2026-03-25
2026-03-25 17:16Z
HIGH

CVE-2026-25380 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-25380

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jwsthemes Feedy feedy allows PHP Local File Inclusion.This issue affects Feedy: from n/a through < 2.1.5. CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-25
2026-03-25 17:16Z
HIGH

CVE-2026-25379 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-25379

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jwsthemes StreamVid streamvid allows PHP Local File Inclusion.This issue affects StreamVid: from n/a through < 6.8.6. CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-25
2026-03-25 17:16Z
CRIT

CVE-2026-25377 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-25377

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in eyecix Addon Jobsearch Chat addon-jobsearch-chat allows SQL Injection.This issue affects Addon Jobsearch Chat: from n/a through <= 3.0. CVSSv3.1 9.3 (CRITICAL) · EPSS 12th percentile

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2026-03-25
2026-03-25 17:16Z
CRIT

CVE-2026-25371 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-25371

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in King-Theme Lumise Product Designer lumise allows Blind SQL Injection.This issue affects Lumise Product Designer: from n/a through < 2.0.9. CVSSv3.1 9.3 (CRITICAL) · EPSS 12th percentile

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2026-03-25
2026-03-25 17:16Z
CRIT

CVE-2026-25366 — Control: Improper Control of Generation of Code ('Code Injection') vulnerability in Themeisle Woody ad snippets

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-25366

Improper Control of Generation of Code ('Code Injection') vulnerability in Themeisle Woody ad snippets insert-php allows Code Injection.This issue affects Woody ad snippets: from n/a through <= 2.7.1. CVSSv3.1 9.9 (CRITICAL) · EPSS 17th percentile

CWECWE 94TYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2026-03-25
2026-03-25 17:16Z
HIGH

CVE-2026-25360 — Deserialization: of Untrusted Data vulnerability in rascals Vex vex allows Object Injection.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-25360

Deserialization of Untrusted Data vulnerability in rascals Vex vex allows Object Injection.This issue affects Vex: from n/a through < 1.2.9. CVSSv3.1 8.8 (HIGH) · EPSS 17th percentile

CWECWE 502TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-03-25
2026-03-25 17:16Z
HIGH

CVE-2026-25359 — Deserialization: of Untrusted Data vulnerability in rascals Pendulum pendulum allows Object Injection.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-25359

Deserialization of Untrusted Data vulnerability in rascals Pendulum pendulum allows Object Injection.This issue affects Pendulum: from n/a through < 3.1.5. CVSSv3.1 8.8 (HIGH) · EPSS 17th percentile

CWECWE 502TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
728 × 90 / responsive · programmatic ad slot
2026-03-25
2026-03-25 17:16Z
HIGH

CVE-2026-25358 — Deserialization: of Untrusted Data vulnerability in rascals Meloo meloo allows Object Injection.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-25358

Deserialization of Untrusted Data vulnerability in rascals Meloo meloo allows Object Injection.This issue affects Meloo: from n/a through < 2.8.2. CVSSv3.1 8.8 (HIGH) · EPSS 17th percentile

CWECWE 502TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-03-25
2026-03-25 17:16Z
HIGH

CVE-2026-25357 — Authentication: Bypass Using an Alternate Path or Channel vulnerability in azzaroco Ultimate Membership Pro

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-25357

Authentication Bypass Using an Alternate Path or Channel vulnerability in azzaroco Ultimate Membership Pro indeed-membership-pro allows Authentication Abuse.This issue affects Ultimate Membership Pro: from n/a through <= 13.7. CVSSv3.1 8.1 (HIGH) · EPSS 15th percentile

CWECWE 288TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-25
2026-03-25 17:16Z
CRIT

CVE-2026-25345 — Validation: Improper Validation of Specified Quantity in Input vulnerability in GalleryCreator SimpLy Gallery simply-gallery-block allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-25345

Improper Validation of Specified Quantity in Input vulnerability in GalleryCreator SimpLy Gallery simply-gallery-block allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects SimpLy Gallery: from n/a through <= 3.3.2. CVSSv3.1 9.9 (CRITICAL) · EPSS 22th percentile

CWECWE 1284TYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2026-03-25
2026-03-25 17:16Z
CRIT

CVE-2026-25340 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-25340

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NooTheme Jobmonster noo-jobmonster allows Blind SQL Injection.This issue affects Jobmonster: from n/a through < 4.8.4. CVSSv3.1 9.3 (CRITICAL) · EPSS 12th percentile

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2026-03-25
2026-03-25 17:16Z
HIGH

CVE-2026-25334 — Incorrect: Privilege Assignment vulnerability in wordpresschef Salon Booking System Pro salon-booking-plugin-pro allows Privilege Escalation.This

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-25334

Incorrect Privilege Assignment vulnerability in wordpresschef Salon Booking System Pro salon-booking-plugin-pro allows Privilege Escalation.This issue affects Salon Booking System Pro: from n/a through < 10.30.12. CVSSv3.1 8.1 (HIGH) · EPSS 17th percentile

CWECWE 266TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-25
2026-03-25 17:16Z
CRIT

CVE-2026-25035 — Authentication: Bypass Using an Alternate Path or Channel vulnerability in Wasiliy Strecker / ContestGallery

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-25035

Authentication Bypass Using an Alternate Path or Channel vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Authentication Abuse.This issue affects Contest Gallery: from n/a through <= 28.1.2.2. CVSSv3.1 9.8 (CRITICAL) · EPSS 21th percentile

CWECWE 288TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-25
2026-03-25 17:16Z
CRIT

CVE-2026-25032 — Deserialization: of Untrusted Data vulnerability in park_of_ideas Ricky ricky allows Object Injection.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-25032

Deserialization of Untrusted Data vulnerability in park_of_ideas Ricky ricky allows Object Injection.This issue affects Ricky: from n/a through < 2.31. CVSSv3.1 9.8 (CRITICAL) · EPSS 17th percentile

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-25
2026-03-25 17:16Z
CRIT

CVE-2026-25031 — Deserialization: of Untrusted Data vulnerability in park_of_ideas Tasty Daily tastydaily allows Object Injection.This issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-25031

Deserialization of Untrusted Data vulnerability in park_of_ideas Tasty Daily tastydaily allows Object Injection.This issue affects Tasty Daily: from n/a through < 1.27. CVSSv3.1 9.8 (CRITICAL) · EPSS 17th percentile

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-25
2026-03-25 17:16Z
CRIT

CVE-2026-25030 — Deserialization: of Untrusted Data vulnerability in park_of_ideas Goldish goldish allows Object Injection.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-25030

Deserialization of Untrusted Data vulnerability in park_of_ideas Goldish goldish allows Object Injection.This issue affects Goldish: from n/a through < 3.47. CVSSv3.1 9.8 (CRITICAL) · EPSS 17th percentile

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-25
2026-03-25 17:16Z
CRIT

CVE-2026-25029 — Deserialization: of Untrusted Data vulnerability in park_of_ideas KIDZ kidz allows Object Injection.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-25029

Deserialization of Untrusted Data vulnerability in park_of_ideas KIDZ kidz allows Object Injection.This issue affects KIDZ: from n/a through <= 5.24. CVSSv3.1 9.8 (CRITICAL) · EPSS 17th percentile

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-25
2026-03-25 17:16Z
HIGH

CVE-2026-25017 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-25017

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in stmcan NaturaLife Extensions naturalife-extensions allows PHP Local File Inclusion.This issue affects NaturaLife Extensions: from n/a through <= 2.1. CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-25
2026-03-25 17:16Z
HIGH

CVE-2026-25007 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-25007

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows Blind SQL Injection.This issue affects ElementInvader Addons for Elementor: from n/a through <= 1.4.2. CVSSv3.1 8.5 (HIGH) · EPSS 10th percentile

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2026-03-25
2026-03-25 17:16Z
HIGH

CVE-2026-25001 — Control: Improper Control of Generation of Code ('Code Injection') vulnerability in Saad Iqbal Post Snippets

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-25001

Improper Control of Generation of Code ('Code Injection') vulnerability in Saad Iqbal Post Snippets post-snippets allows Remote Code Inclusion.This issue affects Post Snippets: from n/a through <= 4.0.12. CVSSv3.1 8.5 (HIGH) · EPSS 17th percentile

CWECWE 94TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2026-03-25
2026-03-25 17:16Z
CRIT

CVE-2026-24993 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-24993

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFactory Advanced WooCommerce Product Sales Reporting webd-woocommerce-advanced-reporting-statistics allows Blind SQL Injection.This issue affects Advanced WooCommerce Product Sales Reporting: from n/a through <= 4.1.3. CVSSv3.1 9.3 (CRITICAL) · EPSS 12th percentile

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2026-03-25
2026-03-25 17:16Z
CRIT

CVE-2026-24989 — Deserialization: of Untrusted Data vulnerability in FantasticPlugins SUMO Affiliates Pro affs allows Object Injection.This

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-24989

Deserialization of Untrusted Data vulnerability in FantasticPlugins SUMO Affiliates Pro affs allows Object Injection.This issue affects SUMO Affiliates Pro: from n/a through < 11.4.0. CVSSv3.1 9.8 (CRITICAL) · EPSS 17th percentile

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-25
2026-03-25 17:16Z
HIGH

CVE-2026-24981 — Deserialization: of Untrusted Data vulnerability in NooTheme Visionary Core noo-visionary-core allows Object Injection.This issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-24981

Deserialization of Untrusted Data vulnerability in NooTheme Visionary Core noo-visionary-core allows Object Injection.This issue affects Visionary Core: from n/a through <= 1.4.9. CVSSv3.1 8.8 (HIGH) · EPSS 17th percentile

CWECWE 502TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-03-25
2026-03-25 17:16Z
HIGH

CVE-2026-24978 — Deserialization: of Untrusted Data vulnerability in NooTheme Jobica Core jobica-core allows Object Injection.This issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-24978

Deserialization of Untrusted Data vulnerability in NooTheme Jobica Core jobica-core allows Object Injection.This issue affects Jobica Core: from n/a through <= 1.4.1. CVSSv3.1 8.8 (HIGH) · EPSS 17th percentile

CWECWE 502TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-03-25
2026-03-25 17:16Z
HIGH

CVE-2026-24977 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-24977

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NooTheme Organici Library noo-organici-library allows Blind SQL Injection.This issue affects Organici Library: from n/a through <= 2.1.2. CVSSv3.1 8.5 (HIGH) · EPSS 10th percentile

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score