0.0
CVE-2025-32115 - WordPress Popping Content Light plugin <= 2.4 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes Popping Content Light popping-content-light allows Reflected XSS.This issue affects Popping Content Light: from n/a through <= 2.4.
0.0
CVE-2025-32114 - WordPress 5sterrenspecialist plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 5sterrenspecialist WordPress 5sterrenspecialist Plugin 5-sterrenspecialist allows Reflected XSS.This issue affects WordPress 5sterrenspecialist Plugin: from n/a through <= 1.4.
0.0
CVE-2025-31524 - WordPress WP User Profiles plugin <= 2.6.2 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in John James Jacoby WP User Profiles wp-users-profiles allows Privilege Escalation.This issue affects WP User Profiles: from n/a through <= 2.6.2.
0.0
CVE-2025-30582 - WordPress DyaPress ERP/CRM plugin <= 18.0.2.0 - Local File Inclusion Vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in aytechnet DyaPress ERP/CRM dyapress allows PHP Local File Inclusion.This issue affects DyaPress ERP/CRM: from n/a through <= 18.0.2.0.
0.0
CVE-2025-32687 - WordPress Review Stars Count For WooCommerce plugin <= 2.0 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Magnigenie Review Stars Count For WooCommerce review-stars-count-for-woocommerce allows SQL Injection.This issue affects Review Stars Count For WooCommerce: from n/a through <= 2.0.
0.0
CVE-2025-32668 - WordPress Real Estate Manager plugin <= 7.3 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Rameez Iqbal Real Estate Manager real-estate-manager allows PHP Local File Inclusion.This issue affects Real Estate Manager: from n/a through <= 7.3.
6
CVE-2024-38865 - Livestatus command injection in RestAPI
Improper neutralization of livestatus command delimiters in a specific endpoint within RestAPI of Checkmk prior to 2.2.0p39, 2.3.0p25, and 2.1.0p51 (EOL) allows arbitrary livestatus command execution. Exploitation requires the attacker to have a contact group assigned to their user account and for β¦
8.8
CVE-2025-3417 - Embedder 1.3 - 1.3.5 - Authenticated (Subscriber+) Arbitrary Options Update
The Embedder plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajax_set_global_option() function in versions 1.3 to 1.3.5. This makes it possible for authenticated attackers, with Subscriber-level aβ¦
4.9
CVE-2024-13909 - Accredible Certificates & Open Badges <= 1.4.9 - Authenticated (Administrator+) SQL Injection via oβ¦
The Accredible Certificates & Open Badges plugin for WordPress is vulnerable to time-based SQL Injection via the βorderbyβ parameter in all versions up to, and including, 1.4.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. β¦
7.3
CVE-2025-2805 - ORDER POST <= 2.0.2 - Unauthenticated Arbitrary Shortcode Execution
The ORDER POST plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.2. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticβ¦