CyberAlerts

CVE-2025-26888

WordPress WooCommerce Multilingual & Multicurrency plugin <= 5.3.8 - Broken Access Control vulnerability

Description: Missing Authorization vulnerability in OnTheGoSystems WooCommerce Multilingual & Multicurrency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Multilingual & Multicurrency: from n/a through 5.3.8.

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

SSVC Exploitation: none

Source: CVE

April 9th, 2025 (12 days ago)

CVE-2025-32695

WordPress Checkout Mestres WP <= 8.7.5 - Privilege Escalation Vulnerability

Description: Incorrect Privilege Assignment vulnerability in Mestres do WP Checkout Mestres WP allows Privilege Escalation. This issue affects Checkout Mestres WP: from n/a through 8.7.5.

CVSS: CRITICAL (9.8)

EPSS Score: 0.05%

Source: CVE

April 9th, 2025 (12 days ago)

CVE-2025-32694

WordPress Ultimate WP Mail <= 1.3.2 - Open Redirection Vulnerability

Description: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Rustaurius Ultimate WP Mail allows Phishing. This issue affects Ultimate WP Mail: from n/a through 1.3.2.

CVSS: MEDIUM (4.7)

EPSS Score: 0.03%

Source: CVE

April 9th, 2025 (12 days ago)

CVE-2025-32693

WordPress WebinarPress <= 1.33.27 - Open Redirection Vulnerability

Description: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WPWebinarSystem WebinarPress allows Phishing. This issue affects WebinarPress: from n/a through 1.33.27.

CVSS: MEDIUM (4.7)

EPSS Score: 0.03%

Source: CVE

April 9th, 2025 (12 days ago)

CVE-2025-32692

WordPress WP Subscription Forms <= 1.2.4 - Local File Inclusion Vulnerability

Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Shuffle WP Subscription Forms allows PHP Local File Inclusion. This issue affects WP Subscription Forms: from n/a through 1.2.4.

CVSS: HIGH (7.5)

EPSS Score: 0.13%

Source: CVE

April 9th, 2025 (12 days ago)

CVE-2025-32691

WordPress PowerPress Podcasting <= 11.12.4 - Server Side Request Forgery (SSRF) Vulnerability

Description: Server-Side Request Forgery (SSRF) vulnerability in Angelo Mandato PowerPress Podcasting allows Server Side Request Forgery. This issue affects PowerPress Podcasting: from n/a through 11.12.4.

CVSS: MEDIUM (4.9)

EPSS Score: 0.03%

Source: CVE

April 9th, 2025 (12 days ago)

CVE-2025-32690

WordPress PowerPress Podcasting <= 11.12.4 - Cross Site Scripting (XSS) Vulnerability

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Angelo Mandato PowerPress Podcasting allows DOM-Based XSS. This issue affects PowerPress Podcasting: from n/a through 11.12.4.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE

April 9th, 2025 (12 days ago)

CVE-2025-32685

WordPress WP Inquiries <= 0.2.1 - SQL Injection Vulnerability

Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aristo Rinjuang WP Inquiries allows SQL Injection. This issue affects WP Inquiries: from n/a through 0.2.1.

CVSS: HIGH (7.6)

EPSS Score: 0.04%

Source: CVE

April 9th, 2025 (12 days ago)

CVE-2025-32684

WordPress MapSVG Lite plugin <= 8.5.32 - Broken Access Control Vulnerability

Description: Missing Authorization vulnerability in RomanCode MapSVG Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MapSVG Lite: from n/a through 8.5.32.

CVSS: MEDIUM (5.0)

EPSS Score: 0.03%

Source: CVE

April 9th, 2025 (12 days ago)

CVE-2025-32683

WordPress MapSVG Lite plugin <= 8.5.32 - Cross Site Scripting (XSS) Vulnerability

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RomanCode MapSVG Lite allows DOM-Based XSS. This issue affects MapSVG Lite: from n/a through 8.5.32.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE

April 9th, 2025 (12 days ago)

Threat and Vulnerability Intelligence Database

Example Searches: