5.9
CVE-2025-32130 - WordPress Posts Footer Manager plugin <= 2.2.0 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Data443 Risk Mitigation, Inc. Posts Footer Manager intelly-posts-footer-manager allows Stored XSS.This issue affects Posts Footer Manager: from n/a through <= 2.2.0.
5.9
CVE-2025-32129 - WordPress Welcome Bar plugin <= 2.0.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Data443 Risk Mitigation, Inc. Welcome Bar intelly-welcome-bar allows Stored XSS.This issue affects Welcome Bar: from n/a through <= 2.0.4.
7.6
CVE-2025-32127 - WordPress onOffice for WP-Websites plugin <= 5.7 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in onOffice GmbH onOffice for WP-Websites onoffice-for-wp-websites allows SQL Injection.This issue affects onOffice for WP-Websites: from n/a through <= 5.7.
7.6
CVE-2025-32126 - WordPress Pay with Contact Form 7 Plugin <= 1.0.4 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in cmsMinds Pay with Contact Form 7 pay-with-contact-form-7 allows SQL Injection.This issue affects Pay with Contact Form 7: from n/a through <= 1.0.4.
7.6
CVE-2025-32125 - WordPress Silvasoft boekhouden plugin <= 3.0.6 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in silvasoft Silvasoft boekhouden silvasoft-boekhouden allows SQL Injection.This issue affects Silvasoft boekhouden: from n/a through <= 3.0.6.
7.6
CVE-2025-32124 - WordPress Behance Portfolio Manager plugin <= 1.7.5 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in eleopard Behance Portfolio Manager portfolio-manager-powered-by-behance allows Blind SQL Injection.This issue affects Behance Portfolio Manager: from n/a through <= 1.7.5.
7.6
CVE-2025-32122 - WordPress uListing plugin <= 2.2.0 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stylemix uListing ulisting allows Blind SQL Injection.This issue affects uListing: from n/a through <= 2.2.0.
7.6
CVE-2025-32121 - WordPress Video & Photo Gallery for Ultimate Member plugin <= 1.1.3 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SuitePlugins Video & Photo Gallery for Ultimate Member gallery-for-ultimate-member allows SQL Injection.This issue affects Video & Photo Gallery for Ultimate Member: from n/a through <= 1.1.3.
7.6
CVE-2025-32120 - WordPress Easy Query β WP Query Builder plugin <= 2.0.4 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in edanzer Easy Query β WP Query Builder easy-query allows Blind SQL Injection.This issue affects Easy Query β WP Query Builder: from n/a through <= 2.0.4.
9.1
CVE-2025-32118 - WordPress CMP β Coming Soon & Maintenance plugin <= 4.1.14 - Remote Code Execution (RCE) vulnerabilβ¦
Unrestricted Upload of File with Dangerous Type vulnerability in NiteoThemes CMP β Coming Soon & Maintenance cmp-coming-soon-maintenance allows Using Malicious Files.This issue affects CMP β Coming Soon & Maintenance: from n/a through <= 4.1.14.