CVEs

31,891 total · page 261 of 638

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2025-52823	ovatheme Cube Portfolio	Hig	0.55	8.5	Aug 14, 2025	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ovatheme Cube Portfolio cubeportfolio allows SQL Injection.This issue affects Cube Portfolio: from n/a through <= 1.16.8.
CVE-2025-52820	WordPress Woocommerce Point Of Sale	Hig	0.55	8.5	Aug 14, 2025	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in infosoftplugin WooCommerce Point Of Sale (POS) woo-point-of-salepos allows SQL Injection.This issue affects WooCommerce Point Of Sale (POS): from n/a through <= 1.4.
CVE-2025-52806	WordPress Wp Jobsearch	Hig	0.49	7.5	Aug 14, 2025	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in eyecix JobSearch wp-jobsearch allows PHP Local File Inclusion.This issue affects JobSearch: from n/a through < 3.0.8.
CVE-2025-52801	VonStroheim thebooking	Hig	0.47	7.3	Aug 14, 2025	Missing Authorization vulnerability in VonStroheim TheBooking thebooking allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects TheBooking: from n/a through <= 1.4.4.
CVE-2025-52800	Unity Business Technology Pty Ltd The E-Commerce ERP	Hig	0.47	7.3	Aug 14, 2025	Missing Authorization vulnerability in Unity Business Technology Pty Ltd The E-Commerce ERP profitori allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects The E-Commerce ERP: from n/a through <= 2.1.1.3.
CVE-2025-52788	Russelljamieson CaptionPix	Hig	0.46	7.1	Aug 14, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Russell Jamieson CaptionPix captionpix allows Reflected XSS.This issue affects CaptionPix: from n/a through <= 1.8.
CVE-2025-52785	WordPress Smm API	Hig	0.46	7.1	Aug 14, 2025	Missing Authorization vulnerability in softnwords SMM API smm-api allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SMM API: from n/a through <= 6.0.31.
CVE-2025-52775	Ronik@UnlimitedWP Project Cost Calculator	Hig	0.46	7.1	Aug 14, 2025	Missing Authorization vulnerability in Ronik@UnlimitedWP Project Cost Calculator project-cost-calculator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Project Cost Calculator: from n/a through <= 1.0.0.
CVE-2025-52732	Realmag777 GMap Targeting	Hig	0.57	8.8	Aug 14, 2025	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RealMag777 GMap Targeting gmap-targeting allows PHP Local File Inclusion.This issue affects GMap Targeting: from n/a through <= 1.1.6.
CVE-2025-52731	themefunction eventin-pro	Hig	0.49	7.5	Aug 14, 2025	Missing Authorization vulnerability in themefunction WordPress Event Manager, Event Calendar and Booking Plugin eventin-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Event Manager, Event Calendar and Booking Plugin: from…
CVE-2025-52728	WordPress Responsive Posts Carousel Pro	Hig	0.49	7.5	Aug 14, 2025	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WebCodingPlace Responsive Posts Carousel Pro responsive-posts-carousel-pro allows PHP Local File Inclusion.This issue affects Responsive Posts Carousel Pro:…
CVE-2025-52716	Acato WP REST Cache	Hig	0.49	7.5	Aug 14, 2025	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Acato WP REST Cache wp-rest-cache allows PHP Local File Inclusion.This issue affects WP REST Cache: from n/a through <= 2025.1.0.
CVE-2025-49869	Themewinter Eventin	Hig	0.57	8.8	Aug 14, 2025	Deserialization of Untrusted Data vulnerability in Arraytics Eventin wp-event-solution allows Object Injection.This issue affects Eventin: from n/a through <= 4.0.31.
CVE-2025-49271	GravityWP gravitywp-merge-tags	Hig	0.49	7.5	Aug 14, 2025	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in GravityWP GravityWP - Merge Tags gravitywp-merge-tags allows PHP Local File Inclusion.This issue affects GravityWP - Merge Tags: from n/a through <= 1.4.4.
CVE-2025-49267	WordPress Acf Frontend Form Element	Hig	0.55	8.5	Aug 14, 2025	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shabti Kaplan Frontend Admin by DynamiApps acf-frontend-form-element allows Blind SQL Injection.This issue affects Frontend Admin by DynamiApps: from n/a through <= 3.28.3.
CVE-2025-49264	Cloud Infrastructure Services Cloud SAML SSO - Single Sign On Login	Hig	0.49	7.5	Aug 14, 2025	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Cloud Infrastructure Services Cloud SAML SSO - Single Sign On Login cloud-sso-single-sign-on allows PHP Local File Inclusion.This issue affects Cloud SAML SSO…
CVE-2025-49065	BestiaDurmiente Visit Counter	Hig	0.46	7.1	Aug 14, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BestiaDurmiente Visit Counter visit-counter allows Stored XSS.This issue affects Visit Counter: from n/a through <= 1.0.
CVE-2025-49064	WordPress User Language Switch	Hig	0.46	7.1	Aug 14, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webilop User Language Switch user-language-switch allows Reflected XSS.This issue affects User Language Switch: from n/a through <= 1.6.10.
CVE-2025-49063	WordPress I3geek Baiduxzh	Hig	0.46	7.1	Aug 14, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in i3geek BaiduXZH Submit(百度熊掌号) i3geek-baiduxzh allows Reflected XSS.This issue affects BaiduXZH Submit(百度熊掌号): from n/a through <= 1.4.6.
CVE-2025-49062	cornfeed wp-jscrollpane	Hig	0.46	7.1	Aug 14, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cornfeed WP-jScrollPane wp-jscrollpane allows Reflected XSS.This issue affects WP-jScrollPane: from n/a through <= 2.0.3.
CVE-2025-49058	WordPress Soundst Seo Search	Hig	0.46	7.1	Aug 14, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sound Strategies SoundSt SEO Search soundst-seo-search allows Reflected XSS.This issue affects SoundSt SEO Search: from n/a through <= 1.2.3.
CVE-2025-49057	WordPress Wp Voting	Hig	0.46	7.1	Aug 14, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ko Min WP Voting wp-voting allows Reflected XSS.This issue affects WP Voting: from n/a through <= 1.8.
CVE-2025-49056	WordPress Duoshuo	Hig	0.46	7.1	Aug 14, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shen2 多说社会化评论框 duoshuo allows Reflected XSS.This issue affects 多说社会化评论框: from n/a through <= 1.2.
CVE-2025-49054	mrdenny Time Sheets	Hig	0.46	7.1	Aug 14, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mrdenny Time Sheets time-sheets allows Reflected XSS.This issue affects Time Sheets: from n/a through <= 2.1.3.
CVE-2025-49044	WordPress Simple Poll	Hig	0.46	7.1	Aug 14, 2025	Cross-Site Request Forgery (CSRF) vulnerability in tosend.it Simple Poll simple-poll allows Stored XSS.This issue affects Simple Poll: from n/a through <= 1.1.1.
CVE-2025-49038	WordPress Wp Dynamic Links	Hig	0.46	7.1	Aug 14, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Soflyy WP Dynamic Links wp-dynamic-links allows Reflected XSS.This issue affects WP Dynamic Links: from n/a through <= 1.0.1.
CVE-2025-49037	WordPress Authentication And Xmlrpc Log Writer	Hig	0.46	7.1	Aug 14, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Federico Rota Authentication and xmlrpc log writer authentication-and-xmlrpc-log-writer allows Reflected XSS.This issue affects Authentication and xmlrpc log writer: from n/a…
CVE-2025-49036	WordPress Premium Addons For Kingcomposer	Hig	0.53	8.1	Aug 14, 2025	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in octagonwebstudio Premium Addons for KingComposer premium-addons-for-kingcomposer allows PHP Local File Inclusion.This issue affects Premium Addons for…
CVE-2025-49033	Metagauss Profilegrid	Hig	0.55	8.5	Aug 14, 2025	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Blind SQL Injection.This issue affects ProfileGrid : from n/a through <= 5.9.5.3.
CVE-2025-48332	Themehunk Gutenberg Blocks	Hig	0.49	7.5	Aug 14, 2025	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PublishPress Gutenberg Blocks advanced-gutenberg allows PHP Local File Inclusion.This issue affects Gutenberg Blocks: from n/a through <= 3.3.1.
CVE-2025-47689	WordPress Video Blogster Lite	Hig	0.46	7.1	Aug 14, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in johnh10 Video Blogster Lite video-blogster-lite allows Reflected XSS.This issue affects Video Blogster Lite: from n/a through <= 1.2.
CVE-2025-47536	keywordrush Content Egg	Hig	0.47	7.2	Aug 14, 2025	Deserialization of Untrusted Data vulnerability in keywordrush Content Egg content-egg allows Object Injection.This issue affects Content Egg: from n/a through <= 7.0.0.
CVE-2025-3703	Wipeoutmedia CSS \& Javascript Toolbox	Hig	0.49	7.5	Aug 14, 2025	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wipeoutmedia CSS & JavaScript Toolbox css-javascript-toolbox allows PHP Local File Inclusion.This issue affects CSS & JavaScript Toolbox: from n/a through <…
CVE-2025-39510	Valvepress Pinterest Automatic Pin	Hig	0.55	8.5	Aug 14, 2025	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Pinterest Automatic Pin wp-pinterest-automatic allows SQL Injection.This issue affects Pinterest Automatic Pin: from n/a through < 4.19.0.
CVE-2025-32288	stmcan RT-Theme 18 \| Extensions	Hig	0.49	7.5	Aug 14, 2025	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in stmcan RT-Theme 18 \| Extensions rt18-extensions allows PHP Local File Inclusion.This issue affects RT-Theme 18 \| Extensions: from n/a through <= 2.4.
CVE-2025-31425	kamleshyadav WP Lead Capturing Pages	Hig	0.49	7.5	Aug 14, 2025	Missing Authorization vulnerability in kamleshyadav WP Lead Capturing Pages leadcapture allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Lead Capturing Pages: from n/a through < 2.6.
CVE-2025-31007	WordPress Billplz For Contact Form 7	Hig	0.46	7.1	Aug 14, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alvind Billplz Addon for Contact Form 7 billplz-for-contact-form-7 allows Reflected XSS.This issue affects Billplz Addon for Contact Form 7: from n/a through <= 1.2.0.
CVE-2025-30998	Wplinkspage Wp Links Page	Hig	0.55	8.5	Aug 14, 2025	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rico Macchi WP Links Page wp-links-page allows SQL Injection.This issue affects WP Links Page: from n/a through <= 4.9.6.
CVE-2025-30639	Themeatelier Idonate	Hig	0.49	7.5	Aug 14, 2025	Missing Authorization vulnerability in ThemeAtelier IDonatePro idonate-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IDonatePro: from n/a through <= 2.1.9.
CVE-2025-30635	Themeatelier Idonate	Hig	0.53	8.1	Aug 14, 2025	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeAtelier IDonatePro idonate-pro allows PHP Local File Inclusion.This issue affects IDonatePro: from n/a through <= 2.1.9.
CVE-2025-30626	LambertGroup Multimedia Playlist Slider Addon for WPBakery Page Builder	Hig	0.46	7.1	Aug 14, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Multimedia Playlist Slider Addon for WPBakery Page Builder lbg_vp_youtube_vimeo_addon_visual_composer allows Reflected XSS.This issue affects Multimedia Playlist…
CVE-2025-29014	ZoomIt FoodMenu	Hig	0.46	7.1	Aug 14, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZoomIt FoodMenu allows Reflected XSS. This issue affects FoodMenu: from n/a through 1.20.
CVE-2025-28999	ZoomIt WooCommerce Shop Page Builder	Hig	0.46	7.1	Aug 14, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZoomIt WooCommerce Shop Page Builder allows Reflected XSS. This issue affects WooCommerce Shop Page Builder: from n/a through 2.27.7.
CVE-2025-28979	Thimpress Wp Pipes	Hig	0.53	8.1	Aug 14, 2025	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress WP Pipes allows PHP Local File Inclusion. This issue affects WP Pipes: from n/a through 1.4.3.
CVE-2025-28975	redqteam Alike - WordPress Custom Post Comparison	Hig	0.46	7.1	Aug 14, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in redqteam Alike - WordPress Custom Post Comparison alike allows Reflected XSS.This issue affects Alike - WordPress Custom Post Comparison: from n/a through <= 3.0.1.
CVE-2025-25172	beeteam368 VidMov	Hig	0.53	8.1	Aug 14, 2025	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in beeteam368 VidMov vidmov allows PHP Local File Inclusion.This issue affects VidMov: from n/a through <= 1.9.4.
CVE-2025-24766	wproyal News Magazine X	Hig	0.49	7.5	Aug 14, 2025	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wproyal News Magazine X news-magazine-x allows PHP Local File Inclusion.This issue affects News Magazine X: from n/a through <= 1.2.37.
CVE-2025-8955	Phpgurukul Hospital Management System	Hig	0.47	7.3	Aug 14, 2025	A vulnerability has been found in PHPGurukul Hospital Management System 4.0. This vulnerability affects unknown code of the file /admin/edit-doctor.php. The manipulation of the argument docfees leads to sql injection. The attack can be initiated remotely. The exploit has been…
CVE-2025-8954	Phpgurukul Hospital Management System	Hig	0.47	7.3	Aug 14, 2025	A vulnerability was identified in PHPGurukul Hospital Management System 4.0. This affects an unknown part of the file /admin/doctor-specilization.php. The manipulation of the argument doctorspecilization leads to sql injection. It is possible to initiate the attack remotely. The…
CVE-2025-8953	Unyasoft Covid19 Testing Management System	Hig	0.47	7.3	Aug 14, 2025	A vulnerability was determined in SourceCodester COVID 19 Testing Management System 1.0. Affected by this issue is some unknown functionality of the file /check_availability.php. The manipulation of the argument employeeid leads to sql injection. The attack may be launched…

CVE-2025-52823HigAug 14, 2025
ovatheme
Cube Portfolio
risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ovatheme Cube Portfolio cubeportfolio allows SQL Injection.This issue affects Cube Portfolio: from n/a through <= 1.16.8.
CVE-2025-52820HigAug 14, 2025
WordPress
Woocommerce Point Of Sale
risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in infosoftplugin WooCommerce Point Of Sale (POS) woo-point-of-salepos allows SQL Injection.This issue affects WooCommerce Point Of Sale (POS): from n/a through <= 1.4.
CVE-2025-52806HigAug 14, 2025
WordPress
Wp Jobsearch
risk 0.49cvss 7.5epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in eyecix JobSearch wp-jobsearch allows PHP Local File Inclusion.This issue affects JobSearch: from n/a through < 3.0.8.
CVE-2025-52801HigAug 14, 2025
VonStroheim
thebooking
risk 0.47cvss 7.3epss 0.00
Missing Authorization vulnerability in VonStroheim TheBooking thebooking allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects TheBooking: from n/a through <= 1.4.4.
CVE-2025-52800HigAug 14, 2025
Unity Business Technology Pty Ltd
The E-Commerce ERP
risk 0.47cvss 7.3epss 0.00
Missing Authorization vulnerability in Unity Business Technology Pty Ltd The E-Commerce ERP profitori allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects The E-Commerce ERP: from n/a through <= 2.1.1.3.
CVE-2025-52788HigAug 14, 2025
Russelljamieson
CaptionPix
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Russell Jamieson CaptionPix captionpix allows Reflected XSS.This issue affects CaptionPix: from n/a through <= 1.8.
CVE-2025-52785HigAug 14, 2025
WordPress
Smm API
risk 0.46cvss 7.1epss 0.00
Missing Authorization vulnerability in softnwords SMM API smm-api allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SMM API: from n/a through <= 6.0.31.
CVE-2025-52775HigAug 14, 2025
Ronik@UnlimitedWP
Project Cost Calculator
risk 0.46cvss 7.1epss 0.00
Missing Authorization vulnerability in Ronik@UnlimitedWP Project Cost Calculator project-cost-calculator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Project Cost Calculator: from n/a through <= 1.0.0.
CVE-2025-52732HigAug 14, 2025
Realmag777
GMap Targeting
risk 0.57cvss 8.8epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RealMag777 GMap Targeting gmap-targeting allows PHP Local File Inclusion.This issue affects GMap Targeting: from n/a through <= 1.1.6.
CVE-2025-52731HigAug 14, 2025
themefunction
eventin-pro
risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in themefunction WordPress Event Manager, Event Calendar and Booking Plugin eventin-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Event Manager, Event Calendar and Booking Plugin: from…
CVE-2025-52728HigAug 14, 2025
WordPress
Responsive Posts Carousel Pro
risk 0.49cvss 7.5epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WebCodingPlace Responsive Posts Carousel Pro responsive-posts-carousel-pro allows PHP Local File Inclusion.This issue affects Responsive Posts Carousel Pro:…
CVE-2025-52716HigAug 14, 2025
Acato
WP REST Cache
risk 0.49cvss 7.5epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Acato WP REST Cache wp-rest-cache allows PHP Local File Inclusion.This issue affects WP REST Cache: from n/a through <= 2025.1.0.
CVE-2025-49869HigAug 14, 2025
Themewinter
Eventin
risk 0.57cvss 8.8epss 0.00
Deserialization of Untrusted Data vulnerability in Arraytics Eventin wp-event-solution allows Object Injection.This issue affects Eventin: from n/a through <= 4.0.31.
CVE-2025-49271HigAug 14, 2025
GravityWP
gravitywp-merge-tags
risk 0.49cvss 7.5epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in GravityWP GravityWP - Merge Tags gravitywp-merge-tags allows PHP Local File Inclusion.This issue affects GravityWP - Merge Tags: from n/a through <= 1.4.4.
CVE-2025-49267HigAug 14, 2025
WordPress
Acf Frontend Form Element
risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shabti Kaplan Frontend Admin by DynamiApps acf-frontend-form-element allows Blind SQL Injection.This issue affects Frontend Admin by DynamiApps: from n/a through <= 3.28.3.
CVE-2025-49264HigAug 14, 2025
Cloud Infrastructure Services
Cloud SAML SSO - Single Sign On Login
risk 0.49cvss 7.5epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Cloud Infrastructure Services Cloud SAML SSO - Single Sign On Login cloud-sso-single-sign-on allows PHP Local File Inclusion.This issue affects Cloud SAML SSO…
CVE-2025-49065HigAug 14, 2025
BestiaDurmiente
Visit Counter
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BestiaDurmiente Visit Counter visit-counter allows Stored XSS.This issue affects Visit Counter: from n/a through <= 1.0.
CVE-2025-49064HigAug 14, 2025
WordPress
User Language Switch
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webilop User Language Switch user-language-switch allows Reflected XSS.This issue affects User Language Switch: from n/a through <= 1.6.10.
CVE-2025-49063HigAug 14, 2025
WordPress
I3geek Baiduxzh
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in i3geek BaiduXZH Submit(百度熊掌号) i3geek-baiduxzh allows Reflected XSS.This issue affects BaiduXZH Submit(百度熊掌号): from n/a through <= 1.4.6.
CVE-2025-49062HigAug 14, 2025
cornfeed
wp-jscrollpane
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cornfeed WP-jScrollPane wp-jscrollpane allows Reflected XSS.This issue affects WP-jScrollPane: from n/a through <= 2.0.3.
CVE-2025-49058HigAug 14, 2025
WordPress
Soundst Seo Search
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sound Strategies SoundSt SEO Search soundst-seo-search allows Reflected XSS.This issue affects SoundSt SEO Search: from n/a through <= 1.2.3.
CVE-2025-49057HigAug 14, 2025
WordPress
Wp Voting
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ko Min WP Voting wp-voting allows Reflected XSS.This issue affects WP Voting: from n/a through <= 1.8.
CVE-2025-49056HigAug 14, 2025
WordPress
Duoshuo
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shen2 多说社会化评论框 duoshuo allows Reflected XSS.This issue affects 多说社会化评论框: from n/a through <= 1.2.
CVE-2025-49054HigAug 14, 2025
mrdenny
Time Sheets
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mrdenny Time Sheets time-sheets allows Reflected XSS.This issue affects Time Sheets: from n/a through <= 2.1.3.
CVE-2025-49044HigAug 14, 2025
WordPress
Simple Poll
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in tosend.it Simple Poll simple-poll allows Stored XSS.This issue affects Simple Poll: from n/a through <= 1.1.1.
CVE-2025-49038HigAug 14, 2025
WordPress
Wp Dynamic Links
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Soflyy WP Dynamic Links wp-dynamic-links allows Reflected XSS.This issue affects WP Dynamic Links: from n/a through <= 1.0.1.
CVE-2025-49037HigAug 14, 2025
WordPress
Authentication And Xmlrpc Log Writer
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Federico Rota Authentication and xmlrpc log writer authentication-and-xmlrpc-log-writer allows Reflected XSS.This issue affects Authentication and xmlrpc log writer: from n/a…
CVE-2025-49036HigAug 14, 2025
WordPress
Premium Addons For Kingcomposer
risk 0.53cvss 8.1epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in octagonwebstudio Premium Addons for KingComposer premium-addons-for-kingcomposer allows PHP Local File Inclusion.This issue affects Premium Addons for…
CVE-2025-49033HigAug 14, 2025
Metagauss
Profilegrid
risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Blind SQL Injection.This issue affects ProfileGrid : from n/a through <= 5.9.5.3.
CVE-2025-48332HigAug 14, 2025
Themehunk
Gutenberg Blocks
risk 0.49cvss 7.5epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PublishPress Gutenberg Blocks advanced-gutenberg allows PHP Local File Inclusion.This issue affects Gutenberg Blocks: from n/a through <= 3.3.1.
CVE-2025-47689HigAug 14, 2025
WordPress
Video Blogster Lite
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in johnh10 Video Blogster Lite video-blogster-lite allows Reflected XSS.This issue affects Video Blogster Lite: from n/a through <= 1.2.
CVE-2025-47536HigAug 14, 2025
keywordrush
Content Egg
risk 0.47cvss 7.2epss 0.00
Deserialization of Untrusted Data vulnerability in keywordrush Content Egg content-egg allows Object Injection.This issue affects Content Egg: from n/a through <= 7.0.0.
CVE-2025-3703HigAug 14, 2025
Wipeoutmedia
CSS \& Javascript Toolbox
risk 0.49cvss 7.5epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wipeoutmedia CSS & JavaScript Toolbox css-javascript-toolbox allows PHP Local File Inclusion.This issue affects CSS & JavaScript Toolbox: from n/a through <…
CVE-2025-39510HigAug 14, 2025
Valvepress
Pinterest Automatic Pin
risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Pinterest Automatic Pin wp-pinterest-automatic allows SQL Injection.This issue affects Pinterest Automatic Pin: from n/a through < 4.19.0.
CVE-2025-32288HigAug 14, 2025
stmcan
RT-Theme 18 | Extensions
risk 0.49cvss 7.5epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows PHP Local File Inclusion.This issue affects RT-Theme 18 | Extensions: from n/a through <= 2.4.
CVE-2025-31425HigAug 14, 2025
kamleshyadav
WP Lead Capturing Pages
risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in kamleshyadav WP Lead Capturing Pages leadcapture allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Lead Capturing Pages: from n/a through < 2.6.
CVE-2025-31007HigAug 14, 2025
WordPress
Billplz For Contact Form 7
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alvind Billplz Addon for Contact Form 7 billplz-for-contact-form-7 allows Reflected XSS.This issue affects Billplz Addon for Contact Form 7: from n/a through <= 1.2.0.
CVE-2025-30998HigAug 14, 2025
Wplinkspage
Wp Links Page
risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rico Macchi WP Links Page wp-links-page allows SQL Injection.This issue affects WP Links Page: from n/a through <= 4.9.6.
CVE-2025-30639HigAug 14, 2025
Themeatelier
Idonate
risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in ThemeAtelier IDonatePro idonate-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IDonatePro: from n/a through <= 2.1.9.
CVE-2025-30635HigAug 14, 2025
Themeatelier
Idonate
risk 0.53cvss 8.1epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeAtelier IDonatePro idonate-pro allows PHP Local File Inclusion.This issue affects IDonatePro: from n/a through <= 2.1.9.
CVE-2025-30626HigAug 14, 2025
LambertGroup
Multimedia Playlist Slider Addon for WPBakery Page Builder
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Multimedia Playlist Slider Addon for WPBakery Page Builder lbg_vp_youtube_vimeo_addon_visual_composer allows Reflected XSS.This issue affects Multimedia Playlist…
CVE-2025-29014HigAug 14, 2025
ZoomIt
FoodMenu
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZoomIt FoodMenu allows Reflected XSS. This issue affects FoodMenu: from n/a through 1.20.
CVE-2025-28999HigAug 14, 2025
ZoomIt
WooCommerce Shop Page Builder
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZoomIt WooCommerce Shop Page Builder allows Reflected XSS. This issue affects WooCommerce Shop Page Builder: from n/a through 2.27.7.
CVE-2025-28979HigAug 14, 2025
Thimpress
Wp Pipes
risk 0.53cvss 8.1epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress WP Pipes allows PHP Local File Inclusion. This issue affects WP Pipes: from n/a through 1.4.3.
CVE-2025-28975HigAug 14, 2025
redqteam
Alike - WordPress Custom Post Comparison
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in redqteam Alike - WordPress Custom Post Comparison alike allows Reflected XSS.This issue affects Alike - WordPress Custom Post Comparison: from n/a through <= 3.0.1.
CVE-2025-25172HigAug 14, 2025
beeteam368
VidMov
risk 0.53cvss 8.1epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in beeteam368 VidMov vidmov allows PHP Local File Inclusion.This issue affects VidMov: from n/a through <= 1.9.4.
CVE-2025-24766HigAug 14, 2025
wproyal
News Magazine X
risk 0.49cvss 7.5epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wproyal News Magazine X news-magazine-x allows PHP Local File Inclusion.This issue affects News Magazine X: from n/a through <= 1.2.37.
CVE-2025-8955HigAug 14, 2025
Phpgurukul
Hospital Management System
risk 0.47cvss 7.3epss 0.00
A vulnerability has been found in PHPGurukul Hospital Management System 4.0. This vulnerability affects unknown code of the file /admin/edit-doctor.php. The manipulation of the argument docfees leads to sql injection. The attack can be initiated remotely. The exploit has been…
CVE-2025-8954HigAug 14, 2025
Phpgurukul
Hospital Management System
risk 0.47cvss 7.3epss 0.00
A vulnerability was identified in PHPGurukul Hospital Management System 4.0. This affects an unknown part of the file /admin/doctor-specilization.php. The manipulation of the argument doctorspecilization leads to sql injection. It is possible to initiate the attack remotely. The…
CVE-2025-8953HigAug 14, 2025
Unyasoft
Covid19 Testing Management System
risk 0.47cvss 7.3epss 0.00
A vulnerability was determined in SourceCodester COVID 19 Testing Management System 1.0. Affected by this issue is some unknown functionality of the file /check_availability.php. The manipulation of the argument employeeid leads to sql injection. The attack may be launched…