Full List

Search

Recent Vulnerabilities

• CVE-2025-32629 • published on April 11, 2025 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CMSJunkie - WordPress Business Directory Plugins WP-BusinessDirectory allows Path Traversal. This issue affects WP-BusinessDirectory: from n/a through 3.1.2.
• CVE-2025-32627 • published on April 11, 2025 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JoomSky JS Job Manager allows PHP Local File Inclusion. This issue affects JS Job Manager: from n/a through 2.0.2.
• CVE-2025-32618 • published on April 11, 2025 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PickPlugins Wishlist allows SQL Injection. This issue affects Wishlist: from n/a through 1.0.43.
• CVE-2025-32614 • published on April 11, 2025 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ashan Perera EventON allows PHP Local File Inclusion. This issue affects EventON: from n/a through 2.3.2.
• CVE-2025-32607 • published on April 11, 2025 Deserialization of Untrusted Data vulnerability in magepeopleteam WpBookingly allows Object Injection. This issue affects WpBookingly: from n/a through 1.2.0.
• CVE-2025-32603 • published on April 11, 2025 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in HK WP Online Users Stats allows Blind SQL Injection. This issue affects WP Online Users Stats: from n/a through 1.0.0.
• CVE-2025-32601 • published on April 11, 2025 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in twispay Twispay Credit Card Payments allows Reflected XSS. This issue affects Twispay Credit Card Payments: from n/a through 2.1.2.
• CVE-2025-32600 • published on April 11, 2025 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tournamatch Tournamatch allows Reflected XSS. This issue affects Tournamatch: from n/a through 4.6.1.
• CVE-2025-32599 • published on April 11, 2025 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in miunosoft Task Scheduler allows Reflected XSS. This issue affects Task Scheduler: from n/a through 1.6.3.
• CVE-2025-32598 • published on April 11, 2025 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Table Builder WP Table Builder allows Reflected XSS. This issue affects WP Table Builder: from n/a through 2.0.4.
• CVE-2025-32589 • published on April 11, 2025 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in odude Flexi – Guest Submit allows PHP Local File Inclusion. This issue affects Flexi – Guest Submit: from n/a through 4.28.
• CVE-2025-32587 • published on April 11, 2025 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in pickupp WooCommerce Pickupp allows PHP Local File Inclusion. This issue affects WooCommerce Pickupp: from n/a through 2.4.0.
• CVE-2025-32586 • published on April 11, 2025 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ABA Bank ABA PayWay Payment Gateway for WooCommerce allows Reflected XSS. This issue affects ABA PayWay Payment Gateway for WooCommerce: from n/a through 2.1.3.
• CVE-2025-32585 • published on April 11, 2025 Path Traversal vulnerability in Trusty Plugins Shop Products Filter allows PHP Local File Inclusion. This issue affects Shop Products Filter: from n/a through 1.2.
• CVE-2025-32579 • published on April 11, 2025 Unrestricted Upload of File with Dangerous Type vulnerability in SoftClever Limited Sync Posts allows Upload a Web Shell to a Web Server. This issue affects Sync Posts: from n/a through 1.0.
• CVE-2025-32577 • published on April 11, 2025 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in hakeemnala Build App Online allows PHP Local File Inclusion. This issue affects Build App Online: from n/a through 1.0.23.
• CVE-2025-32569 • published on April 11, 2025 Deserialization of Untrusted Data vulnerability in RealMag777 TableOn – WordPress Posts Table Filterable allows Object Injection. This issue affects TableOn – WordPress Posts Table Filterable: from n/a through 1.0.2.
• CVE-2025-32568 • published on April 11, 2025 Deserialization of Untrusted Data vulnerability in empik EmpikPlace for Woocommerce allows Object Injection. This issue affects EmpikPlace for Woocommerce: from n/a through 1.4.2.
• CVE-2025-32567 • published on April 11, 2025 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in dev02ali Easy Post Duplicator allows SQL Injection. This issue affects Easy Post Duplicator: from n/a through 1.0.1.
• CVE-2025-32565 • published on April 11, 2025 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in vertim Neon Product Designer allows SQL Injection. This issue affects Neon Product Designer: from n/a through 2.1.1.