0.0
CVE-2025-32509 - WordPress Simple WP Events plugin <= 1.8.17 - Arbitrary File Deletion vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPMinds Simple WP Events simple-wp-events allows Path Traversal.This issue affects Simple WP Events: from n/a through <= 1.8.17.
0.0
CVE-2025-32491 - WordPress Rankology SEO โ On-site SEO plugin <= 2.2.4 - Privilege Escalation Vulnerability
Incorrect Privilege Assignment vulnerability in Rankology Rankology SEO โ On-site SEO rankology-seo-all-in-one-seo-analytics allows Privilege Escalation.This issue affects Rankology SEO โ On-site SEO: from n/a through <= 2.2.4.
0.0
CVE-2025-32144 - WordPress Job Board Manager Plugin <= 2.1.61 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in PickPlugins Job Board Manager job-board-manager allows Object Injection.This issue affects Job Board Manager: from n/a through <= 2.1.61.
0.0
CVE-2025-32143 - WordPress Accordion plugin <= 2.3.11 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in PickPlugins Accordion accordions allows Object Injection.This issue affects Accordion: from n/a through <= 2.3.11.
0.0
CVE-2025-31599 - WordPress Bulk Product Sync plugin <= 8.6 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in N-Media Bulk Product Sync sync-wc-google allows SQL Injection.This issue affects Bulk Product Sync: from n/a through <= 8.6.
0.0
CVE-2025-31565 - WordPress WPSmartContracts plugin <= 2.0.12 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lisandro Martinez WPSmartContracts wp-smart-contracts allows Blind SQL Injection.This issue affects WPSmartContracts: from n/a through <= 2.0.12.
0.0
CVE-2025-31379 - WordPress Insert HTML Here plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in programphases Insert HTML Here insert-html-here allows Reflected XSS.This issue affects Insert HTML Here: from n/a through <= 1.0.
0.0
CVE-2025-31378 - WordPress Oppso Unit Converter plugin <= 1.1.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in danbwb Oppso Unit Converter oppso-unit-converter allows Reflected XSS.This issue affects Oppso Unit Converter: from n/a through <= 1.1.1.
0.0
CVE-2025-31041 - WordPress AnyTrack Affiliate Link Manager plugin <= 1.0.4 - Broken Access Control Vulnerability
Missing Authorization vulnerability in AnyTrack AnyTrack Affiliate Link Manager anytrack-affiliate-link-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AnyTrack Affiliate Link Manager: from n/a through <= 1.0.4.
0.0
CVE-2025-31040 - WordPress WP Food ordering and Restaurant Menu plugin <= 2.7 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Exthemes WP Food ordering and Restaurant Menu wp-food allows PHP Local File Inclusion.This issue affects WP Food ordering and Restaurant Menu: from n/a through <= 2.7.