8.8
CVE-2025-32141 - WordPress MasterStudy LMS plugin <= 3.5.28 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows PHP Local File Inclusion.This issue affects MasterStudy LMS: from n/a through <= 3.5.28.
6.6
CVE-2025-32138 - WordPress Easy Google Maps plugin <= 1.11.18 - XML External Entity vulnerability
Improper Restriction of XML External Entity Reference vulnerability in supsystic Easy Google Maps google-maps-easy allows XML Injection.This issue affects Easy Google Maps: from n/a through <= 1.11.18.
4.9
CVE-2025-32137 - WordPress s2Member plugin <= 250419 - Local File Inclusion vulnerability
Relative Path Traversal vulnerability in CristiΓ‘n LΓ‘vaque s2Member s2member allows Path Traversal.This issue affects s2Member: from n/a through <= 250419.
5.9
CVE-2025-32136 - WordPress ActiveCampaign Plugin <= 8.1.16 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in activecampaign ActiveCampaign activecampaign-subscription-forms allows Stored XSS.This issue affects ActiveCampaign: from n/a through <= 8.1.16.
5.9
CVE-2025-32135 - WordPress Split Test For Elementor plugin <= 1.8.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rocketelements Split Test For Elementor split-test-for-elementor allows Stored XSS.This issue affects Split Test For Elementor: from n/a through <= 1.8.4.
5.9
CVE-2025-32134 - WordPress URL Shortify Plugin <= 1.10.5.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KaizenCoders URL Shortify url-shortify allows Stored XSS.This issue affects URL Shortify: from n/a through <= 1.10.5.1.
5.9
CVE-2025-32133 - WordPress Secure Copy Content Protection and Content Locking plugin <= 4.5.5 - Cross Site Scriptingβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Secure Copy Content Protection and Content Locking secure-copy-content-protection allows Stored XSS.This issue affects Secure Copy Content Protection and Content Locking: from n/a through <β¦
5.9
CVE-2025-32132 - WordPress FunnelCockpit Plugin <= 1.4.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FunnelCockpit FunnelCockpit funnelcockpit allows Stored XSS.This issue affects FunnelCockpit: from n/a through <= 1.4.3.
5.9
CVE-2025-32131 - WordPress Social Intents plugin <= 1.6.19 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in socialintents Social Intents live-chat-support-by-social-intents allows Stored XSS.This issue affects Social Intents: from n/a through <= 1.6.19.
5.9
CVE-2025-32130 - WordPress Posts Footer Manager plugin <= 2.2.0 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Data443 Risk Mitigation, Inc. Posts Footer Manager intelly-posts-footer-manager allows Stored XSS.This issue affects Posts Footer Manager: from n/a through <= 2.2.0.