6.5
CVE-2025-32180 - WordPress Product Carousel For WooCommerce β WoorouSell plugin <= 1.1.0 - Cross Site Scripting (XSSβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mojofywp Product Carousel For WooCommerce β WoorouSell woorousell allows Stored XSS.This issue affects Product Carousel For WooCommerce β WoorouSell: from n/a through <= 1.1.0.
7.1
CVE-2025-32245 - WordPress Featured Posts Scroll plugin <= 1.25 - CSRF to Stored Cross Site Scripting (XSS) vulnerabβ¦
Cross-Site Request Forgery (CSRF) vulnerability in Chaser324 Featured Posts Scroll featured-posts-scroll allows Stored XSS.This issue affects Featured Posts Scroll: from n/a through <= 1.25.
8.5
CVE-2025-32287 - WordPress Responsive HTML5 Audio Player PRO With Playlist plugin <= 3.5.7 - SQL Injection Vulnerabiβ¦
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Responsive HTML5 Audio Player PRO With Playlist lbg-audio2-html5 allows SQL Injection.This issue affects Responsive HTML5 Audio Player PRO With Playlist: from n/a through <= 3.5.7.
8.5
CVE-2025-32290 - WordPress Sticky HTML5 Music Player plugin <= 3.1.6 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Sticky HTML5 Music Player lbg-audio3-html5 allows SQL Injection.This issue affects Sticky HTML5 Music Player: from n/a through <= 3.1.6.
4.3
CVE-2025-32295 - WordPress Salon Booking Wordpress plugin <= 10.10.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in wordpresschef Salon Booking Pro salon-booking-plugin-pro-cc allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Salon Booking Pro: from n/a through <= 10.10.2.
5.3
CVE-2025-32296 - WordPress Simple Link Directory Pro plugin < 14.8.1 - Broken Access Control Vulnerability
Missing Authorization vulnerability in quantumcloud Simple Link Directory qc-simple-link-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Link Directory: from n/a through < 14.8.1.
4.3
CVE-2025-32299 - WordPress QuickCal plugin <= 1.0.15 - Sensitive Data Exposure Vulnerability
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Themovation QuickCal - Appointment Booking Calendar for WordPress quickcal allows Retrieve Embedded Sensitive Data.This issue affects QuickCal - Appointment Booking Calendar for WordPress: from n/a through <β¦
8.5
CVE-2025-32301 - WordPress CountDown Pro WP Plugin <= 2.7 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup CountDown Pro WP Plugin circular_countdown allows SQL Injection.This issue affects CountDown Pro WP Plugin: from n/a through <= 2.7.
8.5
CVE-2025-32306 - WordPress Radio Player Shoutcast & Icecast theme <= 4.4.6 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Radio Player Shoutcast & Icecast WordPress Plugin audio4-html5 allows Blind SQL Injection.This issue affects Radio Player Shoutcast & Icecast WordPress Plugin: from n/a through <= 4.4.β¦
8.5
CVE-2025-32307 - WordPress Chameleon HTML5 Audio Player With/Without Playlist plugin <= 3.5.6 - SQL Injection Vulnerβ¦
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Chameleon HTML5 Audio Player With/Without Playlist lbg-audio1-html5 allows SQL Injection.This issue affects Chameleon HTML5 Audio Player With/Without Playlist: from n/a through <= 3.5.β¦