 1.0.7 – Cross-Site Request Forgery to Remote Code Execution

8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2025-32642
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Vite Coupon
Researcher
More Details >

WP Remote Thumbnail <= 1.3.1 – Authenticated (Contributor+) Arbitrary File Upload

8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2025-32140
Patch Status
Unpatched
Published
Apr 8, 2025
Affected Software
WP Remote Thumbnail
Researcher
More Details >

WP shop <= 2.6.0 – Cross-Site Request Forgery to Arbitrary File Upload

8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2025-32576
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
WPshop 2 – E-Commerce
Researcher
More Details >

WP Subscription Forms <= 1.2.4 – Authenticated (Contributor+) Local File Inclusion

8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2025-32692
Patch Status
Patched
Published
Apr 9, 2025
Affected Software
WP Subscription Forms – Subscription Form Plugin for WordPress
Researcher
More Details >

WP User Profiles <= 2.6.2 – Authenticated (Subscriber+) Privilege Escalation

8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2025-31524
Patch Status
Unpatched
Published
Apr 8, 2025
Affected Software
WP User Profiles
Researcher
More Details >

WPC Admin Columns 2.0.6 – 2.1.0 – Authenticated (Subscriber+) Privilege Escalation via User Meta Update

8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2025-3418
Patch Status
Patched
Published
Apr 11, 2025
Affected Software
WPC Admin Columns
Researcher
More Details >

WpEvently <= 4.3.6 – Authenticated (Contributor+) PHP Object Injection

8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2025-32145
Patch Status
Unpatched
Published
Apr 8, 2025
Affected Software
Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin
Researcher
More Details >

WPFront User Role Editor <= 4.2.1 – Cross-Site Request Forgery to Privilege Escalation via whitelist_options Function

8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2025-3064
Patch Status
Patched
Published
Apr 7, 2025
Affected Software
WPFront User Role Editor
Researchers
More Details >

WPJobBoard < 5.11.1 – Cross-Site Request Forgery to Remote Code Execution

8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2025-30967
Patch Status
Patched
Published
Apr 10, 2025
Affected Software
WP Job Board
Researcher
More Details >

WPSolr <= 24.0 – Cross-Site Request Forgery to Privilege Escalation

8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2025-31036
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
WPSolr – Local Search with AI, Hybrid or Keywords – Includes Related Posts Widgets
Researcher
More Details >

Nomupay Payment Processing Gateway <= 7.1.5 – Authenticated (Subscriber+) Arbitrary File Download

8.1
CVSS Rating
High (8.1)
CVE-ID
CVE-2025-32209
Patch Status
Patched
Published
Apr 7, 2025
Affected Software
Total processing card payments for WooCommerce
Researcher
More Details >

SureTriggers <= 1.0.78 – Authorization Bypass due to Missing Empty Value Check to Unauthenticated Administrative User Creation

8.1
CVSS Rating
High (8.1)
CVE-ID
CVE-2025-3102
Patch Status
Patched
Published
Apr 9, 2025
Affected Software
OttoKit: All-in-One Automation Platform (Formerly SureTriggers)
Researcher
More Details >

Bulk Product Sync <= 8.6 – Unauthenticated SQL Injection

7.5
CVSS Rating
High (7.5)
CVE-ID
CVE-2025-31599
Patch Status
Unpatched
Published
Apr 8, 2025
Affected Software
Bulk Product Sync – Bulk Product Editor for WooCommerce with Google Sheets™
Researcher
More Details >

Click & Pledge Connect Plugin <= 2.24080000-WP6.6.1 – Unauthenticated SQL Injection

7.5
CVSS Rating
High (7.5)
CVE-ID
CVE-2025-32550
Patch Status
Patched
Published
Apr 9, 2025
Affected Software
Click & Pledge Connect Plugin
Researcher
More Details >

Neon Product Designer <= 2.1.1 – Unauthenticated SQL Injection

7.5
CVSS Rating
High (7.5)
CVE-ID
CVE-2025-32565
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Neon Product Designer
Researcher
More Details >

Print Science Designer <= 1.3.155 – Unauthenticated Arbitrary File Download

7.5
CVSS Rating
High (7.5)
CVE-ID
CVE-2025-32671
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Print Science Designer
Researcher
More Details >

WP Online Users Stats <= 1.0.0 – Unauthenticated SQL Injection

7.5
CVSS Rating
High (7.5)
CVE-ID
CVE-2025-32603
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
WP Online Users Stats
Researcher
More Details >

WPSmartContracts <= 2.0.10 – Unauthenticated SQL Injection

7.5
CVSS Rating
High (7.5)
CVE-ID
CVE-2025-31565
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
WPSmartContracts
Researcher
More Details >

ZoomSounds – WordPress Wave Audio Player with Playlist <= 6.91 – Unauthenticated Arbitrary File Download

7.5
CVSS Rating
High (7.5)
CVE-ID
CVE-2025-3431
Patch Status
Unpatched
Published
Apr 7, 2025
Affected Software
ZoomSounds – WordPress Wave Audio Player with Playlist
Researcher
More Details >

azurecurve Shortcodes in Comments <= 2.0.2 – Unauthenticated Arbitrary Shortcode Execution

7.3
CVSS Rating
High (7.3)
CVE-ID
CVE-2025-2809
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
azurecurve Shortcodes in Comments
Researcher
More Details >

ORDER POST <= 2.0.2 – Unauthenticated Arbitrary Shortcode Execution

7.3
CVSS Rating
High (7.3)
CVE-ID
CVE-2025-2805
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
ORDER POST
Researcher
More Details >

Canonical Attachments <= 1.7 – Unauthenticated Stored Cross-Site Scripting

7.2
CVSS Rating
High (7.2)
CVE-ID
CVE-2025-32543
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Canonical Attachments
Researcher
More Details >

IndieBlocks <= 0.13.1 – Unauthenticated Server-Side Request Forgery

7.2
CVSS Rating
High (7.2)
CVE-ID
CVE-2025-31009
Patch Status
Patched
Published
Apr 9, 2025
Affected Software
IndieBlocks
Researcher
More Details >

Insert or Embed Articulate Content into WordPress <= 4.3000000025 – Authenticated (Editor+) Arbitrary File Upload

7.2
CVSS Rating
High (7.2)
CVE-ID
CVE-2025-32202
Patch Status
Unpatched
Published
Apr 8, 2025
Affected Software
Insert or Embed Articulate Content into WordPress
Researcher
More Details >

Linet ERP-Woocommerce Integration <= 3.5.12 – Authenticated (Admin+) Arbitrary File Read & Deletion

7.2
CVSS Rating
High (7.2)
CVE-ID
CVE-2025-31411
Patch Status
Unpatched
Published
Apr 10, 2025
Affected Software
Linet ERP-Woocommerce Integration Plugin
Researcher
More Details >

Photography <= 7.5.2 – Unauthenticated Server-Side Request Forgery

7.2
CVSS Rating
High (7.2)
CVE-ID
CVE-2025-30964
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
photography
Researcher
More Details >

Processing Projects <= 1.0.2 – Authenticated (Shop Manager+) Arbitrary File Upload

7.2
CVSS Rating
High (7.2)
CVE-ID
CVE-2025-32206
Patch Status
Unpatched
Published
Apr 8, 2025
Affected Software
Processing Projects
Researcher
More Details >

SMTP for Amazon SES – YaySMTP <= 1.8 – Unauthenticated Stored Cross-Site Scripting via Email Logs

7.2
CVSS Rating
High (7.2)
CVE-ID
CVE-2025-3434
Patch Status
Patched
Published
Apr 10, 2025
Affected Software
SMTP for Amazon SES – YaySMTP
Researcher
More Details >

Squeeze <= 1.6 – Authenticated (Admin+) Arbitrary File Upload

7.2
CVSS Rating
High (7.2)
CVE-ID
CVE-2025-31002
Patch Status
Patched
Published
Apr 9, 2025
Affected Software
Squeeze – Image Optimization & Compression, WebP Conversion
Researcher
More Details >

Accessibility Suite by Online ADA <= 4.18 – Authenticated (Subscriber+) SQL Injection

6.5
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-32650
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Accessibility Suite by Ability, Inc
Researcher
More Details >

coreActivity: Activity Logging for WordPress <= 2.7 – Authenticated (Subscriber+) SQL Injection

6.5
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-3436
Patch Status
Patched
Published
Apr 7, 2025
Affected Software
coreActivity: Activity Logging for WordPress
Researcher
More Details >

Cost Calculator Builder <= 3.2.67 – Authenticated (Subscriber+) SQL Injection via order_ids Parameter

6.5
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-2128
Patch Status
Patched
Published
Apr 10, 2025
Affected Software
Cost Calculator Builder
Researcher
More Details >

Duplicate Title Checker <= 1.2 – Authenticated (Subscriber+) SQL Injection

6.5
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-32558
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Duplicate Title Checker
Researcher
More Details >

Easy Post Duplicator <= 1.0.1 – Authenticated (Subscriber+) SQL Injection

6.5
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-32567
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Easy Post Duplicator
Researcher
More Details >

Error Log Viewer <= 1.0.5 – Authenticated (Subscriber+) SQL Injection

6.5
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-32681
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Error Log Viewer By WP Guru
Researcher
More Details >

Review Stars Count For WooCommerce <= 2.0 – Authenticated (Subscriber+) SQL Injection

6.5
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-32687
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Review Stars Count For WooCommerce
Researcher
More Details >

Swatchly – WooCommerce Variation Swatches for Products (product attributes: Image swatch, Color swatches, Label swatches) 1.2.8 – 1.4.0 – Missing Authorization to Authenticated (Subscriber+) Limited Options Update

6.5
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-2719
Patch Status
Patched
Published
Apr 9, 2025
Affected Software
Swatchly – WooCommerce Variation Swatches for Products (product attributes: Image swatch, Color swatches, Label swatches)
Researcher
More Details >

Wishlist <= 1.0.44 – Authenticated (Subscriber+) SQL Injection

6.5
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2025-32618
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Wishlist
Researcher
More Details >

AAWEP Obfuscator <= 1.0 – Authenticated (Author+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-3432
Patch Status
Unpatched
Published
Apr 7, 2025
Affected Software
AAWP Obfuscator
Researcher
More Details >

Additional Custom Product Tabs for WooCommerce <= 1.7.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-26749
Patch Status
Patched
Published
Apr 11, 2025
Affected Software
Additional Custom Product Tabs for WooCommerce
Researcher
More Details >

Broadstreet <= 1.51.2 – Authenticated (Subscriber+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-32211
Patch Status
Unpatched
Published
Apr 7, 2025
Affected Software
Broadstreet
Researcher
More Details >

C9 Blocks <= 1.7.7 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-26951
Patch Status
Unpatched
Published
Apr 10, 2025
Affected Software
C9 Blocks
Researcher
Gab
More Details >

DSGVO Youtube <= 1.5.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-26982
Patch Status
Patched
Published
Apr 11, 2025
Affected Software
DSGVO Youtube
Researcher
More Details >

Hive Support <= 1.2.2 – Authenticated (Subscriber+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-32214
Patch Status
Unpatched
Published
Apr 8, 2025
Affected Software
Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress
Researcher
More Details >

JetBlog <= 2.4.3 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-26744
Patch Status
Patched
Published
Apr 11, 2025
Affected Software
JetBlog for Elementor
Researcher
More Details >

JetEngine <= 3.6.4.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-26870
Patch Status
Patched
Published
Apr 11, 2025
Affected Software
JetEngine
Researcher
More Details >

MapSVG Lite <= 8.5.34 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-32683
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
MapSVG – Vector maps, Image maps, Google Maps
Researcher
More Details >

Nav Menu Manager <= 3.2.5 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31017
Patch Status
Patched
Published
Apr 9, 2025
Affected Software
Nav Menu Manager
Researcher
More Details >

Nepali Date Converter <= 2.0.8 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-26950
Patch Status
Patched
Published
Apr 11, 2025
Affected Software
Nepali Date Converter
Researcher
More Details >

Payment Forms for Paystack <= 4.0.2 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-10894
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Payment Forms for Paystack
Researcher
More Details >

PowerPress Podcasting <= 11.12.5 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-32690
Patch Status
Patched
Published
Apr 9, 2025
Affected Software
PowerPress Podcasting plugin by Blubrry
Researcher
More Details >

Real Testimonials <= 3.1.6 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-22269
Patch Status
Patched
Published
Apr 11, 2025
Affected Software
Real Testimonials – Testimonial Slider, Carousel, Grid | Collect Customer Reviews and Video Testimonial with Testimonial Form | Social Proof Reviews and Review Slider
Researcher
More Details >

Royal Elementor Addons and Templates <= 1.7.1012 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-1455
Patch Status
Patched
Published
Apr 11, 2025
Affected Software
Royal Elementor Addons and Templates
Researcher
More Details >

Royal Elementor Addons and Templates <= 1.7.1012 – Authenticated DOM-Based (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-1456
Patch Status
Patched
Published
Apr 11, 2025
Affected Software
Royal Elementor Addons and Templates
Researcher
More Details >

RS Elements Elementor Addon <= 1.1.5 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-26745
Patch Status
Unpatched
Published
Apr 10, 2025
Affected Software
RS Elements Elementor Addon
Researcher
Gab
More Details >

Simple Spoiler <= 1.4 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-31020
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Simple Spoiler
Researcher
More Details >

SKT Blocks – Gutenberg based Page Builder <= 1.8 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-26998
Patch Status
Patched
Published
Apr 11, 2025
Affected Software
SKT Blocks – Gutenberg based Page Builder
Researcher
More Details >

SKT Blocks – Gutenberg based Page Builder <= 1.9 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-3276
Patch Status
Patched
Published
Apr 11, 2025
Affected Software
SKT Blocks – Gutenberg based Page Builder
Researcher
More Details >

SKT Skill Bar <= 2.3 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-26880
Patch Status
Patched
Published
Apr 11, 2025
Affected Software
SKT Skill Bar
Researcher
More Details >

SpaBiz <= 1.0.18 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-26740
Patch Status
Unpatched
Published
Apr 11, 2025
Affected Software
SpaBiz
Researcher
More Details >

Uncanny Toolkit for LearnDash <= 3.7.0.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-22268
Patch Status
Patched
Published
Apr 11, 2025
Affected Software
Uncanny Toolkit for LearnDash
Researcher
More Details >

Waymark <= 1.5.2 – Authenticated (Contributor+) Server-Side Request Forgery

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-32487
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Waymark
Researcher
More Details >

Waymark <= 1.5.2 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-32495
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Waymark
Researcher
More Details >

WP Delete User Accounts <= 1.2.3 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-26906
Patch Status
Patched
Published
Apr 11, 2025
Affected Software
WP Delete User Accounts
Researcher
More Details >

WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts <= 2.6.22 – Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Upload

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-3100
Patch Status
Patched
Published
Apr 8, 2025
Affected Software
WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts
Researcher
More Details >

WP Project Manager <= 2.6.22 – Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-2541
Patch Status
Patched
Published
Apr 10, 2025
Affected Software
WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts
Researcher
More Details >

Z Companion <= 1.1.1 – Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2025-2575
Patch Status
Patched
Published
Apr 10, 2025
Affected Software
Z Companion
Researcher
More Details >

5sterrenspecialist <= 1.3 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32114
Patch Status
Unpatched
Published
Apr 7, 2025
Affected Software
5sterrenspecialist
Researcher
More Details >

ABA PayWay Payment Gateway for WooCommerce <= 2.1.4 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32586
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
ABA PayWay Payment Gateway for WooCommerce
Researcher
More Details >

Activity Reactions For Buddypress <= 1.0.22 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31006
Patch Status
Unpatched
Published
Apr 10, 2025
Affected Software
Activity Reactions For Buddypress
Researcher
More Details >

Advance WP Query Search Filter <= 1.0.10 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-26743
Patch Status
Unpatched
Published
Apr 11, 2025
Affected Software
Advance WP Query Search Filter
Researcher
More Details >

Advanced Advertising System <= 1.3.1 – Open Redirect

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-3433
Patch Status
Unpatched
Published
Apr 7, 2025
Affected Software
Advanced Advertising System
Researcher
More Details >

Advanced Custom Fields: Link Picker Field <= 1.2.8 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-26746
Patch Status
Unpatched
Published
Apr 11, 2025
Affected Software
Advanced Custom Fields: Link Picker Field
Researcher
More Details >

Advanced Tag Lists <= 1.2 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32476
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Advanced Tag Lists
Researcher
More Details >

AF Tell a Friend <= 1.4 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31404
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
AF Tell a Friend
Researcher
More Details >

Affiliate Links Lite <= 3.1.0 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32639
Patch Status
Unpatched
Published
Apr 10, 2025
Affected Software
Affiliate Links: WordPress Plugin for Link Cloaking and Link Management
Researcher
More Details >

ALD Login Page <= 1.1 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32518
Patch Status
Patched
Published
Apr 9, 2025
Affected Software
ALD Login Page
Researcher
More Details >

Arconix FAQ <= 1.9.5 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32531
Patch Status
Unpatched
Published
Apr 10, 2025
Affected Software
Arconix FAQ
Researcher
More Details >

AT Internet SmartTag <= 0.2 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32506
Patch Status
Unpatched
Published
Apr 10, 2025
Affected Software
AT Internet SmartTag
Researcher
More Details >

Automatic Ban IP <= 1.0.7 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32632
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Automatic Ban IP
Researcher
More Details >

AWSA Shipping <= 1.3.0 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32604
Patch Status
Unpatched
Published
Apr 10, 2025
Affected Software
AWSA Shipping – Advanced Shipping for Woocommerce and Dokan
Researcher
More Details >

Cart66 Cloud <= 2.3.7 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32653
Patch Status
Unpatched
Published
Apr 10, 2025
Affected Software
Cart66 Cloud :: WordPress Ecommerce The Easy Way
Researcher
More Details >

CG Scroll To Top <= 3.5 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31399
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
CG Scroll To Top
Researcher
More Details >

ChillPay WooCommerce <= 2.5.3 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32570
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
ChillPay WooCommerce
Researcher
More Details >

Clinked Client Portal <= 1.10 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32615
Patch Status
Unpatched
Published
Apr 10, 2025
Affected Software
Clinked Client Portal
Researcher
More Details >

Codescar Radio Widget <= 0.4.2 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32500
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Codescar Radio Widget
Researcher
More Details >

Coming Soon Countdown <= 2.2 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32578
Patch Status
Unpatched
Published
Apr 10, 2025
Affected Software
Coming Soon Countdown
Researcher
More Details >

Comment Validation Reloaded <= 0.5 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31026
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Comment Validation Reloaded
Researcher
More Details >

Connector to CiviCRM with CiviMcRestFace <= 1.0.9 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32551
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Connector to CiviCRM with CiviMcRestFace
Researcher
More Details >

Cool Flipbox – Shortcode & Gutenberg Block <= 1.8.3 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32521
Patch Status
Unpatched
Published
Apr 10, 2025
Affected Software
Cool Flipbox – Shortcode & Gutenberg Block
Researcher
More Details >

Credova_Financial <= 2.4.8 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32588
Patch Status
Unpatched
Published
Apr 10, 2025
Affected Software
Credova Financial
Researcher
More Details >

Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32584
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Chat2
Researcher
More Details >

Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32482
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Custom Smilies
Researcher
More Details >

Crowdfunding for WooCommerce <= 3.1.12 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32628
Patch Status
Patched
Published
Apr 10, 2025
Affected Software
Crowdfunding for WooCommerce
Researcher
More Details >

Custom Posts Order <= 4.4 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32645
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Custom Posts Order
Researcher
More Details >

Czater.pl – live chat i telefon <= 1.0.5 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32624
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Czater.pl – live chat i telefon
Researcher
More Details >

DeBounce Email Validator <= 5.7.1 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32580
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
DeBounce Email Validator
Researcher
More Details >

Deliver via Shipos for WooCommerce <= 2.1.7 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32533
Patch Status
Patched
Published
Apr 10, 2025
Affected Software
Deliver via Shipos for WooCommerce
Researcher
More Details >

DN Shipping by Weight for WooCommerce <= 1.2 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32535
Patch Status
Patched
Published
Apr 10, 2025
Affected Software
Shipping by Weight for WooCommerce
Researcher
More Details >

Doppler Forms <= 2.4.5 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32667
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Doppler Forms
Researcher
More Details >

Easy Custom CSS <= 1.0 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31395
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Easy custom css by webriti
Researcher
More Details >

Easy Post Duplicator <= 1.0.1 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32538
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Easy Post Duplicator
Researcher
More Details >

ePaper Lister for Yumpu <= 1.4.0 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32502
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
ePaper Lister for Yumpu
Researcher
More Details >

Epeken All Kurir <= 1.4.6.2 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32673
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Epeken All Kurir Plugin for Woocommerce Full Version
Researcher
More Details >

Everest Forms <= 3.1.1 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-3421
Patch Status
Patched
Published
Apr 10, 2025
Affected Software
Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress
Researcher
More Details >

FireDrum Email Marketing <= 1.64 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31018
Patch Status
Unpatched
Published
Apr 10, 2025
Affected Software
FireDrum Email Marketing
Researcher
More Details >

Flags Widget <= 1.0.7 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32479
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Flags Widget
Researcher
More Details >

Foliopress WYSIWYG <= 2.6.18 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32610
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Foliopress WYSIWYG
Researcher
More Details >

FraudLabs Pro for WooCommerce <= 2.22.7 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32659
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
FraudLabs Pro for WooCommerce
Researcher
More Details >

FrescoChat Live Chat <= 3.2.6 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31383
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
FrescoChat Live Chat
Researcher
More Details >

FS Poster <= 6.5.8 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-30962
Patch Status
Unpatched
Published
Apr 10, 2025
Affected Software
FS Poster – WordPress Social media Auto Poster & Scheduler [Facebook, Instagram, Twitter, Pinterest]
Researcher
More Details >

GB Gallery Slideshow <= 1.3 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32649
Patch Status
Unpatched
Published
Apr 10, 2025
Affected Software
GB Gallery Slideshow
Researcher
More Details >

Global Gallery <= 8.8.0 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-22263
Patch Status
Unpatched
Published
Apr 7, 2025
Affected Software
Global Gallery – WordPress Responsive Gallery
Researcher
More Details >

Hamburger Icon Menu Lite <= 1.0 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32548
Patch Status
Unpatched
Published
Apr 10, 2025
Affected Software
Hamburger Icon Menu Lite
Researcher
More Details >

HTML5 Video Player with Playlist <= 2.50 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32536
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
HTML5 Video Player with Playlist
Researcher
More Details >

iCal Feeds <= 1.5.3 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32528
Patch Status
Unpatched
Published
Apr 10, 2025
Affected Software
iCal Feeds
Researcher
More Details >

Insert HTML Here <= 1.0 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31379
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Insert HTML Here
Researcher
More Details >

Interactive Geo Maps <= 1.6.24 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32525
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
MapGeo – Interactive Geo Maps
Researcher
More Details >

Interactive US Map <= 2.7 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32661
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Interactive US Map
Researcher
More Details >

iONE360 configurator <= 2.0.56 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32529
Patch Status
Unpatched
Published
Apr 10, 2025
Affected Software
iONE360 configurator
Researcher(s): Unknown
More Details >

IP2Location World Clock <= 1.1.9 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32644
Patch Status
Patched
Published
Apr 9, 2025
Affected Software
IP2Location World Clock
Researcher
More Details >

KeyCAPTCHA <= 2.5.1 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32619
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
KeyCAPTCHA – Social WordPress CAPTCHA
Researcher
More Details >

Language Field <= 0.9 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31382
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Language Field
Researcher
More Details >

License For Envato <= 1.0.0 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32566
Patch Status
Unpatched
Published
Apr 10, 2025
Affected Software
License For Envato
Researcher
More Details >

License Manager for WooCommerce <= 3.0.9 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32522
Patch Status
Patched
Published
Apr 10, 2025
Affected Software
License Manager for WooCommerce
Researcher
More Details >

Link Shield <= 0.5.4 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32503
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Link Shield
Researcher
More Details >

Listings for Buildium <= 0.1.4 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32606
Patch Status
Unpatched
Published
Apr 11, 2025
Affected Software
Listings for Buildium
Researcher
More Details >

Lock Your Updates <= 1.1 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32537
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Lock Your Updates Plugins/Themes Manager
Researcher
More Details >

Make Email Customizer for WooCommerce <= 1.0.5 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32511
Patch Status
Unpatched
Published
Apr 10, 2025
Affected Software
Make Email Customizer for WooCommerce
Researcher
More Details >

Mergado Pack <= 4.1.1 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32669
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Mergado Pack
Researcher
More Details >

MMX – Make Me Christmas <= 1.0.0 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31401
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
MMX – Make Me Christmas
Researcher
More Details >

Mobile Pages <= 1.0.2 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32625
Patch Status
Unpatched
Published
Apr 11, 2025
Affected Software
Mobile Blocks
Researcher
More Details >

Mobile Smart <= v1.3.16 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31021
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Mobile Smart
Researcher
More Details >

More Mime Type Filters <= 0.3 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31394
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
More Mime Type Filters
Researcher
More Details >

MSRP (RRP) Pricing for WooCommerce <= 1.8.1 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32552
Patch Status
Patched
Published
Apr 10, 2025
Affected Software
MSRP (RRP) Pricing for WooCommerce
Researcher
More Details >

MultiMailer <= 1.0.3 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32505
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
MultiMailer
Researcher
More Details >

MultiMailer <= 1.0.3 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32517
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
MultiMailer
Researcher
More Details >

Multiple Location Google Map <= 1.1 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32617
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Multiple Location Google Map
Researcher
More Details >

MyWorks WooCommerce Sync for QuickBooks Online <= 2.9.1 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32524
Patch Status
Patched
Published
Apr 9, 2025
Affected Software
WooCommerce Sync for QuickBooks Online – by MyWorks
Researcher
More Details >

Nepali Date Utilities <= 1.0.13 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32664
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Nepali Date Utilities
Researcher
More Details >

NewsBoard Post and RSS Scroller <= 1.2.12 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31402
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
NewsBoard Post and RSS Scroller
Researcher
More Details >

Nimbata Call Tracking <= 1.7.2 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32616
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Nimbata Call Tracking
Researcher
More Details >

Nino Social Connect <= 2.0 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32481
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Nino Social Connect
Researcher
More Details >

Oppso Unit Converter <= 1.1.1 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31378
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Oppso Unit Converter
Researcher
More Details >

Pagopar – WooCommerce Gateway <= 2.7.1 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31032
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Pagopar – WooCommerce Gateway
Researcher
More Details >

Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.34 Reflected Cross-Site Scripting via ‘image_id’ Parameter

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-2269
Patch Status
Patched
Published
Apr 11, 2025
Affected Software
Photo Gallery by 10Web – Mobile-Friendly Image Gallery
Researcher
More Details >

PlainInventory <= 3.1.9 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32623
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
PlainInventory – Inventory Management Plugin
Researcher
More Details >

Popping Content Light <= 2.4 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32115
Patch Status
Unpatched
Published
Apr 7, 2025
Affected Software
Popping Content Light
Researcher
More Details >

Product Excel Import Export & Bulk Edit for WooCommerce <= 4.7 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32674
Patch Status
Unpatched
Published
Apr 10, 2025
Affected Software
Product Excel Import Export & Bulk Edit for WooCommerce
Researcher
More Details >

QR Master <= 1.0.5 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32116
Patch Status
Unpatched
Published
Apr 7, 2025
Affected Software
QR Master
Researcher
More Details >

Question Answer <= 1.2.70 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32646
Patch Status
Unpatched
Published
Apr 10, 2025
Affected Software
Question Answer
Researcher
More Details >

Raptive Ads <= 3.7.3 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32554
Patch Status
Unpatched
Published
Apr 10, 2025
Affected Software
Raptive Ads
Researcher
More Details >

Related Videos for JW Player <= 1.2.0 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32516
Patch Status
Unpatched
Published
Apr 10, 2025
Affected Software
Related Videos for JW Player
Researcher
More Details >

RentSyst <= 2.0.72 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32501
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
RentSyst – CRM solution for fleet management
Researcher
More Details >

Restrict User Registration <= 1.0.1 Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32655
Patch Status
Unpatched
Published
Apr 10, 2025
Affected Software
Restrict User Registration
Researcher
More Details >

RestroPress <= 3.1.8.4 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32553
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
RestroPress – Online Food Ordering System
Researcher
More Details >

Revamp CRM for WooCommerce <= 1.1.2 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32512
Patch Status
Unpatched
Published
Apr 10, 2025
Affected Software
Revamp CRM for WooCommerce
Researcher
More Details >

REVE Chat <= 6.2.2 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32559
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
REVE Chat – AI-powered Chatbot & Live Chat Plugin for WordPress
Researcher
More Details >

Scheduled <= 1.0 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31375
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Scheduled
Researcher
More Details >

Script Compressor <= 1.7.1 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31391
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Script Compressor
Researcher
More Details >

SEO, Nutrition and Print for Recipes by Edamam <= 3.3 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32555
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
SEO, Nutrition and Print for Recipes by Edamam
Researcher
More Details >

SERPed.net <= 4.6 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32651
Patch Status
Unpatched
Published
Apr 10, 2025
Affected Software
SERPed.net
Researcher
More Details >

Silvasoft boekhouden <= 3.0.5 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32504
Patch Status
Unpatched
Published
Apr 10, 2025
Affected Software
Silvasoft boekhouden
Researcher
More Details >

Simple Post Meta Manager <= 1.0.9 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32556
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Simple Post Meta Manager
Researcher
More Details >

Site Table of Contents <= 0.3 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31385
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Site Table of Contents
Researcher
More Details >

Smart Product Gallery Slider <= 1.0.4 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31392
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Smart Product Gallery Slider
Researcher
More Details >

Social Bookmarking RELOADED <= 3.18 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31393
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Social Bookmarking RELOADED
Researcher
More Details >

Social Crowd <= 0.9.6.1 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31390
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Social Crowd
Researcher
More Details >

Spark GF Failed Submissions <= 1.3.5 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32670
Patch Status
Unpatched
Published
Apr 10, 2025
Affected Software
Spark GF Failed Submissions
Researcher
More Details >

Spoiler Block <= 1.7 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32497
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Spoiler Block
Researcher
More Details >

Stop Registration Spam <= 1.24 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32564
Patch Status
Unpatched
Published
Apr 10, 2025
Affected Software
Stop Registration Spam
Researcher
More Details >

Task Scheduler <= 1.6.3 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32599
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Task Scheduler
Researcher
More Details >

Terminal Africa <= 1.13.17 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32515
Patch Status
Unpatched
Published
Apr 10, 2025
Affected Software
Terminal Africa
Researcher
More Details >

The World <= 0.4 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31388
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
The World
Researcher
More Details >

Tournamatch <= 4.6.1 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32600
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Tournamatch
Researcher
More Details >

Twispay Credit Card Payments <= 2.1.2 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32601
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Twispay Credit Card Payments
Researcher
More Details >

Ultimate WP Mail <= 1.3.3 – Open Redirect

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32694
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Ultimate WP Mail
Researcher
More Details >

User Session Synchronizer <= 1.4.0 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32612
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
User Session Synchronizer
Researcher
More Details >

UXsniff <= 1.2.4 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32532
Patch Status
Unpatched
Published
Apr 10, 2025
Affected Software
UXsniff AI-powered Heatmaps and Session Recordings
Researcher
More Details >

Vice Versa <= 2.2.3 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-27350
Patch Status
Unpatched
Published
Apr 10, 2025
Affected Software
Vice Versa
Researcher
More Details >

VKontakte Cross-Post <= 0.3.2 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32498
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
VKontakte Cross-Post
Researcher
More Details >

Wallet System for WooCommerce <= 2.6.5 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32530
Patch Status
Unpatched
Published
Apr 10, 2025
Affected Software
Wallet System for WooCommerce
Researcher
More Details >

Web2application <= 5.6 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32590
Patch Status
Unpatched
Published
Apr 10, 2025
Affected Software
Web2application Convert your website to android and IOS apps with push notifications , web push , free ajax products search for woocommerce and many more advanced features
Researcher
More Details >

WebinarPress <= 1.33.27 – Open Redirect

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32693
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
WordPress Webinar Plugin – WebinarPress
Researcher
More Details >

Widgetize Pages Light <= 3.0 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32117
Patch Status
Unpatched
Published
Apr 7, 2025
Affected Software
Widgetize Pages Light
Researcher
More Details >

Windows Live Writer <= 0.1 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32480
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Windows Live Writer
Researcher
More Details >

Wireless Butler <= 1.0.11 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-26997
Patch Status
Unpatched
Published
Apr 11, 2025
Affected Software
wireless-butler
Researcher
More Details >

WooCommerce – Payphone Gateway <= 3.2.0 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32523
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
WooCommerce – Payphone Gateway
Researcher
More Details >

WooCommerce – Store Exporter <= 2.7.4 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32539
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Store Exporter – Export WooCommerce Products, Orders, Subscriptions, Customers
Researcher
More Details >

WooCommerce Estimate and Quote <= 1.0.2.5 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32514
Patch Status
Unpatched
Published
Apr 10, 2025
Affected Software
WooCommerce Estimate and Quote – Live Product Cost Estimation and Quotation system for WordPress
Researcher
More Details >

WooCommerce Sales MIS Report <= 4.0.3 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32541
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
WooCommerce Sales MIS Report
Researcher
More Details >

WooCommerce TBC Credit Card Payment Gateway (Free) <= 2.0.0 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32611
Patch Status
Unpatched
Published
Apr 10, 2025
Affected Software
WooCommerce TBC Credit Card Payment Gateway (Free)
Researcher
More Details >

WordPress Events Calendar Plugin – connectDaily <= 1.4.8 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32597
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
WordPress Events Calendar Plugin – connectDaily
Researcher
More Details >

WordPress Health and Server Condition – Integrated with Google Page Speed <= 4.1.1 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32520
Patch Status
Unpatched
Published
Apr 10, 2025
Affected Software
WordPress Health and Server Condition – Integrated with Google Page Speed
Researcher
More Details >

WordPress Spam Blocker <= 2.0.4 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32581
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
WordPress Spam Blocker | Stop Spam for Contact Form 7, WP Forms and Formidable Forms
Researcher
More Details >

Workbox Video from Vimeo & Youtube <= 3.2.2 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32534
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Workbox Video from Vimeo & Youtube Plugin
Researcher
More Details >

WP Abstracts <= 2.7.4 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32591
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
WP Abstracts
Researcher
More Details >

WP AutoKeyword <= 1.0 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32582
Patch Status
Unpatched
Published
Apr 10, 2025
Affected Software
WP AutoKeyword
Researcher
More Details >

WP Calais Auto Tagger <= 2.0 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32563
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
WP Calais Auto Tagger
Researcher
More Details >

WP Easy Poll <= 2.2.9 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32562
Patch Status
Unpatched
Published
Apr 11, 2025
Affected Software
WP Easy Poll
Researcher
More Details >

WP Featured Screenshot <= 1.3 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32557
Patch Status
Unpatched
Published
Apr 11, 2025
Affected Software
WP Featured Screenshot
Researcher
More Details >

WP Hide Categories <= 1.0 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31028
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
WP Hide Categories
Researcher
More Details >

WP Map Route Planner <= 1.0.0 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32621
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
WP Map Route Planner
Researcher
More Details >

wp secure <= 1.2 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32490
Patch Status
Unpatched
Published
Apr 10, 2025
Affected Software
wp secure
Researcher
More Details >

WP SexyLightBox <= 0.5.3 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32478
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
WP SexyLightBox
Researcher
More Details >

WP Table Builder <= 2.0.4 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32598
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
WP Table Builder – WordPress Table Plugin
Researcher
More Details >

WP w3all phpBB <= 2.9.2 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32575
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
WP w3all phpBB
Researcher
More Details >

WP-BusinessDirectory <= 3.1.2 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32630
Patch Status
Unpatched
Published
Apr 10, 2025
Affected Software
WP-BusinessDirectory – Business directory plugin for WordPress
Researcher
More Details >

WP-Easy Menu <= 0.41 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32477
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
WP-Easy Menu
Researcher
More Details >

WP-Hijri <= 1.5.3 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32560
Patch Status
Unpatched
Published
Apr 10, 2025
Affected Software
WP-Hijri
Researcher
More Details >

WP-Planification <= 2.3.1 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32484
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
WP-Planification – WP-Planning
Researcher
More Details >

WS Audio Player <= 1.1.8 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-31400
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
WS Audio Player
Researcher
More Details >

Zephyr Project Manager <= 3.3.101 – Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2025-32526
Patch Status
Patched
Published
Apr 10, 2025
Affected Software
Zephyr Project Manager
Researcher
More Details >

Royal Elementor Addons <= 1.7.1006 – Authenticated (Admin+) Server Side Request Forgery

5.5
CVSS Rating
Medium (5.5)
CVE-ID
CVE-2025-26990
Patch Status
Patched
Published
Apr 11, 2025
Affected Software
Royal Elementor Addons and Templates
Researcher
More Details >

SEO Help <= 6.6.1 – Authenticated (Admin+) Server-Side Request Forgery

5.5
CVSS Rating
Medium (5.5)
CVE-ID
CVE-2025-32675
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
AI Content Writer, Autoblogging, Youtube Subtitle to Article – SEO Help
Researcher
More Details >

Everest Forms <= 3.1.1 – Authenticated (Subscriber+) Arbitrary Shortcode Execution

5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2025-3422
Patch Status
Patched
Published
Apr 10, 2025
Affected Software
Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress
Researcher
More Details >

Motors – Car Dealership & Classified Listings Plugin <= 1.4.63 – Authenticated (Subscriber+) Stored Cross-Site Scripting

5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2025-2808
Patch Status
Unpatched
Published
Apr 7, 2025
Affected Software
Motors – Car Dealership & Classified Listings Plugin
Researcher
More Details >

PowerPress Podcasting <= 11.12.6 – Authenticated (Contributor+) Server-Side Request Forgery

5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2025-32691
Patch Status
Patched
Published
Apr 9, 2025
Affected Software
PowerPress Podcasting plugin by Blubrry
Researcher
More Details >

Accept SagePay Payments Using Contact Form 7 <= 2.0 – Unauthenticated Information Exposure

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-2883
Patch Status
Patched
Published
Apr 7, 2025
Affected Software
Accept SagePay Payments Using Contact Form 7
Researcher
More Details >

Add Product Frontend for WooCommerce <= 1.0.6 – Missing Authorization to Unauthenticated Arbitrary Content Deletion

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-32593
Patch Status
Unpatched
Published
Apr 11, 2025
Affected Software
Add Product Frontend for WooCommerce
Researcher
More Details >

Age Gate <= 3.5.4 – Missing Authorization

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-31012
Patch Status
Patched
Published
Apr 9, 2025
Affected Software
Age Gate
Researcher
More Details >

AnyTrack Affiliate Link Manager <= 1.0.4 – Missing Authorization

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-31041
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
AnyTrack Affiliate Link Manager
Researcher
More Details >

Bulk <= 1.0.11 – Missing Authorization

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-26867
Patch Status
Unpatched
Published
Apr 11, 2025
Affected Software
Bulk
Researcher
More Details >

Cart66 Cloud <= 2.3.7 – Unauthenticated Information Exposure

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-2841
Patch Status
Unpatched
Published
Apr 11, 2025
Affected Software
Cart66 Cloud :: WordPress Ecommerce The Easy Way
Researcher
More Details >

Developer Toolbar <= 1.0.3 – Unauthenticated Information Exposure

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-2881
Patch Status
Unpatched
Published
Apr 11, 2025
Affected Software
Developer Toolbar
Researcher
More Details >

GreenPay(tm) by Green.Money 3.0.0 – 3.0.9 – Unauthenticated Information Exposure

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-2882
Patch Status
Patched
Published
Apr 7, 2025
Affected Software
GreenPay(tm) by Green.Money
Researcher
More Details >

Hive Support <= 1.2.2 – Missing Authorization

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-32242
Patch Status
Unpatched
Published
Apr 7, 2025
Affected Software
Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress
Researcher
More Details >

Internal Link Optimiser <= 5.1.2 – Missing Authorization to Unauthenticated Settings Update

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-32243
Patch Status
Patched
Published
Apr 7, 2025
Affected Software
WordPress Internal Link Optimiser
Researcher
More Details >

MelaPress Login Security and MelaPress Login Security Premium 2.1.0 – Missing Authorization to Unauthenticated Arbitrary User Deletion

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-2876
Patch Status
Patched
Published
Apr 7, 2025
Affected Software
MelaPress Login Security Premium
MelaPress Login Security
Researcher
More Details >

Melhor Envio <= 2.15.11 – Unauthenticated Sensitive Information Exposure via Hardcoded Hash

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-13820
Patch Status
Patched
Published
Apr 7, 2025
Affected Software
Melhor Envio
Researcher
More Details >

Sandwich Adsense <= 4.0.2 – Missing Authorization

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-31042
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Sandwich Adsense
Researcher
More Details >

SEO Help <= 6.6.1 – Missing Authorization

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-32244
Patch Status
Unpatched
Published
Apr 7, 2025
Affected Software
AI Content Writer, Autoblogging, Youtube Subtitle to Article – SEO Help
Researcher
More Details >

Simple WP Events <= 1.8.17 – Unauthenticated Sensitive Information Exposure

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-32594
Patch Status
Unpatched
Published
Apr 10, 2025
Affected Software
Simple WP Events
Researcher
More Details >

Site Notify <= 1.0 – Missing Authorization

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-32240
Patch Status
Unpatched
Published
Apr 8, 2025
Affected Software
Site Notify
Researcher
More Details >

Survey Maker <= 5.1.5.5 – Unauthenticated Authorization Bypass

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-32275
Patch Status
Unpatched
Published
Apr 7, 2025
Affected Software
Survey Maker
Researcher
More Details >

User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.1.3 – Insecure Direct Object Reference to Unauthenticated Membership Modification

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-3282
Patch Status
Patched
Published
Apr 11, 2025
Affected Software
User Registration & Membership – Custom Registration Form, Login Form, and User Profile
Researcher
More Details >

Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce 1.0.4 – 1.2.1 – Missing Authorization to Unauthenticated Limited Arbitrary Options Update

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-2568
Patch Status
Patched
Published
Apr 7, 2025
Affected Software
Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce
Researcher
More Details >

Webcraftic Clearfy – WordPress optimization plugin <= 2.3.1 – Cross-Site Request Forgery to Clear Cache

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-13338
Patch Status
Patched
Published
Apr 11, 2025
Affected Software
Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer
Researcher
More Details >

WooCommerce Loyal Customers <= 2.6 – Missing Authorization

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-32544
Patch Status
Unpatched
Published
Apr 11, 2025
Affected Software
WooCommerce Loyal Customers
Researcher
More Details >

WooCommerce Multilingual & Multicurrency <= 5.3.8 – Missing Authorization

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2025-26888
Patch Status
Patched
Published
Apr 9, 2025
Affected Software
WooCommerce Multilingual & Multicurrency with WPML
Researcher
More Details >

3DPrint Lite <=2.1.3.6 – Authenticated (Admin+) SQL Injection via ‘coating_text’

4.9
CVSS Rating
Medium (4.9)
CVE-ID
CVE-2025-3428
Patch Status
Patched
Published
Apr 7, 2025
Affected Software
3DPrint Lite
Researchers
More Details >

3DPrint Lite <=2.1.3.6 – Authenticated (Admin+) SQL Injection via ‘infill_text’

4.9
CVSS Rating
Medium (4.9)
CVE-ID
CVE-2025-3427
Patch Status
Patched
Published
Apr 7, 2025
Affected Software
3DPrint Lite
Researchers
More Details >

3DPrint Lite <=2.1.3.6 – Authenticated (Admin+) SQL Injection via ‘material_text’

4.9
CVSS Rating
Medium (4.9)
CVE-ID
CVE-2025-3429
Patch Status
Patched
Published
Apr 7, 2025
Affected Software
3DPrint Lite
Researchers
More Details >

3DPrint Lite <=2.1.3.6 – Authenticated (Admin+) SQL Injection via ‘printer_text’

4.9
CVSS Rating
Medium (4.9)
CVE-ID
CVE-2025-3430
Patch Status
Patched
Published
Apr 7, 2025
Affected Software
3DPrint Lite
Researchers
More Details >

Accredible Certificates & Open Badges <= 1.4.9 – Authenticated (Administrator+) SQL Injection via orderby Parameter

4.9
CVSS Rating
Medium (4.9)
CVE-ID
CVE-2024-13909
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Accredible Certificates & Open Badges
Researcher
More Details >

CardGate Payments for WooCommerce <= 3.2.1 – Authenticated (Administrator+) SQL Injection

4.9
CVSS Rating
Medium (4.9)
CVE-ID
CVE-2025-32119
Patch Status
Patched
Published
Apr 7, 2025
Affected Software
CardGate Payments for WooCommerce
Researcher
More Details >

Kargo Entegratör <= 1.1.14 – Authenticated (Shop Manager+) SQL Injection

4.9
CVSS Rating
Medium (4.9)
CVE-ID
CVE-2025-26908
Patch Status
Patched
Published
Apr 11, 2025
Affected Software
Kargo Entegratör – WooCommerce Kargo Entegrasyon Eklentisi
Researcher
More Details >

Nearby Locations <= 1.1.1 – Authenticated (Administrator+) SQL Injection

4.9
CVSS Rating
Medium (4.9)
CVE-ID
CVE-2025-32128
Patch Status
Unpatched
Published
Apr 7, 2025
Affected Software
Nearby Locations
Researcher
More Details >

Team Circle Image Slider With Lightbox <= 1.0.4 – Authenticated (Admin+) SQL Injection

4.9
CVSS Rating
Medium (4.9)
CVE-ID
CVE-2019-25223
Patch Status
Patched
Published
Apr 7, 2025
Affected Software
Team Circle Image Slider With Lightbox
Researcher
More Details >

Verowa Connect <= 3.0.5 – Authenticated (Administrator+) SQL Injection

4.9
CVSS Rating
Medium (4.9)
CVE-ID
CVE-2025-32676
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Verowa Connect
Researcher
More Details >

WP Inquiries <= 0.2.1 – Authenticated (Administrator+) SQL Injection

4.9
CVSS Rating
Medium (4.9)
CVE-ID
CVE-2025-32685
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
WP Inquiries
Researcher
More Details >

WP Social Stream Designer <= 1.3 – Authenticated (Administrator+) SQL Injection

4.9
CVSS Rating
Medium (4.9)
CVE-ID
CVE-2025-32677
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
WP Social Stream Designer
Researcher
More Details >

Admin Menu Post List <= 2.0.7 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-32492
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Admin Menu Post List
Researcher
More Details >

Aria Font <= 1.4 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-32488
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Aria Font
Researcher
More Details >

BP Social Connect <= 1.6.2 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-32493
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
BP Social Connect
Researcher
More Details >

One Click Accessibility <= 3.1.0 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-32640
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Ally – Web Accessibility & Usability
Researcher
More Details >

Request Call Back <= 1.4.1 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-32483
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Request Call Back
Researcher
More Details >

Review Stream <= 1.6.7 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-32680
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Review Stream
Researcher
More Details >

Wetterwarner <= 2.7.2 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-32489
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Wetterwarner
Researcher
More Details >

WP Editor.md – The Perfect WordPress Markdown Editor <= 10.2.1 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-31035
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
WP Editor.md – The Perfect WordPress Markdown Editor
Researcher(s): Unknown
More Details >

YouTube Embed <= 5.3.1 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2025-31008
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
YouTube Embed
Researcher
More Details >

All push notification for WP <= 1.5.3 – Cross-Site Request Forgery to SQL Injection

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-32547
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
All push notification for WP
Researcher
More Details >

Anant Addons for Elementor <= 1.1.5 – Cross-Site Request Forgery to Arbitrary Plugin Installation

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-32641
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Anant Addons for Elementor
Researcher
More Details >

Asgaros Forum <= 3.0.0 – Authenticated (Subscriber+) Authorization Bypass

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-32227
Patch Status
Unpatched
Published
Apr 7, 2025
Affected Software
Asgaros Forum
Researcher
More Details >

Brizy Pro <= 2.6.1 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-26902
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Brizy Pro
Researcher
More Details >

Brizy Pro <= 2.6.1 – Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-26901
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Brizy Pro
Researcher
More Details >

CM Registration and Invitation Codes <= 2.5.2 – Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-32210
Patch Status
Unpatched
Published
Apr 7, 2025
Affected Software
CM Registration – Tailored tool for seamless login and invitation-based registrations
Researcher
More Details >

Customify <= 0.4.8 – Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-26920
Patch Status
Unpatched
Published
Apr 10, 2025
Affected Software
customify-theme
Researcher
More Details >

Customize Login Page <= 1.1 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31034
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Customize Login Page
Researcher
More Details >

Doppler Forms <= 2.4.5 – Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-32620
Patch Status
Unpatched
Published
Apr 10, 2025
Affected Software
Doppler Forms
Researcher
More Details >

Easyfonts <= 1.1.2 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31005
Patch Status
Patched
Published
Apr 9, 2025
Affected Software
Local google fonts, host google fonts locally by Easyfonts
Researcher
More Details >

Eazy Plugin Manager <= 4.3.0 – Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-32542
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Eazy Plugin Manager – Powerful Plugin Management Solution for WordPress
Researcher
More Details >

EazyDocs <= 2.6.4 – Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-32221
Patch Status
Unpatched
Published
Apr 7, 2025
Affected Software
EazyDocs – Most Powerful Knowledge base, wiki, Documentation Builder Plugin
Researcher
More Details >

Flo Forms <= 1.0.43 – Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-32213
Patch Status
Unpatched
Published
Apr 7, 2025
Affected Software
Flo Forms – Easy Drag & Drop Form Builder
Researcher
More Details >

Hive Support <= 1.2.2 – Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-32208
Patch Status
Unpatched
Published
Apr 7, 2025
Affected Software
Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress
Researcher
More Details >

Industrial Lite <= 1.0.8 – Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-26955
Patch Status
Unpatched
Published
Apr 10, 2025
Affected Software
Industrial Lite
Researcher
More Details >

InPost Gallery <= 2.1.4.3 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-26903
Patch Status
Patched
Published
Apr 11, 2025
Affected Software
InPost Gallery
Researcher
More Details >

MapSVG Lite <= 8.5.34 – Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-32684
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
MapSVG – Vector maps, Image maps, Google Maps
Researcher
More Details >

Motors – Car Dealership & Classified Listings Plugin <= 1.4.66 – Missing Authorization to Authenticated (Subscriber+) Wizard Set-up

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-3437
Patch Status
Unpatched
Published
Apr 7, 2025
Affected Software
Motors – Car Dealership & Classified Listings Plugin
Researcher
More Details >

reCAPTCHA Jetpack <= 0.2.2 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-32494
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
reCAPTCHA Jetpack
Researcher
More Details >

Rich Table of Contents <= 1.4.0 – Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31004
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Rich Table of Contents
Researcher
More Details >

Specia Companion <= 4.6 – Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-32212
Patch Status
Unpatched
Published
Apr 7, 2025
Affected Software
Specia Companion
Researcher
More Details >

Spider Elements – Addons for Elementor <= 1.6.2 – Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-32216
Patch Status
Unpatched
Published
Apr 7, 2025
Affected Software
Spider Elements – Crafted UX First Addons for Elementor
Researcher
More Details >

Tutor LMS <= 3.4.0 – Authenticated (Subscriber+) HTML Injection

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-32230
Patch Status
Unpatched
Published
Apr 7, 2025
Affected Software
Tutor LMS – eLearning and online course solution
Researcher
More Details >

User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.1.3 – Insecure Direct Object Reference to Authenticated (Subscriber+) User Password Update

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-3292
Patch Status
Patched
Published
Apr 11, 2025
Affected Software
User Registration & Membership – Custom Registration Form, Login Form, and User Profile
Researcher
More Details >

User Registration Using Contact Form 7 <= 2.2 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-32679
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
User Registration Using Contact Form 7
Researcher
More Details >

Webcraftic Clearfy – WordPress optimization plugin <= 2.3.2 – Cross-Site Request Forgery to Plugin Settings Update via ‘setup-wbcr_clearfy’

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-13337
Patch Status
Patched
Published
Apr 11, 2025
Affected Software
Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer
Researcher
More Details >

Woo Product Feed For Marketing Channels <= 1.9.0 – Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-31377
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
Woo Product Feed For Marketing Channels
Researcher
More Details >

WordPress Mega Menu – QuadMenu <= 3.2.0 – Cross-Site Request Forgery to Limited User Meta Update

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-2871
Patch Status
Patched
Published
Apr 11, 2025
Affected Software
WordPress Mega Menu – QuadMenu
Researcher
More Details >

WP Performance Pack <= 2.5.4 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-32485
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
WP Performance Pack
Researcher
More Details >

WP Show Stats <= 1.5 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-32678
Patch Status
Unpatched
Published
Apr 9, 2025
Affected Software
WP Show Stats
Researcher
More Details >

WPJobBoard < 5.11.1 – Authenticated (Subscriber+) Path Traversal

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30966
Patch Status
Patched
Published
Apr 10, 2025
Affected Software
WP Job Board
Researcher
More Details >

WPJobBoard < 5.11.1 – Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2025-30965
Patch Status
Patched
Published
Apr 9, 2025
Affected Software
WP Job Board
Researcher
More Details >

Piotnet Forms <= 1.0.30 – Authenticated (Editor+) Path Traversal

3.8
CVSS Rating
Low (3.8)
CVE-ID
CVE-2025-32205
Patch Status
Unpatched
Published
Apr 7, 2025
Affected Software
Piotnet Forms
Researcher
More Details >

Advanced Contact form 7 DB <= 2.0.8 & Import any XML, CSV or Excel File to WordPress <= 3.8.0 – Use of Vulnerable Component (PHPExcel)

3.7
CVSS Rating
Low (3.7)
CVE-ID
CVE-2014-2054
Patch Status
Patched
Published
Apr 7, 2025
Affected Software
Advanced Contact form 7 DB
Import any XML, CSV or Excel File to WordPress
Researcher(s): Unknown
More Details >

Squeeze <= 1.6 – Authenticated (Admin+) Full Path Disclosure

2.7
CVSS Rating
Low (2.7)
CVE-ID
CVE-2025-31003
Patch Status
Patched
Published
Apr 9, 2025
Affected Software
Squeeze – Image Optimization & Compression, WebP Conversion
Researcher
More Details >

As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.

This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

The post Wordfence Intelligence Weekly WordPress Vulnerability Report (April 7, 2025 to April 13, 2025) appeared first on Wordfence.

Leave a Comment