7.1
CVE-2025-32560 - WordPress WP-Hijri Plugin <= 1.5.3 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mohammad I. Okfie WP-Hijri allows Reflected XSS. This issue affects WP-Hijri: from n/a through 1.5.3.
7.1
CVE-2025-32561 - WordPress WP_DEBUG Toggle plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in plugins.club WP_DEBUG Toggle allows Reflected XSS. This issue affects WP_DEBUG Toggle: from n/a through 1.1.
7.1
CVE-2025-32562 - WordPress WP Easy Poll Plugin <= 2.2.9 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aviplugins.com WP Easy Poll allows Reflected XSS. This issue affects WP Easy Poll: from n/a through 2.2.9.
7.1
CVE-2025-32564 - WordPress Stop Registration Spam Plugin <= 1.24 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tomroyal Stop Registration Spam allows Reflected XSS. This issue affects Stop Registration Spam: from n/a through 1.24.
7.1
CVE-2025-32566 - WordPress License For Envato Plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ashraful Sarkar Naiem License For Envato allows Reflected XSS. This issue affects License For Envato: from n/a through 1.0.0.
8.8
CVE-2025-32571 - WordPress TuriTop Booking System Plugin <= 1.0.10 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in turitop TuriTop Booking System allows Object Injection. This issue affects TuriTop Booking System: from n/a through 1.0.10.
9.8
CVE-2025-32572 - WordPress Kata Plus Plugin <= 1.5.2 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Climax Themes Kata Plus allows Object Injection. This issue affects Kata Plus: from n/a through 1.5.2.
8.5
CVE-2025-32573 - WordPress KiotViet Sync Plugin <= 1.8.3 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kiotviet KiotViet Sync allows SQL Injection. This issue affects KiotViet Sync: from n/a through 1.8.3.
7.1
CVE-2025-32578 - WordPress Coming Soon Countdown Plugin <= 2.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mapro Collins Coming Soon Countdown allows Reflected XSS. This issue affects Coming Soon Countdown: from n/a through 2.2.
7.1
CVE-2025-32582 - WordPress WP AutoKeyword Plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EXEIdeas International WP AutoKeyword allows Stored XSS. This issue affects WP AutoKeyword: from n/a through 1.0.