7.1
CVE-2025-32560 - WordPress WP-Hijri Plugin <= 1.5.3 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mohammad I. Okfie WP-Hijri wp-hijri allows Reflected XSS.This issue affects WP-Hijri: from n/a through <= 1.5.3.
7.1
CVE-2025-32561 - WordPress WP_DEBUG Toggle plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in plugins.club WP_DEBUG Toggle enable-wp-debug-toggle allows Reflected XSS.This issue affects WP_DEBUG Toggle: from n/a through <= 1.1.
7.1
CVE-2025-32562 - WordPress WP Easy Poll Plugin <= 2.2.9 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aviplugins.com WP Easy Poll wp-easy-poll-afo allows Reflected XSS.This issue affects WP Easy Poll: from n/a through <= 2.2.9.
7.1
CVE-2025-32564 - WordPress Stop Registration Spam Plugin <= 1.24 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tomroyal Stop Registration Spam stop-registration-spam allows Reflected XSS.This issue affects Stop Registration Spam: from n/a through <= 1.24.
7.1
CVE-2025-32566 - WordPress License For Envato Plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ashraful Sarkar Naiem License For Envato license-envato allows Reflected XSS.This issue affects License For Envato: from n/a through <= 1.0.0.
8.8
CVE-2025-32571 - WordPress TuriTop Booking System Plugin <= 1.0.10 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in TuriTop TuriTop Booking System turitop-booking-system allows Object Injection.This issue affects TuriTop Booking System: from n/a through <= 1.0.10.
9.8
CVE-2025-32572 - WordPress Kata Plus Plugin <= 1.5.3 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Climax Themes Kata Plus kata-plus allows Object Injection.This issue affects Kata Plus: from n/a through <= 1.5.3.
8.5
CVE-2025-32573 - WordPress KiotViet Sync Plugin <= 1.8.4 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kiotviet KiotViet Sync kiotvietsync allows SQL Injection.This issue affects KiotViet Sync: from n/a through <= 1.8.4.
7.1
CVE-2025-32578 - WordPress Coming Soon Countdown Plugin <= 2.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mapro Collins Coming Soon Countdown coming-soon-countdown allows Reflected XSS.This issue affects Coming Soon Countdown: from n/a through <= 2.2.
7.1
CVE-2025-32582 - WordPress WP AutoKeyword Plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EXEIdeas International WP AutoKeyword wp-autokeyword allows Stored XSS.This issue affects WP AutoKeyword: from n/a through <= 1.0.