9.3
CVE-2025-32603 - WordPress WP Online Users Stats plugin <= 1.0.0 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in HK WP Online Users Stats wp-online-users-stats allows Blind SQL Injection.This issue affects WP Online Users Stats: from n/a through <= 1.0.0.
7.1
CVE-2025-32601 - WordPress Twispay Credit Card Payments Plugin <= 2.1.2 - Reflected Cross Site Scripting (XSS) vulneβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in twispay Twispay Credit Card Payments twispay allows Reflected XSS.This issue affects Twispay Credit Card Payments: from n/a through <= 2.1.2.
7.1
CVE-2025-32600 - WordPress Tournamatch plugin <= 4.7.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tournamatch Tournamatch tournamatch allows Reflected XSS.This issue affects Tournamatch: from n/a through <= 4.7.0.
7.1
CVE-2025-32599 - WordPress Task Scheduler Plugin <= 1.6.3 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in miunosoft Task Scheduler task-scheduler allows Reflected XSS.This issue affects Task Scheduler: from n/a through <= 1.6.3.
7.1
CVE-2025-32598 - WordPress WP Table Builder plugin <= 2.0.5 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Table Builder WP Table Builder wp-table-builder allows Reflected XSS.This issue affects WP Table Builder: from n/a through <= 2.0.5.
8.1
CVE-2025-32589 - WordPress Flexi β Guest Submit Plugin <= 4.28 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in odude Flexi β Guest Submit flexi allows PHP Local File Inclusion.This issue affects Flexi β Guest Submit: from n/a through <= 4.28.
8.1
CVE-2025-32587 - WordPress WooCommerce Pickupp plugin <= 2.4.3 - Local File Inclusion vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in pickupp WooCommerce Pickupp wc-pickupp allows PHP Local File Inclusion.This issue affects WooCommerce Pickupp: from n/a through <= 2.4.3.
7.1
CVE-2025-32586 - WordPress ABA PayWay Payment Gateway for WooCommerce Plugin <= 2.1.4 - Reflected Cross Site Scriptiβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ABA Bank ABA PayWay Payment Gateway for WooCommerce aba-payway-woocommerce-payment-gateway allows Reflected XSS.This issue affects ABA PayWay Payment Gateway for WooCommerce: from n/a through <= 2.β¦
7.5
CVE-2025-32585 - WordPress Shop Products Filter Plugin <= 1.2 - Local File Inclusion vulnerability
Path Traversal: '.../...//' vulnerability in Trusty Plugins Shop Products Filter trusty-woo-products-filter allows PHP Local File Inclusion.This issue affects Shop Products Filter: from n/a through <= 1.2.
9.9
CVE-2025-32579 - WordPress Sync Posts Plugin <= 1.0 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in SoftClever Limited Sync Posts sync-posts allows Upload a Web Shell to a Web Server.This issue affects Sync Posts: from n/a through <= 1.0.