8.5
CVE-2025-31641 - WordPress UberSlider plugin <= 2.3 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup UberSlider uber-classic allows SQL Injection.This issue affects UberSlider: from n/a through < 2.6.
5.4
CVE-2025-31915 - WordPress Pixel Form BuilderPlugin & Autoresponder plugin <= 1.0.3 - Cross Site Request Forgery (CSβ¦
Cross-Site Request Forgery (CSRF) vulnerability in kamleshyadav Pixel WordPress Form BuilderPlugin & Autoresponder pixel-formbuilder allows Cross Site Request Forgery.This issue affects Pixel WordPress Form BuilderPlugin & Autoresponder: from n/a through <= 1.0.3.
4.3
CVE-2025-31921 - WordPress WP Ultimate Tours Builder plugin <= 1.055 - Cross Site Request Forgery (CSRF) Vulnerabiliβ¦
Cross-Site Request Forgery (CSRF) vulnerability in loopus WP Ultimate Tours Builder WP_UltimateToursBuilder allows Cross Site Request Forgery.This issue affects WP Ultimate Tours Builder: from n/a through <= 1.055.
7.1
CVE-2025-31922 - WordPress CSS3 Accordions for WordPress plugin <= 3.0 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in QuanticaLabs CSS3 Accordions for WordPress css3_accordions allows Stored XSS.This issue affects CSS3 Accordions for WordPress: from n/a through <= 3.0.
5.4
CVE-2025-31923 - WordPress CSS3 Accordions for WordPress plugin <= 3.0 - Broken Access Control Vulnerability
Missing Authorization vulnerability in QuanticaLabs CSS3 Accordions for WordPress css3_accordions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CSS3 Accordions for WordPress: from n/a through <= 3.0.
8.5
CVE-2025-31926 - WordPress Sticky Radio Player plugin <= 3.4 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Sticky Radio Player lbg-audio5-html5-shoutcast_sticky allows SQL Injection.This issue affects Sticky Radio Player: from n/a through <= 3.4.
8.5
CVE-2025-31928 - WordPress Multimedia Responsive Carousel with Image Video Audio Support plugin <= 2.6.0 - SQL Injecβ¦
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Multimedia Responsive Carousel with Image Video Audio Support multimedia-carousel allows SQL Injection.This issue affects Multimedia Responsive Carousel with Image Video Audio Support:β¦
6.5
CVE-2025-32180 - WordPress Product Carousel For WooCommerce β WoorouSell plugin <= 1.1.0 - Cross Site Scripting (XSSβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mojofywp Product Carousel For WooCommerce β WoorouSell woorousell allows Stored XSS.This issue affects Product Carousel For WooCommerce β WoorouSell: from n/a through <= 1.1.0.
7.1
CVE-2025-32245 - WordPress Featured Posts Scroll plugin <= 1.25 - CSRF to Stored Cross Site Scripting (XSS) vulnerabβ¦
Cross-Site Request Forgery (CSRF) vulnerability in Chaser324 Featured Posts Scroll featured-posts-scroll allows Stored XSS.This issue affects Featured Posts Scroll: from n/a through <= 1.25.
8.5
CVE-2025-32287 - WordPress Responsive HTML5 Audio Player PRO With Playlist plugin <= 3.5.7 - SQL Injection Vulnerabiβ¦
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Responsive HTML5 Audio Player PRO With Playlist lbg-audio2-html5 allows SQL Injection.This issue affects Responsive HTML5 Audio Player PRO With Playlist: from n/a through <= 3.5.7.