5.3
CVE-2025-32296 - WordPress Simple Link Directory Pro plugin < 14.8.1 - Broken Access Control Vulnerability
Missing Authorization vulnerability in quantumcloud Simple Link Directory qc-simple-link-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Link Directory: from n/a through < 14.8.1.
4.3
CVE-2025-32299 - WordPress QuickCal plugin <= 1.0.15 - Sensitive Data Exposure Vulnerability
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Themovation QuickCal - Appointment Booking Calendar for WordPress quickcal allows Retrieve Embedded Sensitive Data.This issue affects QuickCal - Appointment Booking Calendar for WordPress: from n/a through <β¦
8.5
CVE-2025-32301 - WordPress CountDown Pro WP Plugin <= 2.7 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup CountDown Pro WP Plugin circular_countdown allows SQL Injection.This issue affects CountDown Pro WP Plugin: from n/a through <= 2.7.
8.5
CVE-2025-32306 - WordPress Radio Player Shoutcast & Icecast theme <= 4.4.6 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Radio Player Shoutcast & Icecast WordPress Plugin audio4-html5 allows Blind SQL Injection.This issue affects Radio Player Shoutcast & Icecast WordPress Plugin: from n/a through <= 4.4.β¦
8.5
CVE-2025-32307 - WordPress Chameleon HTML5 Audio Player With/Without Playlist plugin <= 3.5.6 - SQL Injection Vulnerβ¦
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Chameleon HTML5 Audio Player With/Without Playlist lbg-audio1-html5 allows SQL Injection.This issue affects Chameleon HTML5 Audio Player With/Without Playlist: from n/a through <= 3.5.β¦
8.8
CVE-2025-32310 - WordPress QuickCal plugin <= 1.0.15 - CSRF to Privilege Escalation vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in ThemeMove QuickCal - Appointment Booking Calendar for WordPress quickcal allows Privilege Escalation.This issue affects QuickCal - Appointment Booking Calendar for WordPress: from n/a through <= 1.0.15.
9.3
CVE-2025-32643 - WordPress WPGYM plugin < 67.8.0 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla WPGYM gym-management allows Blind SQL Injection.This issue affects WPGYM: from n/a through < 67.8.0.
9.3
CVE-2025-39481 - WordPress Eventer plugin < 3.11.4 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in imithemes Eventer eventer allows Blind SQL Injection.This issue affects Eventer: from n/a through < 3.11.4.
4.3
CVE-2025-39482 - WordPress Eventer plugin < 3.11.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in imithemes Eventer eventer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eventer: from n/a through < 3.11.4.
8.1
CVE-2025-39491 - WordPress WHMpress plugin <= 6.2-revision-9 - Local File Inclusion vulnerability
Path Traversal: '.../...//' vulnerability in WHMPress WHMpress whmpress allows Path Traversal.This issue affects WHMpress: from n/a through <= 6.2-revision-9.