8.5
CVE-2025-32307 - WordPress Chameleon HTML5 Audio Player With/Without Playlist plugin <= 3.5.6 - SQL Injection Vulnerβ¦
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Chameleon HTML5 Audio Player With/Without Playlist lbg-audio1-html5 allows SQL Injection.This issue affects Chameleon HTML5 Audio Player With/Without Playlist: from n/a through <= 3.5.β¦
8.8
CVE-2025-32310 - WordPress QuickCal plugin <= 1.0.15 - CSRF to Privilege Escalation vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in ThemeMove QuickCal - Appointment Booking Calendar for WordPress quickcal allows Privilege Escalation.This issue affects QuickCal - Appointment Booking Calendar for WordPress: from n/a through <= 1.0.15.
9.3
CVE-2025-32643 - WordPress WPGYM plugin < 67.8.0 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla WPGYM gym-management allows Blind SQL Injection.This issue affects WPGYM: from n/a through < 67.8.0.
9.3
CVE-2025-39481 - WordPress Eventer plugin < 3.11.4 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in imithemes Eventer eventer allows Blind SQL Injection.This issue affects Eventer: from n/a through < 3.11.4.
4.3
CVE-2025-39482 - WordPress Eventer plugin < 3.11.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in imithemes Eventer eventer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eventer: from n/a through < 3.11.4.
8.1
CVE-2025-39491 - WordPress WHMpress plugin <= 6.2-revision-9 - Local File Inclusion vulnerability
Path Traversal: '.../...//' vulnerability in WHMPress WHMpress whmpress allows Path Traversal.This issue affects WHMpress: from n/a through <= 6.2-revision-9.
7.5
CVE-2025-39492 - WordPress WHMpress plugin <= 6.2-revision-9 - Local File Inclusion vulnerability
Path Traversal: '.../...//' vulnerability in WHMPress WHMpress whmpress allows Relative Path Traversal.This issue affects WHMpress: from n/a through <= 6.2-revision-9.
4.3
CVE-2025-39493 - WordPress Rankie plugin < 1.8.2 - Broken Access Control Vulnerability
Missing Authorization vulnerability in ValvePress Rankie valvepress-rankie allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rankie: from n/a through < 1.8.2.
7.5
CVE-2025-39507 - WordPress Nasa Core Plugin <= 6.4.4 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NasaTheme Nasa Core nasa-core allows PHP Local File Inclusion.This issue affects Nasa Core: from n/a through < 6.4.4.
6.5
CVE-2025-39509 - WordPress TNC FlipBook plugin <= 12.1.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeNcode TNC FlipBook pdf-viewer-for-wordpress allows Stored XSS.This issue affects TNC FlipBook: from n/a through <= 12.1.0.