Full List

Search

Recent Vulnerabilities

• CVE-2025-32489 • published on April 9, 2025 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tim Wetterwarner allows Stored XSS. This issue affects Wetterwarner: from n/a through 2.7.2.
• CVE-2025-32492 • published on April 9, 2025 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eliot Akira Admin Menu Post List allows Stored XSS. This issue affects Admin Menu Post List: from n/a through 2.0.7.
• CVE-2025-32493 • published on April 9, 2025 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VibeThemes BP Social Connect allows Stored XSS. This issue affects BP Social Connect: from n/a through 1.6.2.
• CVE-2025-32494 • published on April 9, 2025 Cross-Site Request Forgery (CSRF) vulnerability in bozdoz reCAPTCHA Jetpack allows Cross Site Request Forgery. This issue affects reCAPTCHA Jetpack: from n/a through 0.2.2.
• CVE-2025-32495 • published on April 9, 2025 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joe Waymark allows Stored XSS. This issue affects Waymark: from n/a through 1.5.2.
• CVE-2025-32496 • published on April 9, 2025 Cross-Site Request Forgery (CSRF) vulnerability in Uncodethemes Ultra Demo Importer allows Upload a Web Shell to a Web Server. This issue affects Ultra Demo Importer: from n/a through 1.0.5.
• CVE-2025-32497 • published on April 9, 2025 Cross-Site Request Forgery (CSRF) vulnerability in squiter Spoiler Block allows Stored XSS. This issue affects Spoiler Block: from n/a through 1.7.
• CVE-2025-32498 • published on April 9, 2025 Cross-Site Request Forgery (CSRF) vulnerability in oleglark VKontakte Cross-Post allows Stored XSS. This issue affects VKontakte Cross-Post: from n/a through 0.3.2.
• CVE-2025-32499 • published on April 9, 2025 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpWax Logo Showcase Ultimate allows PHP Local File Inclusion. This issue affects Logo Showcase Ultimate: from n/a through 1.4.4.
• CVE-2025-32500 • published on April 9, 2025 Cross-Site Request Forgery (CSRF) vulnerability in Sudavar Codescar Radio Widget allows Stored XSS. This issue affects Codescar Radio Widget: from n/a through 0.4.2.
• CVE-2025-32501 • published on April 9, 2025 Cross-Site Request Forgery (CSRF) vulnerability in dimafreund RentSyst allows Stored XSS. This issue affects RentSyst: from n/a through 2.0.72.
• CVE-2025-32502 • published on April 9, 2025 Cross-Site Request Forgery (CSRF) vulnerability in lemmentwickler ePaper Lister for Yumpu allows Stored XSS. This issue affects ePaper Lister for Yumpu: from n/a through 1.4.0.
• CVE-2025-32503 • published on April 9, 2025 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jose Conti Link Shield allows Stored XSS. This issue affects Link Shield: from n/a through 0.5.4.
• CVE-2025-32505 • published on April 9, 2025 Cross-Site Request Forgery (CSRF) vulnerability in SCAND MultiMailer allows Stored XSS. This issue affects MultiMailer: from n/a through 1.0.3.
• CVE-2025-32518 • published on April 9, 2025 Cross-Site Request Forgery (CSRF) vulnerability in hossainawlad ALD Login Page allows Stored XSS. This issue affects ALD Login Page: from n/a through 1.1.
• CVE-2025-32543 • published on April 9, 2025 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hivedigital Canonical Attachments allows Reflected XSS. This issue affects Canonical Attachments: from n/a through 1.7.
• CVE-2025-32547 • published on April 9, 2025 Cross-Site Request Forgery (CSRF) vulnerability in gtlwpdev All push notification for WP allows Blind SQL Injection. This issue affects All push notification for WP: from n/a through 1.5.3.
• CVE-2025-32550 • published on April 9, 2025 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ClickandPledge Click & Pledge Connect Plugin allows SQL Injection. This issue affects Click & Pledge Connect Plugin: from 2.24080000 through WP6.6.1.
• CVE-2025-32555 • published on April 9, 2025 Cross-Site Request Forgery (CSRF) vulnerability in Edamam SEO, Nutrition and Print for Recipes by Edamam allows Stored XSS. This issue affects SEO, Nutrition and Print for Recipes by Edamam: from n/a through 3.3.
• CVE-2025-32556 • published on April 9, 2025 Cross-Site Request Forgery (CSRF) vulnerability in Sandor Kovacs Simple Post Meta Manager allows Reflected XSS. This issue affects Simple Post Meta Manager: from n/a through 1.0.9.