Detections
Analytics

Newest CVEs

IDDescriptionSeverity
CVE-2025-32669Cross-Site Request Forgery (CSRF) vulnerability in MERGADO Mergado Pack allows Stored XSS. This issue affects Mergado Pack: from n/a through 4.1.1.
high
CVE-2025-32667Cross-Site Request Forgery (CSRF) vulnerability in fromdoppler Doppler Forms allows Stored XSS. This issue affects Doppler Forms: from n/a through 2.4.5.
high
CVE-2025-32664Cross-Site Request Forgery (CSRF) vulnerability in ashokbasnet Nepali Date Utilities allows Stored XSS. This issue affects Nepali Date Utilities: from n/a through 1.0.13.
high
CVE-2025-32661Cross-Site Request Forgery (CSRF) vulnerability in WP Map Plugins Interactive US Map allows Stored XSS. This issue affects Interactive US Map: from n/a through 2.7.
high
CVE-2025-32659Cross-Site Request Forgery (CSRF) vulnerability in fraudlabspro FraudLabs Pro for WooCommerce allows Stored XSS. This issue affects FraudLabs Pro for WooCommerce: from n/a through 2.22.7.
high
CVE-2025-32645Cross-Site Request Forgery (CSRF) vulnerability in Hiren Patel Custom Posts Order allows Stored XSS. This issue affects Custom Posts Order: from n/a through 4.4.
high
CVE-2025-32644Cross-Site Request Forgery (CSRF) vulnerability in ip2location IP2Location World Clock allows Stored XSS. This issue affects IP2Location World Clock: from n/a through 1.1.9.
high
CVE-2025-32642Cross-Site Request Forgery (CSRF) vulnerability in appsbd Vite Coupon allows Remote Code Inclusion. This issue affects Vite Coupon: from n/a through 1.0.7.
critical
CVE-2025-32641Cross-Site Request Forgery (CSRF) vulnerability in anantaddons Anant Addons for Elementor allows Cross Site Request Forgery. This issue affects Anant Addons for Elementor: from n/a through 1.1.5.
critical
CVE-2025-32640Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor One Click Accessibility allows Stored XSS. This issue affects One Click Accessibility: from n/a through 3.1.0.
medium
CVE-2025-32624Missing Authorization vulnerability in czater Czater.pl – live chat i telefon allows Cross Site Request Forgery. This issue affects Czater.pl – live chat i telefon: from n/a through 1.0.5.
high
CVE-2025-32623Cross-Site Request Forgery (CSRF) vulnerability in plainware PlainInventory allows Stored XSS. This issue affects PlainInventory: from n/a through 3.1.9.
high
CVE-2025-32621Cross-Site Request Forgery (CSRF) vulnerability in Vsourz Digital WP Map Route Planner allows Cross Site Request Forgery. This issue affects WP Map Route Planner: from n/a through 1.0.0.
high
CVE-2025-32619Cross-Site Request Forgery (CSRF) vulnerability in KeyCAPTCHA KeyCAPTCHA allows Stored XSS. This issue affects KeyCAPTCHA: from n/a through 2.5.1.
high
CVE-2025-32617Cross-Site Request Forgery (CSRF) vulnerability in Ydesignservices Multiple Location Google Map allows Stored XSS. This issue affects Multiple Location Google Map: from n/a through 1.1.
high
CVE-2025-32616Cross-Site Request Forgery (CSRF) vulnerability in nimbata Nimbata Call Tracking allows Stored XSS. This issue affects Nimbata Call Tracking: from n/a through 1.7.1.
high
CVE-2025-32612Cross-Site Request Forgery (CSRF) vulnerability in rafasashi User Session Synchronizer allows Stored XSS. This issue affects User Session Synchronizer: from n/a through 1.4.0.
high
CVE-2025-32610Cross-Site Request Forgery (CSRF) vulnerability in Foliovision: Making the web work for you Foliopress WYSIWYG allows Cross Site Request Forgery. This issue affects Foliopress WYSIWYG: from n/a through 2.6.18.
high
CVE-2025-32597Cross-Site Request Forgery (CSRF) vulnerability in George Sexton WordPress Events Calendar Plugin – connectDaily allows Cross-Site Scripting (XSS). This issue affects WordPress Events Calendar Plugin – connectDaily: from n/a through 1.4.8.
high
CVE-2025-32591Cross-Site Request Forgery (CSRF) vulnerability in Kevon Adonis WP Abstracts allows Cross Site Request Forgery. This issue affects WP Abstracts: from n/a through 2.7.4.
high
CVE-2025-32584Cross-Site Request Forgery (CSRF) vulnerability in Chat2 Chat2 allows Cross Site Request Forgery. This issue affects Chat2: from n/a through 3.6.3.
high
CVE-2025-32581Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ankit Singla WordPress Spam Blocker allows Stored XSS. This issue affects WordPress Spam Blocker: from n/a through 2.0.4.
high
CVE-2025-32580Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in debounce DeBounce Email Validator allows Stored XSS. This issue affects DeBounce Email Validator: from n/a through 5.7.1.
high
CVE-2025-32576Cross-Site Request Forgery (CSRF) vulnerability in Agence web Eoxia - Montpellier WP shop allows Upload a Web Shell to a Web Server. This issue affects WP shop: from n/a through 2.6.0.
critical
CVE-2025-32575Cross-Site Request Forgery (CSRF) vulnerability in axew3 WP w3all phpBB allows Reflected XSS. This issue affects WP w3all phpBB: from n/a through 2.9.2.
high
CVE-2025-32570Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ChillPay ChillPay WooCommerce allows Stored XSS. This issue affects ChillPay WooCommerce: from n/a through 2.5.3.
high
CVE-2025-32563Cross-Site Request Forgery (CSRF) vulnerability in dangrossman WP Calais Auto Tagger allows Cross Site Request Forgery. This issue affects WP Calais Auto Tagger: from n/a through 2.0.
high
CVE-2025-32559Cross-Site Request Forgery (CSRF) vulnerability in REVE Chat REVE Chat allows Stored XSS. This issue affects REVE Chat: from n/a through 6.2.2.
high
CVE-2025-32556Cross-Site Request Forgery (CSRF) vulnerability in Sandor Kovacs Simple Post Meta Manager allows Reflected XSS. This issue affects Simple Post Meta Manager: from n/a through 1.0.9.
high
CVE-2025-32555Cross-Site Request Forgery (CSRF) vulnerability in Edamam SEO, Nutrition and Print for Recipes by Edamam allows Stored XSS. This issue affects SEO, Nutrition and Print for Recipes by Edamam: from n/a through 3.3.
high
CVE-2025-32550Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ClickandPledge Click & Pledge Connect Plugin allows SQL Injection. This issue affects Click & Pledge Connect Plugin: from 2.24080000 through WP6.6.1.
high
CVE-2025-32547Cross-Site Request Forgery (CSRF) vulnerability in gtlwpdev All push notification for WP allows Blind SQL Injection. This issue affects All push notification for WP: from n/a through 1.5.3.
high
CVE-2025-32543Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hivedigital Canonical Attachments allows Reflected XSS. This issue affects Canonical Attachments: from n/a through 1.7.
high
CVE-2025-32518Cross-Site Request Forgery (CSRF) vulnerability in hossainawlad ALD Login Page allows Stored XSS. This issue affects ALD Login Page: from n/a through 1.1.
high
CVE-2025-32505Cross-Site Request Forgery (CSRF) vulnerability in SCAND MultiMailer allows Stored XSS. This issue affects MultiMailer: from n/a through 1.0.3.
high
CVE-2025-32503Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jose Conti Link Shield allows Stored XSS. This issue affects Link Shield: from n/a through 0.5.4.
high
CVE-2025-32502Cross-Site Request Forgery (CSRF) vulnerability in lemmentwickler ePaper Lister for Yumpu allows Stored XSS. This issue affects ePaper Lister for Yumpu: from n/a through 1.4.0.
high
CVE-2025-32501Cross-Site Request Forgery (CSRF) vulnerability in dimafreund RentSyst allows Stored XSS.This issue affects RentSyst: from n/a through 2.0.92.
high
CVE-2025-32500Cross-Site Request Forgery (CSRF) vulnerability in Sudavar Codescar Radio Widget allows Stored XSS. This issue affects Codescar Radio Widget: from n/a through 0.4.2.
high
CVE-2025-32499Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpWax Logo Showcase Ultimate allows PHP Local File Inclusion. This issue affects Logo Showcase Ultimate: from n/a through 1.4.4.
medium
CVE-2025-32498Cross-Site Request Forgery (CSRF) vulnerability in oleglark VKontakte Cross-Post allows Stored XSS. This issue affects VKontakte Cross-Post: from n/a through 0.3.2.
high
CVE-2025-32497Cross-Site Request Forgery (CSRF) vulnerability in squiter Spoiler Block allows Stored XSS. This issue affects Spoiler Block: from n/a through 1.7.
high
CVE-2025-32496Cross-Site Request Forgery (CSRF) vulnerability in Uncodethemes Ultra Demo Importer allows Upload a Web Shell to a Web Server. This issue affects Ultra Demo Importer: from n/a through 1.0.5.
critical
CVE-2025-32495Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joe Waymark allows Stored XSS. This issue affects Waymark: from n/a through 1.5.2.
medium
CVE-2025-32494Cross-Site Request Forgery (CSRF) vulnerability in bozdoz reCAPTCHA Jetpack allows Cross Site Request Forgery. This issue affects reCAPTCHA Jetpack: from n/a through 0.2.2.
medium
CVE-2025-32493Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VibeThemes BP Social Connect allows Stored XSS. This issue affects BP Social Connect: from n/a through 1.6.2.
medium
CVE-2025-32492Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eliot Akira Admin Menu Post List allows Stored XSS. This issue affects Admin Menu Post List: from n/a through 2.0.7.
medium
CVE-2025-32489Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tim Wetterwarner allows Stored XSS. This issue affects Wetterwarner: from n/a through 2.7.2.
medium
CVE-2025-32488Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in آریا وردپرس Aria Font allows Stored XSS. This issue affects Aria Font: from n/a through 1.4.
medium
CVE-2025-32487Server-Side Request Forgery (SSRF) vulnerability in Joe Waymark allows Server Side Request Forgery. This issue affects Waymark: from n/a through 1.5.2.
medium