9.8
CVE-2025-32519 - WordPress IDonate plugin <= 2.1.18 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Foysal Imran IDonate idonate allows PHP Local File Inclusion.This issue affects IDonate: from n/a through <= 2.1.18.
0.0
CVE-2025-32517 - WordPress MultiMailer plugin <= 1.0.3 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SCAND MultiMailer scand-multi-mailer allows Reflected XSS.This issue affects MultiMailer: from n/a through <= 1.0.3.
0.0
CVE-2025-32509 - WordPress Simple WP Events plugin <= 1.8.17 - Arbitrary File Deletion vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPMinds Simple WP Events simple-wp-events allows Path Traversal.This issue affects Simple WP Events: from n/a through <= 1.8.17.
0.0
CVE-2025-32491 - WordPress Rankology SEO โ On-site SEO plugin <= 2.2.4 - Privilege Escalation Vulnerability
Incorrect Privilege Assignment vulnerability in Rankology Rankology SEO โ On-site SEO rankology-seo-all-in-one-seo-analytics allows Privilege Escalation.This issue affects Rankology SEO โ On-site SEO: from n/a through <= 2.2.4.
0.0
CVE-2025-32144 - WordPress Job Board Manager Plugin <= 2.1.61 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in PickPlugins Job Board Manager job-board-manager allows Object Injection.This issue affects Job Board Manager: from n/a through <= 2.1.61.
0.0
CVE-2025-32143 - WordPress Accordion plugin <= 2.3.11 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in PickPlugins Accordion accordions allows Object Injection.This issue affects Accordion: from n/a through <= 2.3.11.
0.0
CVE-2025-31599 - WordPress Bulk Product Sync plugin <= 8.6 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in N-Media Bulk Product Sync sync-wc-google allows SQL Injection.This issue affects Bulk Product Sync: from n/a through <= 8.6.
0.0
CVE-2025-31565 - WordPress WPSmartContracts plugin <= 2.0.12 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lisandro Martinez WPSmartContracts wp-smart-contracts allows Blind SQL Injection.This issue affects WPSmartContracts: from n/a through <= 2.0.12.
0.0
CVE-2025-31379 - WordPress Insert HTML Here plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in programphases Insert HTML Here insert-html-here allows Reflected XSS.This issue affects Insert HTML Here: from n/a through <= 1.0.
0.0
CVE-2025-31378 - WordPress Oppso Unit Converter plugin <= 1.1.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in danbwb Oppso Unit Converter oppso-unit-converter allows Reflected XSS.This issue affects Oppso Unit Converter: from n/a through <= 1.1.1.