5.9
CVE-2025-32680 - WordPress Review Stream plugin <= 1.6.7 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Grade Us, Inc. Review Stream review-stream allows Stored XSS.This issue affects Review Stream: from n/a through <= 1.6.7.
6.5
CVE-2025-32683 - WordPress MapSVG Lite plugin <= 8.6.6 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RomanCode MapSVG mapsvg-lite-interactive-vector-maps allows DOM-Based XSS.This issue affects MapSVG: from n/a through <= 8.6.6.
5
CVE-2025-32684 - WordPress MapSVG Lite plugin <= 8.6.4 - Broken Access Control Vulnerability
Missing Authorization vulnerability in RomanCode MapSVG mapsvg-lite-interactive-vector-maps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MapSVG: from n/a through <= 8.6.4.
7.6
CVE-2025-32685 - WordPress WP Inquiries plugin <= 0.2.1 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aristo Rinjuang WP Inquiries wp-inquiries allows SQL Injection.This issue affects WP Inquiries: from n/a through <= 0.2.1.
6.5
CVE-2025-32690 - WordPress PowerPress Podcasting plugin <= 11.12.5 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in blubrry PowerPress Podcasting powerpress allows DOM-Based XSS.This issue affects PowerPress Podcasting: from n/a through <= 11.12.5.
4.9
CVE-2025-32691 - WordPress PowerPress Podcasting plugin <= 11.12.6 - Server Side Request Forgery (SSRF) Vulnerability
Server-Side Request Forgery (SSRF) vulnerability in blubrry PowerPress Podcasting powerpress allows Server Side Request Forgery.This issue affects PowerPress Podcasting: from n/a through <= 11.12.6.
7.5
CVE-2025-32692 - WordPress WP Subscription Forms plugin <= 1.2.4 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Shuffle WP Subscription Forms wp-subscription-forms allows PHP Local File Inclusion.This issue affects WP Subscription Forms: from n/a through <= 1.2.4.
4.7
CVE-2025-32693 - WordPress WebinarPress plugin <= 1.33.28 - Open Redirection Vulnerability
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WPWebinarSystem WebinarPress wp-webinarsystem allows Phishing.This issue affects WebinarPress: from n/a through <= 1.33.28.
4.7
CVE-2025-32694 - WordPress Ultimate WP Mail plugin <= 1.3.10 - Open Redirection vulnerability
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Rustaurius Ultimate WP Mail ultimate-wp-mail allows Phishing.This issue affects Ultimate WP Mail: from n/a through <= 1.3.10.
7.5
CVE-2025-32380 - Apollo Router Query Validation Vulnerable to Excessive Resource Consumption via Named Fragment Procβ¦
The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. A vulnerability in Apollo Router's usage of Apollo Compiler allowed queries with deeply nested and reused named fragments to be prohibitively expensivβ¦