CyberAlerts

CVE-2025-32499

WordPress Logo Showcase Ultimate plugin <= 1.4.4 - Local File Inclusion vulnerability

Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpWax Logo Showcase Ultimate allows PHP Local File Inclusion. This issue affects Logo Showcase Ultimate: from n/a through 1.4.4.

CVSS: MEDIUM (6.5)

EPSS Score: 0.05%

Source: CVE

April 9th, 2025 (13 days ago)

CVE-2025-32495

WordPress Waymark <= 1.5.2 - Cross Site Scripting (XSS) Vulnerability

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joe Waymark allows Stored XSS. This issue affects Waymark: from n/a through 1.5.2.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE

April 9th, 2025 (13 days ago)

CVE-2025-32494

WordPress reCAPTCHA Jetpack <= 0.2.2 - Cross Site Request Forgery (CSRF) Vulnerability

Description: Cross-Site Request Forgery (CSRF) vulnerability in bozdoz reCAPTCHA Jetpack allows Cross Site Request Forgery. This issue affects reCAPTCHA Jetpack: from n/a through 0.2.2.

CVSS: MEDIUM (4.3)

EPSS Score: 0.02%

Source: CVE

April 9th, 2025 (13 days ago)

CVE-2025-32493

WordPress BP Social Connect <= 1.6.2 - Cross Site Scripting (XSS) Vulnerability

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VibeThemes BP Social Connect allows Stored XSS. This issue affects BP Social Connect: from n/a through 1.6.2.

CVSS: MEDIUM (5.9)

EPSS Score: 0.03%

Source: CVE

April 9th, 2025 (13 days ago)

CVE-2025-32492

WordPress Admin Menu Post List <= 2.0.7 - Cross Site Scripting (XSS) Vulnerability

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eliot Akira Admin Menu Post List allows Stored XSS. This issue affects Admin Menu Post List: from n/a through 2.0.7.

CVSS: MEDIUM (5.9)

EPSS Score: 0.03%

Source: CVE

April 9th, 2025 (13 days ago)

CVE-2025-32489

WordPress Wetterwarner <= 2.7.2 - Cross Site Scripting (XSS) Vulnerability

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tim Wetterwarner allows Stored XSS. This issue affects Wetterwarner: from n/a through 2.7.2.

CVSS: MEDIUM (5.9)

EPSS Score: 0.03%

Source: CVE

April 9th, 2025 (13 days ago)

CVE-2025-32488

WordPress Aria Font <= 1.4 - Cross Site Scripting (XSS) Vulnerability

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in آریا وردپرس Aria Font allows Stored XSS. This issue affects Aria Font: from n/a through 1.4.

CVSS: MEDIUM (5.9)

EPSS Score: 0.03%

Source: CVE

April 9th, 2025 (13 days ago)

CVE-2025-32487

WordPress Waymark <= 1.5.2 - Server Side Request Forgery (SSRF) Vulnerability

Description: Server-Side Request Forgery (SSRF) vulnerability in Joe Waymark allows Server Side Request Forgery. This issue affects Waymark: from n/a through 1.5.2.

CVSS: MEDIUM (4.9)

EPSS Score: 0.03%

Source: CVE

April 9th, 2025 (13 days ago)

CVE-2025-32485

WordPress WP Performance Pack <= 2.5.4 - Cross Site Request Forgery (CSRF) Vulnerability

Description: Cross-Site Request Forgery (CSRF) vulnerability in Bjoern WP Performance Pack allows Cross Site Request Forgery. This issue affects WP Performance Pack: from n/a through 2.5.4.

CVSS: MEDIUM (4.3)

EPSS Score: 0.02%

Source: CVE

April 9th, 2025 (13 days ago)

CVE-2025-32483

WordPress Request Call Back <= 1.4.1 - Cross Site Scripting (XSS) Vulnerability

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scott Salisbury Request Call Back allows Stored XSS. This issue affects Request Call Back: from n/a through 1.4.1.

CVSS: MEDIUM (5.9)

EPSS Score: 0.03%

Source: CVE

April 9th, 2025 (13 days ago)

Threat and Vulnerability Intelligence Database

Example Searches: