CVEs

38,009 total · page 280 of 761

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2025-52818	Dejan Jasnic Trusty Whistleblowing	Hig	0.53	8.2	0.00	Jun 27, 2025	Missing Authorization vulnerability in Dejan Jasnic Trusty Whistleblowing trusty-whistleblowing-solution allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trusty Whistleblowing: from n/a through <= 2.0.1.
CVE-2025-52817	WordPress Abandoned Contact Form 7	Hig	0.53	8.2	0.00	Jun 27, 2025	Missing Authorization vulnerability in ZealousWeb Abandoned Contact Form 7 abandoned-contact-form-7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Abandoned Contact Form 7: from n/a through <= 2.2.
CVE-2025-52816	Themehunk Zita	Hig	0.53	8.1	0.00	Jun 27, 2025	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themehunk Zita zita allows PHP Local File Inclusion.This issue affects Zita: from n/a through <= 1.6.5.
CVE-2025-52815	Ancorathemes CityGov	Hig	0.53	8.1	0.00	Jun 27, 2025	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes CityGov citygov allows PHP Local File Inclusion.This issue affects CityGov: from n/a through <= 1.9.
CVE-2025-52814	ovatheme BRW	Hig	0.53	8.1	0.00	Jun 27, 2025	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme BRW ova-brw allows PHP Local File Inclusion.This issue affects BRW: from n/a through <= 1.8.7.
CVE-2025-52812	ApusWP Domnoo	Hig	0.53	8.1	0.00	Jun 27, 2025	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusWP Domnoo domnoo allows PHP Local File Inclusion.This issue affects Domnoo: from n/a through <= 1.49.
CVE-2025-52811	Davenport Davenport	Hig	0.53	8.1	0.00	Jun 27, 2025	Path Traversal: '.../...//' vulnerability in Creanncy Davenport - Versatile Blog and Magazine WordPress Theme davenport allows PHP Local File Inclusion.This issue affects Davenport - Versatile Blog and Magazine WordPress Theme: from n/a through <= 1.3.
CVE-2025-52810	TMRW-studio Katerio	Hig	0.53	8.1	0.00	Jun 27, 2025	Path Traversal vulnerability in TMRW-studio Katerio - Magazine allows PHP Local File Inclusion. This issue affects Katerio - Magazine: from n/a through 1.5.1.
CVE-2025-52809	WordPress National Weather Service Alerts	Hig	0.53	8.1	0.00	Jun 27, 2025	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in John Russell National Weather Service Alerts national-weather-service-alerts allows PHP Local File Inclusion.This issue affects National Weather Service…
CVE-2025-52808	real-web RealtyElite	Hig	0.53	8.1	0.00	Jun 27, 2025	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in real-web RealtyElite realtyelite allows PHP Local File Inclusion.This issue affects RealtyElite: from n/a through <= 1.0.0.
CVE-2025-52799	WordPress Lms	Hig	0.46	7.1	0.00	Jun 27, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes LMS lms allows Reflected XSS.This issue affects LMS: from n/a through <= 9.2.
CVE-2025-52778	WordPress Xili Dictionary	Hig	0.46	7.1	0.00	Jun 27, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michel - xiligroup dev xili-dictionary xili-dictionary allows Reflected XSS.This issue affects xili-dictionary: from n/a through <= 2.12.5.2.
CVE-2025-52774	Infility Infility Global	Hig	0.46	7.1	0.00	Jun 27, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Infility Infility Global infility-global allows Reflected XSS.This issue affects Infility Global: from n/a through <= 2.15.06.
CVE-2025-52729	thembay Diza	Hig	0.53	8.1	0.00	Jun 27, 2025	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Diza diza allows PHP Local File Inclusion.This issue affects Diza: from n/a through <= 1.3.9.
CVE-2025-52727	WordPress Css3 Vertical Web Pricing Tables	Hig	0.46	7.1	0.00	Jun 27, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuanticaLabs CSS3 Vertical Web Pricing Tables css3_vertical_web_pricing_tables allows Reflected XSS.This issue affects CSS3 Vertical Web Pricing Tables: from n/a through <= 1.9.
CVE-2025-52726	pebas CouponXxL Custom Post Types	Hig	0.56	8.6	0.00	Jun 27, 2025	Incorrect Privilege Assignment vulnerability in pebas CouponXxL Custom Post Types couponxxl-cpt allows Privilege Escalation.This issue affects CouponXxL Custom Post Types: from n/a through <= 3.0.
CVE-2025-52723	WordPress Networker	Hig	0.53	8.1	0.00	Jun 27, 2025	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in codesupplyco Networker networker allows PHP Local File Inclusion.This issue affects Networker: from n/a through <= 1.2.0.
CVE-2025-50052	flexostudio Flexo Counter	Hig	0.46	7.1	0.00	Jun 27, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in flexostudio Flexo Counter flexo-countdown allows Reflected XSS.This issue affects Flexo Counter: from n/a through <= 1.0001.
CVE-2025-49886	WordPress Zikzag Core	Hig	0.53	8.1	0.00	Jun 27, 2025	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WebGeniusLab Zikzag Core zikzag-core allows PHP Local File Inclusion.This issue affects Zikzag Core: from n/a through <= 1.4.5.
CVE-2025-49883	thembay Greenmart	Hig	0.53	8.1	0.00	Jun 27, 2025	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Greenmart greenmart allows PHP Local File Inclusion.This issue affects Greenmart: from n/a through <= 4.2.3.
CVE-2025-49448	WordPress Fw Food Menu	Hig	0.56	8.6	0.00	Jun 27, 2025	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Fastw3b LLC FW Food Menu allows Path Traversal. This issue affects FW Food Menu : from n/a through 6.0.0.
CVE-2025-49423	Syed Tahir Ali Jan Bulk YouTube Post Creator	Hig	0.46	7.1	0.00	Jun 27, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syed Tahir Ali Jan Bulk YouTube Post Creator bulk-youtube-post-creator allows Reflected XSS.This issue affects Bulk YouTube Post Creator: from n/a through <= 1.0.
CVE-2025-49416	WordPress Fw Gallery	Hig	0.53	8.1	0.00	Jun 27, 2025	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Fastw3b LLC FW Gallery fw-gallery allows PHP Local File Inclusion.This issue affects FW Gallery: from n/a through <= 8.0.0.
CVE-2025-49321	Themewinter Eventin	Hig	0.46	7.1	0.00	Jun 27, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arraytics Eventin wp-event-solution allows Reflected XSS.This issue affects Eventin: from n/a through <= 4.0.28.
CVE-2025-49290	Jory Hogeveen Off-Canvas Sidebars & Menus (Slidebars)	Hig	0.46	7.1	0.00	Jun 27, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jory Hogeveen Off-Canvas Sidebars & Menus (Slidebars) off-canvas-sidebars allows Reflected XSS.This issue affects Off-Canvas Sidebars & Menus (Slidebars): from n/a through <=…
CVE-2025-47654	Adrian Tobey Formlift For Infusionsoft Web Forms	Hig	0.46	7.1	0.00	Jun 27, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms formlift allows Reflected XSS.This issue affects FormLift for Infusionsoft Web Forms: from n/a through <= 7.5.20.
CVE-2025-47574	WordPress School Management	Hig	0.46	7.1	0.00	Jun 27, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mojoomla School Management allows Reflected XSS. This issue affects School Management: from n/a through 92.0.0.
CVE-2025-45851	Hikvision DS-2CD1321-I	Hig	0.49	7.5	0.01	Jun 27, 2025	An issue in Hikvision DS-2CD1321-I V5.7.21 build 230819 allows attackers to cause a Denial of Service (DoS) via sending a crafted POST request to the endpoint /ISAPI/Security/challenge. The vendor has stated that upgrading to V5.7.23_SP2 fixes the issue.
CVE-2025-39488	Sneeit MagOne	Hig	0.46	7.1	0.00	Jun 27, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sneeit MagOne magone allows Reflected XSS.This issue affects MagOne: from n/a through <= 8.8.
CVE-2025-39478	smartiolabs Smart Notification	Hig	0.46	7.1	0.00	Jun 27, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in smartiolabs Smart Notification allows Reflected XSS. This issue affects Smart Notification: from n/a through 10.3.
CVE-2025-32298	Case-Themes CTUsers	Hig	0.49	7.5	0.00	Jun 27, 2025	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Case-Themes CTUsers ctuser allows PHP Local File Inclusion.This issue affects CTUsers: from n/a through <= 1.0.0.
CVE-2025-31428	BuddhaThemes HYDRO	Hig	0.46	7.1	0.00	Jun 27, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BuddhaThemes HYDRO hydro allows Reflected XSS.This issue affects HYDRO: from n/a through <= 2.8.
CVE-2025-31067	Themeton Seven Stars	Hig	0.46	7.1	0.00	Jun 27, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themeton Seven Stars allows Stored XSS. This issue affects Seven Stars: from n/a through 1.4.4.
CVE-2025-30992	WordPress Puca	Hig	0.53	8.1	0.00	Jun 27, 2025	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Puca puca allows PHP Local File Inclusion.This issue affects Puca: from n/a through <= 2.6.33.
CVE-2025-30972	WordPress Woo Line Notify	Hig	0.46	7.1	0.00	Jun 27, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iamapinan Woocommerce Line Notify woo-line-notify allows Stored XSS.This issue affects Woocommerce Line Notify: from n/a through <= 1.1.7.
CVE-2025-28998	WordPress Serped Net	Hig	0.53	8.1	0.00	Jun 27, 2025	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in serpednet SERPed.net serped-net allows PHP Local File Inclusion.This issue affects SERPed.net: from n/a through <= 4.6.
CVE-2025-28993	Jose Mortellaro Content No Cache	Hig	0.56	8.6	0.00	Jun 27, 2025	Improper Control of Generation of Code ('Code Injection') vulnerability in Jose Mortellaro Content No Cache content-no-cache allows Code Injection.This issue affects Content No Cache: from n/a through <= 0.1.4.
CVE-2025-28990	snstheme SNS Vicky	Hig	0.53	8.1	0.00	Jun 27, 2025	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme SNS Vicky snsvicky allows PHP Local File Inclusion.This issue affects SNS Vicky: from n/a through <= 3.7.
CVE-2025-28988	WordPress Front Editor	Hig	0.46	7.1	0.00	Jun 27, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aharonyan WP Front User Submit / Front Editor front-editor allows Reflected XSS.This issue affects WP Front User Submit / Front Editor: from n/a through <= 4.9.3.
CVE-2025-28960	regibaer Evangelische Termine	Hig	0.46	7.1	0.00	Jun 27, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in regibaer Evangelische Termine evangtermine allows Reflected XSS.This issue affects Evangelische Termine: from n/a through <= 3.3.
CVE-2025-28956	WordPress Backwp	Hig	0.46	7.1	0.00	Jun 27, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wphobby Backwp backwp allows Reflected XSS.This issue affects Backwp: from n/a through <= 2.0.2.
CVE-2025-28947	snstheme MBStore	Hig	0.53	8.1	0.00	Jun 27, 2025	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme MBStore - Digital WooCommerce WordPress Theme mbstore allows PHP Local File Inclusion.This issue affects MBStore - Digital WooCommerce WordPress…
CVE-2025-28946	BZOTheme PrintXtore	Hig	0.53	8.1	0.00	Jun 27, 2025	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BZOTheme PrintXtore bw-printxtore allows PHP Local File Inclusion.This issue affects PrintXtore: from n/a through < 1.7.8.
CVE-2025-27361	thhake Photo Express for Google	Hig	0.46	7.1	0.00	Jun 27, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thhake Photo Express for Google photo-express-for-google allows Reflected XSS.This issue affects Photo Express for Google: from n/a through <= 0.3.2.
CVE-2025-25173	FasterThemes FastBook	Hig	0.46	7.1	0.00	Jun 27, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FasterThemes FastBook fastbook-responsive-appointment-booking-and-scheduling-system allows Stored XSS.This issue affects FastBook: from n/a through <= 1.1.
CVE-2025-25171	Wpsmartpay Wp Smartpay	Hig	0.57	8.8	0.00	Jun 27, 2025	Authentication Bypass Using an Alternate Path or Channel vulnerability in Convers Lab WP SmartPay smartpay allows Authentication Abuse.This issue affects WP SmartPay: from n/a through <= 2.7.13.
CVE-2025-24774	WordPress Wpcrm	Hig	0.46	7.1	0.00	Jun 27, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mojoomla WPCRM - CRM for Contact form CF7 & WooCommerce wpcrm allows Reflected XSS.This issue affects WPCRM - CRM for Contact form CF7 & WooCommerce: from n/a through <= 3.2.0.
CVE-2025-24769	BZOTheme Zenny	Hig	0.53	8.1	0.00	Jun 27, 2025	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BZOTheme Zenny bw-zenny allows PHP Local File Inclusion.This issue affects Zenny: from n/a through <= 1.7.5.
CVE-2025-24765	RobMarsh Image Shadow	Hig	0.50	7.7	0.00	Jun 27, 2025	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in RobMarsh Image Shadow image-shadow allows Path Traversal.This issue affects Image Shadow: from n/a through <= 1.1.0.
CVE-2025-24760	goalthemes Sofass	Hig	0.53	8.1	0.00	Jun 27, 2025	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Sofass sofass allows PHP Local File Inclusion.This issue affects Sofass: from n/a through <= 1.3.4.

CVE-2025-52818HigJun 27, 2025
Dejan Jasnic
Trusty Whistleblowing
risk 0.53cvss 8.2epss 0.00
Missing Authorization vulnerability in Dejan Jasnic Trusty Whistleblowing trusty-whistleblowing-solution allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trusty Whistleblowing: from n/a through <= 2.0.1.
CVE-2025-52817HigJun 27, 2025
WordPress
Abandoned Contact Form 7
risk 0.53cvss 8.2epss 0.00
Missing Authorization vulnerability in ZealousWeb Abandoned Contact Form 7 abandoned-contact-form-7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Abandoned Contact Form 7: from n/a through <= 2.2.
CVE-2025-52816HigJun 27, 2025
Themehunk
Zita
risk 0.53cvss 8.1epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themehunk Zita zita allows PHP Local File Inclusion.This issue affects Zita: from n/a through <= 1.6.5.
CVE-2025-52815HigJun 27, 2025
Ancorathemes
CityGov
risk 0.53cvss 8.1epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes CityGov citygov allows PHP Local File Inclusion.This issue affects CityGov: from n/a through <= 1.9.
CVE-2025-52814HigJun 27, 2025
ovatheme
BRW
risk 0.53cvss 8.1epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme BRW ova-brw allows PHP Local File Inclusion.This issue affects BRW: from n/a through <= 1.8.7.
CVE-2025-52812HigJun 27, 2025
ApusWP
Domnoo
risk 0.53cvss 8.1epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusWP Domnoo domnoo allows PHP Local File Inclusion.This issue affects Domnoo: from n/a through <= 1.49.
CVE-2025-52811HigJun 27, 2025
Davenport
Davenport
risk 0.53cvss 8.1epss 0.00
Path Traversal: '.../...//' vulnerability in Creanncy Davenport - Versatile Blog and Magazine WordPress Theme davenport allows PHP Local File Inclusion.This issue affects Davenport - Versatile Blog and Magazine WordPress Theme: from n/a through <= 1.3.
CVE-2025-52810HigJun 27, 2025
TMRW-studio
Katerio
risk 0.53cvss 8.1epss 0.00
Path Traversal vulnerability in TMRW-studio Katerio - Magazine allows PHP Local File Inclusion. This issue affects Katerio - Magazine: from n/a through 1.5.1.
CVE-2025-52809HigJun 27, 2025
WordPress
National Weather Service Alerts
risk 0.53cvss 8.1epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in John Russell National Weather Service Alerts national-weather-service-alerts allows PHP Local File Inclusion.This issue affects National Weather Service…
CVE-2025-52808HigJun 27, 2025
real-web
RealtyElite
risk 0.53cvss 8.1epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in real-web RealtyElite realtyelite allows PHP Local File Inclusion.This issue affects RealtyElite: from n/a through <= 1.0.0.
CVE-2025-52799HigJun 27, 2025
WordPress
Lms
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes LMS lms allows Reflected XSS.This issue affects LMS: from n/a through <= 9.2.
CVE-2025-52778HigJun 27, 2025
WordPress
Xili Dictionary
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michel - xiligroup dev xili-dictionary xili-dictionary allows Reflected XSS.This issue affects xili-dictionary: from n/a through <= 2.12.5.2.
CVE-2025-52774HigJun 27, 2025
Infility
Infility Global
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Infility Infility Global infility-global allows Reflected XSS.This issue affects Infility Global: from n/a through <= 2.15.06.
CVE-2025-52729HigJun 27, 2025
thembay
Diza
risk 0.53cvss 8.1epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Diza diza allows PHP Local File Inclusion.This issue affects Diza: from n/a through <= 1.3.9.
CVE-2025-52727HigJun 27, 2025
WordPress
Css3 Vertical Web Pricing Tables
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuanticaLabs CSS3 Vertical Web Pricing Tables css3_vertical_web_pricing_tables allows Reflected XSS.This issue affects CSS3 Vertical Web Pricing Tables: from n/a through <= 1.9.
CVE-2025-52726HigJun 27, 2025
pebas
CouponXxL Custom Post Types
risk 0.56cvss 8.6epss 0.00
Incorrect Privilege Assignment vulnerability in pebas CouponXxL Custom Post Types couponxxl-cpt allows Privilege Escalation.This issue affects CouponXxL Custom Post Types: from n/a through <= 3.0.
CVE-2025-52723HigJun 27, 2025
WordPress
Networker
risk 0.53cvss 8.1epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in codesupplyco Networker networker allows PHP Local File Inclusion.This issue affects Networker: from n/a through <= 1.2.0.
CVE-2025-50052HigJun 27, 2025
flexostudio
Flexo Counter
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in flexostudio Flexo Counter flexo-countdown allows Reflected XSS.This issue affects Flexo Counter: from n/a through <= 1.0001.
CVE-2025-49886HigJun 27, 2025
WordPress
Zikzag Core
risk 0.53cvss 8.1epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WebGeniusLab Zikzag Core zikzag-core allows PHP Local File Inclusion.This issue affects Zikzag Core: from n/a through <= 1.4.5.
CVE-2025-49883HigJun 27, 2025
thembay
Greenmart
risk 0.53cvss 8.1epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Greenmart greenmart allows PHP Local File Inclusion.This issue affects Greenmart: from n/a through <= 4.2.3.
CVE-2025-49448HigJun 27, 2025
WordPress
Fw Food Menu
risk 0.56cvss 8.6epss 0.00
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Fastw3b LLC FW Food Menu allows Path Traversal. This issue affects FW Food Menu : from n/a through 6.0.0.
CVE-2025-49423HigJun 27, 2025
Syed Tahir Ali Jan
Bulk YouTube Post Creator
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syed Tahir Ali Jan Bulk YouTube Post Creator bulk-youtube-post-creator allows Reflected XSS.This issue affects Bulk YouTube Post Creator: from n/a through <= 1.0.
CVE-2025-49416HigJun 27, 2025
WordPress
Fw Gallery
risk 0.53cvss 8.1epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Fastw3b LLC FW Gallery fw-gallery allows PHP Local File Inclusion.This issue affects FW Gallery: from n/a through <= 8.0.0.
CVE-2025-49321HigJun 27, 2025
Themewinter
Eventin
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arraytics Eventin wp-event-solution allows Reflected XSS.This issue affects Eventin: from n/a through <= 4.0.28.
CVE-2025-49290HigJun 27, 2025
Jory Hogeveen
Off-Canvas Sidebars & Menus (Slidebars)
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jory Hogeveen Off-Canvas Sidebars & Menus (Slidebars) off-canvas-sidebars allows Reflected XSS.This issue affects Off-Canvas Sidebars & Menus (Slidebars): from n/a through <=…
CVE-2025-47654HigJun 27, 2025
Adrian Tobey
Formlift For Infusionsoft Web Forms
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms formlift allows Reflected XSS.This issue affects FormLift for Infusionsoft Web Forms: from n/a through <= 7.5.20.
CVE-2025-47574HigJun 27, 2025
WordPress
School Management
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mojoomla School Management allows Reflected XSS. This issue affects School Management: from n/a through 92.0.0.
CVE-2025-45851HigJun 27, 2025
Hikvision
DS-2CD1321-I
risk 0.49cvss 7.5epss 0.01
An issue in Hikvision DS-2CD1321-I V5.7.21 build 230819 allows attackers to cause a Denial of Service (DoS) via sending a crafted POST request to the endpoint /ISAPI/Security/challenge. The vendor has stated that upgrading to V5.7.23_SP2 fixes the issue.
CVE-2025-39488HigJun 27, 2025
Sneeit
MagOne
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sneeit MagOne magone allows Reflected XSS.This issue affects MagOne: from n/a through <= 8.8.
CVE-2025-39478HigJun 27, 2025
smartiolabs
Smart Notification
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in smartiolabs Smart Notification allows Reflected XSS. This issue affects Smart Notification: from n/a through 10.3.
CVE-2025-32298HigJun 27, 2025
Case-Themes
CTUsers
risk 0.49cvss 7.5epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Case-Themes CTUsers ctuser allows PHP Local File Inclusion.This issue affects CTUsers: from n/a through <= 1.0.0.
CVE-2025-31428HigJun 27, 2025
BuddhaThemes
HYDRO
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BuddhaThemes HYDRO hydro allows Reflected XSS.This issue affects HYDRO: from n/a through <= 2.8.
CVE-2025-31067HigJun 27, 2025
Themeton
Seven Stars
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themeton Seven Stars allows Stored XSS. This issue affects Seven Stars: from n/a through 1.4.4.
CVE-2025-30992HigJun 27, 2025
WordPress
Puca
risk 0.53cvss 8.1epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Puca puca allows PHP Local File Inclusion.This issue affects Puca: from n/a through <= 2.6.33.
CVE-2025-30972HigJun 27, 2025
WordPress
Woo Line Notify
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iamapinan Woocommerce Line Notify woo-line-notify allows Stored XSS.This issue affects Woocommerce Line Notify: from n/a through <= 1.1.7.
CVE-2025-28998HigJun 27, 2025
WordPress
Serped Net
risk 0.53cvss 8.1epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in serpednet SERPed.net serped-net allows PHP Local File Inclusion.This issue affects SERPed.net: from n/a through <= 4.6.
CVE-2025-28993HigJun 27, 2025
Jose Mortellaro
Content No Cache
risk 0.56cvss 8.6epss 0.00
Improper Control of Generation of Code ('Code Injection') vulnerability in Jose Mortellaro Content No Cache content-no-cache allows Code Injection.This issue affects Content No Cache: from n/a through <= 0.1.4.
CVE-2025-28990HigJun 27, 2025
snstheme
SNS Vicky
risk 0.53cvss 8.1epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme SNS Vicky snsvicky allows PHP Local File Inclusion.This issue affects SNS Vicky: from n/a through <= 3.7.
CVE-2025-28988HigJun 27, 2025
WordPress
Front Editor
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aharonyan WP Front User Submit / Front Editor front-editor allows Reflected XSS.This issue affects WP Front User Submit / Front Editor: from n/a through <= 4.9.3.
CVE-2025-28960HigJun 27, 2025
regibaer
Evangelische Termine
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in regibaer Evangelische Termine evangtermine allows Reflected XSS.This issue affects Evangelische Termine: from n/a through <= 3.3.
CVE-2025-28956HigJun 27, 2025
WordPress
Backwp
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wphobby Backwp backwp allows Reflected XSS.This issue affects Backwp: from n/a through <= 2.0.2.
CVE-2025-28947HigJun 27, 2025
snstheme
MBStore
risk 0.53cvss 8.1epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme MBStore - Digital WooCommerce WordPress Theme mbstore allows PHP Local File Inclusion.This issue affects MBStore - Digital WooCommerce WordPress…
CVE-2025-28946HigJun 27, 2025
BZOTheme
PrintXtore
risk 0.53cvss 8.1epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BZOTheme PrintXtore bw-printxtore allows PHP Local File Inclusion.This issue affects PrintXtore: from n/a through < 1.7.8.
CVE-2025-27361HigJun 27, 2025
thhake
Photo Express for Google
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thhake Photo Express for Google photo-express-for-google allows Reflected XSS.This issue affects Photo Express for Google: from n/a through <= 0.3.2.
CVE-2025-25173HigJun 27, 2025
FasterThemes
FastBook
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FasterThemes FastBook fastbook-responsive-appointment-booking-and-scheduling-system allows Stored XSS.This issue affects FastBook: from n/a through <= 1.1.
CVE-2025-25171HigJun 27, 2025
Wpsmartpay
Wp Smartpay
risk 0.57cvss 8.8epss 0.00
Authentication Bypass Using an Alternate Path or Channel vulnerability in Convers Lab WP SmartPay smartpay allows Authentication Abuse.This issue affects WP SmartPay: from n/a through <= 2.7.13.
CVE-2025-24774HigJun 27, 2025
WordPress
Wpcrm
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mojoomla WPCRM - CRM for Contact form CF7 & WooCommerce wpcrm allows Reflected XSS.This issue affects WPCRM - CRM for Contact form CF7 & WooCommerce: from n/a through <= 3.2.0.
CVE-2025-24769HigJun 27, 2025
BZOTheme
Zenny
risk 0.53cvss 8.1epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BZOTheme Zenny bw-zenny allows PHP Local File Inclusion.This issue affects Zenny: from n/a through <= 1.7.5.
CVE-2025-24765HigJun 27, 2025
RobMarsh
Image Shadow
risk 0.50cvss 7.7epss 0.00
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in RobMarsh Image Shadow image-shadow allows Path Traversal.This issue affects Image Shadow: from n/a through <= 1.1.0.
CVE-2025-24760HigJun 27, 2025
goalthemes
Sofass
risk 0.53cvss 8.1epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Sofass sofass allows PHP Local File Inclusion.This issue affects Sofass: from n/a through <= 1.3.4.