4.3
CVE-2025-32236 - WordPress Woocommerce Products Reorder Drag Drop Multiple Sort plugin <= 1.9 - Broken Access Controβ¦
Missing Authorization vulnerability in Vagonic Woocommerce Products Reorder Drag Drop Multiple Sort β Sortable, Rearrange Products Vagonic vagonic-sortable.This issue affects Woocommerce Products Reorder Drag Drop Multiple Sort β Sortable, Rearrange Products Vagonic: from n/a through <= 1.9.
4.3
CVE-2025-32230 - WordPress Tutor LMS plugin <= 3.4.0 - HTML Injection vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Themeum Tutor LMS tutor.This issue affects Tutor LMS: from n/a through <= 3.4.0.
4.3
CVE-2025-32228 - WordPress Ai Image Alt Text Generator for WP plugin <= 1.1.9 - Sensitive Data Exposure vulnerability
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WP Messiah Ai Image Alt Text Generator for WP ai-image-alt-text-generator-for-wp allows Retrieve Embedded Sensitive Data.This issue affects Ai Image Alt Text Generator for WP: from n/a through <= 1.1.9.
0.0
CVE-2025-32227 - WordPress Asgaros Forum plugin <= 3.0.0 - File Upload Numbers Bypass vulnerability
Authentication Bypass by Spoofing vulnerability in Asgaros Asgaros Forum asgaros-forum allows Identity Spoofing.This issue affects Asgaros Forum: from n/a through <= 3.0.0.
5.4
CVE-2025-32221 - WordPress EazyDocs plugin <= 2.7.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Spider Themes EazyDocs eazydocs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EazyDocs: from n/a through <= 2.7.1.
6.4
CVE-2025-32216 - WordPress Spider Elements β Addons for Elementor plugin <= 1.6.6 - Broken Access Control vulnerabilβ¦
Missing Authorization vulnerability in Spider Themes Spider Elements spider-elements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spider Elements: from n/a through <= 1.6.6.
6.5
CVE-2025-32215 - WordPress Accessibility Suite plugin <= 4.18 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Ability, Inc Accessibility Suite online-accessibility allows Stored XSS.This issue affects Accessibility Suite: from n/a through <= 4.18.
6.5
CVE-2025-32214 - WordPress Hive Support plugin <= 1.2.11 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hive Support Hive Support hive-support allows Stored XSS.This issue affects Hive Support: from n/a through <= 1.2.11.
6.5
CVE-2025-32213 - WordPress Flo Forms plugin <= 1.0.43 - Broken Access Control vulnerability
Missing Authorization vulnerability in flothemesplugins Flo Forms flo-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flo Forms: from n/a through <= 1.0.43.
6.5
CVE-2025-32212 - WordPress Specia Companion plugin <= 6.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in Specia Theme Specia Companion specia-companion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Specia Companion: from n/a through <= 6.3.