7.1
CVE-2025-32564 - WordPress Stop Registration Spam Plugin <= 1.24 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tomroyal Stop Registration Spam stop-registration-spam allows Reflected XSS.This issue affects Stop Registration Spam: from n/a through <= 1.24.
7.1
CVE-2025-32566 - WordPress License For Envato Plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ashraful Sarkar Naiem License For Envato license-envato allows Reflected XSS.This issue affects License For Envato: from n/a through <= 1.0.0.
8.8
CVE-2025-32571 - WordPress TuriTop Booking System Plugin <= 1.0.10 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in TuriTop TuriTop Booking System turitop-booking-system allows Object Injection.This issue affects TuriTop Booking System: from n/a through <= 1.0.10.
9.8
CVE-2025-32572 - WordPress Kata Plus Plugin <= 1.5.3 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Climax Themes Kata Plus kata-plus allows Object Injection.This issue affects Kata Plus: from n/a through <= 1.5.3.
8.5
CVE-2025-32573 - WordPress KiotViet Sync Plugin <= 1.8.4 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kiotviet KiotViet Sync kiotvietsync allows SQL Injection.This issue affects KiotViet Sync: from n/a through <= 1.8.4.
7.1
CVE-2025-32578 - WordPress Coming Soon Countdown Plugin <= 2.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mapro Collins Coming Soon Countdown coming-soon-countdown allows Reflected XSS.This issue affects Coming Soon Countdown: from n/a through <= 2.2.
7.1
CVE-2025-32582 - WordPress WP AutoKeyword Plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EXEIdeas International WP AutoKeyword wp-autokeyword allows Stored XSS.This issue affects WP AutoKeyword: from n/a through <= 1.0.
9.9
CVE-2025-32583 - WordPress PDF 2 Post Plugin <= 2.4.0 - Remote Code Execution (RCE) vulnerability
Improper Control of Generation of Code ('Code Injection') vulnerability in termel PDF 2 Post pdf2post allows Remote Code Inclusion.This issue affects PDF 2 Post: from n/a through <= 2.4.0.
7.1
CVE-2025-32588 - WordPress Credova_Financial plugin <= 2.4.8 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Credova Financial Credova_Financial credova-financial allows Reflected XSS.This issue affects Credova_Financial: from n/a through <= 2.4.8.
7.1
CVE-2025-32590 - WordPress Web2application Plugin <= 6.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tzin111 Web2application web2application allows Reflected XSS.This issue affects Web2application: from n/a through <= 6.1.