cleantalk
Vulnerabilities and Security Researches

Portfolio & Image Gallery for WordPress | PowerFolio, CVE-2025-57932

CVE, Research URL

CVE-2025-57932

Home page URL

Security reports for Portfolio & Image Gallery for WordPress | PowerFolio

Application

Portfolio & Image Gallery for WordPress | PowerFolio

Published on
Sep 23, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Diego Pereira PowerFolio portfolio-elementor allows Stored XSS.This issue affects PowerFolio: from n/a through <= 3.2.1.
Affected versions
max 3.2.2.
Status
vulnerable
Previous vulnerability researches
Maps for WP (CVE-2025-57952) , Apr 24, 2026
Maps for WP (CVE-2025-32179) , Apr 06, 2025
Maps for WP (CVE-2024-13648) , Feb 22, 2025
New vulnerability
Tutor LMS &#8211; eLearning and online course solution (CVE-2025-6680) , Apr 25, 2026
Conditional CAPTCHA (CVE-2026-1369) , Apr 25, 2026
Memberful WP (CVE-2025-58000) , Apr 25, 2026
Generic Elements (CVE-2025-9080) , Apr 25, 2026
Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net (CVE-2025-9463) , Apr 25, 2026