7.1
CVE-2025-32575 - WordPress WP w3all phpBB Plugin <= 2.9.9 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in axew3 WP w3all phpBB wp-w3all-phpbb-integration allows Reflected XSS.This issue affects WP w3all phpBB: from n/a through <= 2.9.9.
9.6
CVE-2025-32576 - WordPress WP shop plugin <= 2.6.1 - CSRF to Arbitrary File Upload vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Agence web Eoxia - Montpellier WP shop wpshop allows Upload a Web Shell to a Web Server.This issue affects WP shop: from n/a through <= 2.6.1.
7.1
CVE-2025-32580 - WordPress DeBounce Email Validator plugin <= 5.7.1 - CSRF to Stored XSS vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in debounce DeBounce Email Validator debounce-io-email-validator allows Stored XSS.This issue affects DeBounce Email Validator: from n/a through <= 5.7.1.
7.1
CVE-2025-32581 - WordPress WordPress Spam Blocker Plugin <= 2.0.5 - CSRF to Stored XSS vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ankit Singla WordPress Spam Blocker cf7-manual-spam-blocker allows Stored XSS.This issue affects WordPress Spam Blocker: from n/a through <= 2.0.5.
7.1
CVE-2025-32584 - WordPress Chat2 plugin <= 4.0 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Chat2 Chat2 chat2 allows Cross Site Request Forgery.This issue affects Chat2: from n/a through <= 4.0.
7.1
CVE-2025-32591 - WordPress WP Abstracts Plugin <= 2.7.5 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Kevon Adonis WP Abstracts wp-abstracts-manuscripts-manager allows Cross Site Request Forgery.This issue affects WP Abstracts: from n/a through <= 2.7.5.
7.1
CVE-2025-32597 - WordPress WordPress Events Calendar Plugin β connectDaily plugin <= 1.5.4 - CSRF to Cross-Site Scriβ¦
Cross-Site Request Forgery (CSRF) vulnerability in George Sexton WordPress Events Calendar Plugin β connectDaily connect-daily-web-calendar allows Cross-Site Scripting (XSS).This issue affects WordPress Events Calendar Plugin β connectDaily: from n/a through <= 1.5.4.
7.1
CVE-2025-32610 - WordPress Foliopress WYSIWYG plugin <= 2.6.18 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in FolioVision Foliopress WYSIWYG foliopress-wysiwyg allows Cross Site Request Forgery.This issue affects Foliopress WYSIWYG: from n/a through <= 2.6.18.
7.1
CVE-2025-32612 - WordPress User Session Synchronizer plugin <= 1.4.0 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in rafasashi User Session Synchronizer user-session-synchronizer allows Stored XSS.This issue affects User Session Synchronizer: from n/a through <= 1.4.0.
7.1
CVE-2025-32616 - WordPress Nimbata Call Tracking plugin <= 1.7.4 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in nimbata Nimbata Call Tracking nimbata-call-tracking allows Stored XSS.This issue affects Nimbata Call Tracking: from n/a through <= 1.7.4.