0.0
CVE-2025-32684 - WordPress MapSVG Lite plugin <= 8.6.4 - Broken Access Control Vulnerability
Missing Authorization vulnerability in RomanCode MapSVG mapsvg-lite-interactive-vector-maps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MapSVG: from n/a through <= 8.6.4.
0.0
CVE-2025-32685 - WordPress WP Inquiries plugin <= 0.2.1 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aristo Rinjuang WP Inquiries wp-inquiries allows SQL Injection.This issue affects WP Inquiries: from n/a through <= 0.2.1.
0.0
CVE-2025-32690 - WordPress PowerPress Podcasting plugin <= 11.12.5 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in blubrry PowerPress Podcasting powerpress allows DOM-Based XSS.This issue affects PowerPress Podcasting: from n/a through <= 11.12.5.
0.0
CVE-2025-32691 - WordPress PowerPress Podcasting plugin <= 11.12.6 - Server Side Request Forgery (SSRF) Vulnerability
Server-Side Request Forgery (SSRF) vulnerability in blubrry PowerPress Podcasting powerpress allows Server Side Request Forgery.This issue affects PowerPress Podcasting: from n/a through <= 11.12.6.
0.0
CVE-2025-32692 - WordPress WP Subscription Forms plugin <= 1.2.4 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Shuffle WP Subscription Forms wp-subscription-forms allows PHP Local File Inclusion.This issue affects WP Subscription Forms: from n/a through <= 1.2.4.
0.0
CVE-2025-32693 - WordPress WebinarPress plugin <= 1.33.28 - Open Redirection Vulnerability
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WPWebinarSystem WebinarPress wp-webinarsystem allows Phishing.This issue affects WebinarPress: from n/a through <= 1.33.28.
0.0
CVE-2025-32694 - WordPress Ultimate WP Mail plugin <= 1.3.10 - Open Redirection vulnerability
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Rustaurius Ultimate WP Mail ultimate-wp-mail allows Phishing.This issue affects Ultimate WP Mail: from n/a through <= 1.3.10.
7.5
CVE-2025-32380 - Apollo Router Query Validation Vulnerable to Excessive Resource Consumption via Named Fragment Procβ¦
The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. A vulnerability in Apollo Router's usage of Apollo Compiler allowed queries with deeply nested and reused named fragments to be prohibitively expensivβ¦
5
CVE-2025-32379 - XSS at ctx.redirect() function in Koajs
Koa is expressive middleware for Node.js using ES2017 async functions. In koa < 2.16.1 and < 3.0.0-alpha.5, passing untrusted user input to ctx.redirect() even after sanitizing it, may execute javascript code on the user who use the app. This issue is patched in 2.16.1 and 3.0.0-alpha.5.
4.7
CVE-2025-32016 - Microsoft Identity Web Exposes Client Secrets and Certificate Information in Service Logs
Microsoft Identity Web is a library which contains a set of reusable classes used in conjunction with ASP.NET Core for integrating with the Microsoft identity platform (formerly Azure AD v2.0 endpoint) and AAD B2C. This vulnerability affects confidential client applications, including daemons, web β¦