0.0
CVE-2025-32670 - WordPress Spark GF Failed Submissions plugin <= 1.3.5 - Reflected Cross Site Scripting (XSS) vulnerβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark Parnell Spark GF Failed Submissions spark-gf-failed-submissions allows Reflected XSS.This issue affects Spark GF Failed Submissions: from n/a through <= 1.3.5.
0.0
CVE-2025-32674 - WordPress Product Excel Import Export & Bulk Edit for WooCommerce plugin <= 4.7 - Cross Site Scriptβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Product Excel Import Export & Bulk Edit for WooCommerce webd-woocommerce-product-excel-importer-bulk-edit allows Reflected XSS.This issue affects Product Excel Import Export & Bulk Edit fβ¦
0.0
CVE-2025-32682 - WordPress MapSVG Lite plugin <= 8.6.4 - Arbitrary File Upload Vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG mapsvg-lite-interactive-vector-maps allows Upload a Web Shell to a Web Server.This issue affects MapSVG: from n/a through <= 8.6.4.
0.0
CVE-2025-32686 - WordPress Team Members plugin <= 3.4.4 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in WPSpeedo Team Members wps-team allows Object Injection.This issue affects Team Members: from n/a through <= 3.4.4.
0.0
CVE-2025-39519 - WordPress Bulk Page Stub Creator plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in runthings.dev Bulk Page Stub Creator bulk-page-stub-creator allows Reflected XSS.This issue affects Bulk Page Stub Creator: from n/a through <= 1.1.
0.0
CVE-2025-39521 - WordPress Contact Form vCard Generator plugin <= 2.4 - Reflected Cross Site Scripting (XSS) vulneraβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ashish Ajani Contact Form vCard Generator contact-form-vcard-generator allows Reflected XSS.This issue affects Contact Form vCard Generator: from n/a through <= 2.4.
0.0
CVE-2025-39526 - WordPress Hotel Booking Plugin <= 3.6 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in nicdark Hotel Booking nd-booking allows PHP Local File Inclusion.This issue affects Hotel Booking: from n/a through <= 3.6.
0.0
CVE-2025-39527 - WordPress Rating by BestWebSoft plugin <= 1.7 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in bestweblayout Rating by BestWebSoft rating-bws allows Object Injection.This issue affects Rating by BestWebSoft: from n/a through <= 1.7.
0.0
CVE-2025-39532 - WordPress Spice Blocks plugin <= 2.0.7.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in spicethemes Spice Blocks spice-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spice Blocks: from n/a through <= 2.0.7.7.
0.0
CVE-2025-39533 - WordPress Starfish Review Generation & Marketing plugin <= 3.1.19 - Privilege Escalation vulnerabilβ¦
Missing Authorization vulnerability in Starfish Reviews Starfish Review Generation & Marketing starfish-reviews allows Privilege Escalation.This issue affects Starfish Review Generation & Marketing: from n/a through <= 3.1.19.