2026-03-25
2026-03-25 17:17Z
CRIT

CVE-2026-32523 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in denishua WPJAM Basic wpjam-basic allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-32523

Unrestricted Upload of File with Dangerous Type vulnerability in denishua WPJAM Basic wpjam-basic allows Using Malicious Files.This issue affects WPJAM Basic: from n/a through <= 6.9.2. CVSSv3.1 9.9 (CRITICAL) · EPSS 15th percentile

CWECWE 434TYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2026-03-25
2026-03-25 17:17Z
HIGH

CVE-2026-32522 — Limitation: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-32522

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish WooCommerce Support Ticket System woocommerce-support-ticket-system allows Path Traversal.This issue affects WooCommerce Support Ticket System: from n/a through < 18.5. CVSSv3.1 8.6 (HIGH) · EPSS 20th percentile

CWECWE 22TYPVulnerability
8.6
CVSS v3.1
93
Edit Score
2026-03-25
2026-03-25 17:17Z
CRIT

CVE-2026-32520 — Incorrect: Privilege Assignment vulnerability in Andrew Munro / AffiliateWP RewardsWP rewardswp allows Privilege Escalation.This

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-32520

Incorrect Privilege Assignment vulnerability in Andrew Munro / AffiliateWP RewardsWP rewardswp allows Privilege Escalation.This issue affects RewardsWP: from n/a through <= 1.0.4. CVSSv3.1 9.8 (CRITICAL) · EPSS 17th percentile

CWECWE 266TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-25
2026-03-25 17:17Z
CRIT

CVE-2026-32519 — Incorrect: Privilege Assignment vulnerability in Bit Apps Bit SMTP bit-smtp allows Privilege Escalation.This issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-32519

Incorrect Privilege Assignment vulnerability in Bit Apps Bit SMTP bit-smtp allows Privilege Escalation.This issue affects Bit SMTP: from n/a through <= 1.2.2. CVSSv3.1 9.0 (CRITICAL) · EPSS 17th percentile

CWECWE 266TYPVulnerability
9.0
CVSS v3.1
95
Edit Score
2026-03-25
2026-03-25 17:17Z
HIGH

CVE-2026-32516 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-32516

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav Miraculous Core Plugin miraculouscore allows Blind SQL Injection.This issue affects Miraculous Core Plugin: from n/a through < 2.1.2. CVSSv3.1 8.5 (HIGH) · EPSS 10th percentile

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2026-03-25
2026-03-25 17:17Z
HIGH

CVE-2026-32513 — Deserialization: of Untrusted Data vulnerability in Miguel Useche JS Archive List jquery-archive-list-widget allows Object

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-32513

Deserialization of Untrusted Data vulnerability in Miguel Useche JS Archive List jquery-archive-list-widget allows Object Injection.This issue affects JS Archive List: from n/a through <= 6.1.7. CVSSv3.1 8.8 (HIGH) · EPSS 17th percentile

CWECWE 502TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-03-25
2026-03-25 17:17Z
CRIT

CVE-2026-32512 — Deserialization: of Untrusted Data vulnerability in Edge-Themes Pelicula pelicula-video-production-and-movie-theme allows Object Injection.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-32512

Deserialization of Untrusted Data vulnerability in Edge-Themes Pelicula pelicula-video-production-and-movie-theme allows Object Injection.This issue affects Pelicula: from n/a through < 1.10. CVSSv3.1 9.8 (CRITICAL) · EPSS 17th percentile

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
728 × 90 / responsive · programmatic ad slot
2026-03-25
2026-03-25 17:17Z
HIGH

CVE-2026-32505 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-32505

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CreativeWS Kiddy kiddy allows PHP Local File Inclusion.This issue affects Kiddy: from n/a through <= 2.0.8. CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-25
2026-03-25 17:17Z
HIGH

CVE-2026-32504 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-32504

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CreativeWS VintWood vintwood allows PHP Local File Inclusion.This issue affects VintWood: from n/a through <= 1.1.8. CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-25
2026-03-25 17:17Z
HIGH

CVE-2026-32503 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-32503

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CreativeWS Trendustry trendustry allows PHP Local File Inclusion.This issue affects Trendustry: from n/a through <= 1.1.4. CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-25
2026-03-25 17:17Z
CRIT

CVE-2026-32502 — Deserialization: of Untrusted Data vulnerability in Select-Themes Borgholm borgholm-marketing-agency-theme allows Object Injection.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-32502

Deserialization of Untrusted Data vulnerability in Select-Themes Borgholm borgholm-marketing-agency-theme allows Object Injection.This issue affects Borgholm: from n/a through < 1.6. CVSSv3.1 9.8 (CRITICAL) · EPSS 17th percentile

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-25
2026-03-25 17:17Z
HIGH

CVE-2026-32500 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-32500

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CreativeWS MetaMax metamax allows PHP Local File Inclusion.This issue affects MetaMax: from n/a through <= 1.1.4. CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-25
2026-03-25 17:17Z
CRIT

CVE-2026-32499 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-32499

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in QuantumCloud ChatBot chatbot allows Blind SQL Injection.This issue affects ChatBot: from n/a through <= 7.7.9. CVSSv3.1 9.3 (CRITICAL) · EPSS 12th percentile

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2026-03-25
2026-03-25 17:16Z
HIGH

CVE-2026-32488 — Incorrect: Privilege Assignment vulnerability in wpeverest User Registration user-registration allows Privilege Escalation.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-32488

Incorrect Privilege Assignment vulnerability in wpeverest User Registration user-registration allows Privilege Escalation.This issue affects User Registration: from n/a through <= 4.4.9. CVSSv3.1 8.1 (HIGH) · EPSS 17th percentile

CWECWE 266TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-25
2026-03-25 17:16Z
HIGH

CVE-2026-32484 — Deserialization: of Untrusted Data vulnerability in BoldGrid weForms weforms allows Object Injection.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-32484

Deserialization of Untrusted Data vulnerability in BoldGrid weForms weforms allows Object Injection.This issue affects weForms: from n/a through <= 1.6.26. CVSSv3.1 8.8 (HIGH) · EPSS 17th percentile

CWECWE 502TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-03-25
2026-03-25 17:16Z
CRIT

CVE-2026-32482 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in deothemes Ona ona allows Upload

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-32482

Unrestricted Upload of File with Dangerous Type vulnerability in deothemes Ona ona allows Upload a Web Shell to a Web Server.This issue affects Ona: from n/a through < 1.24. CVSSv3.1 9.9 (CRITICAL) · EPSS 15th percentile

CWECWE 434TYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2026-03-25
2026-03-25 17:16Z
HIGH

CVE-2026-31921 — Authorization: Missing Authorization vulnerability in Devteam HaywoodTech Product Rearrange for WooCommerce products-rearrange-woocommerce allows Exploiting Incorrectly

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-31921

Missing Authorization vulnerability in Devteam HaywoodTech Product Rearrange for WooCommerce products-rearrange-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Rearrange for WooCommerce: from n/a through <= 1.2.2. CVSSv3.1 8.2 (HIGH) · EPSS 16th percentile

CWECWE 862TYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2026-03-25
2026-03-25 17:16Z
CRIT

CVE-2026-31920 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-31920

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Devteam HaywoodTech Product Rearrange for WooCommerce products-rearrange-woocommerce allows Blind SQL Injection.This issue affects Product Rearrange for WooCommerce: from n/a through <= 1.2.2. CVSSv3.1 9.3 (CRITICAL) · EPSS 12th percentile

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2026-03-25
2026-03-25 17:16Z
HIGH

CVE-2026-31913 — Limitation: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Whitebox-Studio

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-31913

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Whitebox-Studio Scape scape allows Path Traversal.This issue affects Scape: from n/a through < 1.5.16. CVSSv3.1 8.6 (HIGH) · EPSS 20th percentile

CWECWE 22TYPVulnerability
8.6
CVSS v3.1
93
Edit Score
2026-03-25
2026-03-25 17:16Z
CRIT

CVE-2026-27095 — Deserialization: of Untrusted Data vulnerability in magepeopleteam Bus Ticket Booking with Seat Reservation bus-ticket-booking-with-seat-reservation

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-27095

Deserialization of Untrusted Data vulnerability in magepeopleteam Bus Ticket Booking with Seat Reservation bus-ticket-booking-with-seat-reservation allows Object Injection.This issue affects Bus Ticket Booking with Seat Reservation: from n/a through <= 5.6.0. CVSSv3.1 9.8 (CRITICAL) · EPSS 17th percentile

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-25
2026-03-25 17:16Z
CRIT

CVE-2026-27084 — Deserialization: of Untrusted Data vulnerability in ThemeREX Buisson buisson allows Object Injection.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-27084

Deserialization of Untrusted Data vulnerability in ThemeREX Buisson buisson allows Object Injection.This issue affects Buisson: from n/a through <= 1.1.11. CVSSv3.1 9.8 (CRITICAL) · EPSS 17th percentile

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-25
2026-03-25 17:16Z
CRIT

CVE-2026-27083 — Deserialization: of Untrusted Data vulnerability in ThemeREX Work & Travel Company work-travel-company allows Object

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-27083

Deserialization of Untrusted Data vulnerability in ThemeREX Work & Travel Company work-travel-company allows Object Injection.This issue affects Work & Travel Company: from n/a through <= 1.2. CVSSv3.1 9.8 (CRITICAL) · EPSS 17th percentile

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-25
2026-03-25 17:16Z
CRIT

CVE-2026-27082 — Deserialization: of Untrusted Data vulnerability in ThemeREX Love Story lovestory allows Object Injection.This issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-27082

Deserialization of Untrusted Data vulnerability in ThemeREX Love Story lovestory allows Object Injection.This issue affects Love Story: from n/a through <= 1.3.12. CVSSv3.1 9.8 (CRITICAL) · EPSS 17th percentile

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-25
2026-03-25 17:16Z
HIGH

CVE-2026-27081 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-27081

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Rosebud rosebud allows PHP Local File Inclusion.This issue affects Rosebud: from n/a through <= 1.4. CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-25
2026-03-25 17:16Z
HIGH

CVE-2026-27080 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-27080

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Deston deston allows PHP Local File Inclusion.This issue affects Deston: from n/a through <= 1.0. CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score