Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2026-25380 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jwsthemes Feedy feedy allows PHP Local File Inclusion.This issue affects Feedy: from n/a through < 2.1.5. CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile
CVE-2026-25379 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jwsthemes StreamVid streamvid allows PHP Local File Inclusion.This issue affects StreamVid: from n/a through < 6.8.6. CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile
CVE-2026-25377 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in eyecix Addon Jobsearch Chat addon-jobsearch-chat allows SQL Injection.This issue affects Addon Jobsearch Chat: from n/a through <= 3.0. CVSSv3.1 9.3 (CRITICAL) · EPSS 12th percentile
CVE-2026-25371 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in King-Theme Lumise Product Designer lumise allows Blind SQL Injection.This issue affects Lumise Product Designer: from n/a through < 2.0.9. CVSSv3.1 9.3 (CRITICAL) · EPSS 12th percentile
CVE-2026-25366 — Control: Improper Control of Generation of Code ('Code Injection') vulnerability in Themeisle Woody ad snippets
Improper Control of Generation of Code ('Code Injection') vulnerability in Themeisle Woody ad snippets insert-php allows Code Injection.This issue affects Woody ad snippets: from n/a through <= 2.7.1. CVSSv3.1 9.9 (CRITICAL) · EPSS 17th percentile
CVE-2026-25360 — Deserialization: of Untrusted Data vulnerability in rascals Vex vex allows Object Injection.This issue affects
Deserialization of Untrusted Data vulnerability in rascals Vex vex allows Object Injection.This issue affects Vex: from n/a through < 1.2.9. CVSSv3.1 8.8 (HIGH) · EPSS 17th percentile
CVE-2026-25359 — Deserialization: of Untrusted Data vulnerability in rascals Pendulum pendulum allows Object Injection.This issue affects
Deserialization of Untrusted Data vulnerability in rascals Pendulum pendulum allows Object Injection.This issue affects Pendulum: from n/a through < 3.1.5. CVSSv3.1 8.8 (HIGH) · EPSS 17th percentile
CVE-2026-25358 — Deserialization: of Untrusted Data vulnerability in rascals Meloo meloo allows Object Injection.This issue affects
Deserialization of Untrusted Data vulnerability in rascals Meloo meloo allows Object Injection.This issue affects Meloo: from n/a through < 2.8.2. CVSSv3.1 8.8 (HIGH) · EPSS 17th percentile
CVE-2026-25357 — Authentication: Bypass Using an Alternate Path or Channel vulnerability in azzaroco Ultimate Membership Pro
Authentication Bypass Using an Alternate Path or Channel vulnerability in azzaroco Ultimate Membership Pro indeed-membership-pro allows Authentication Abuse.This issue affects Ultimate Membership Pro: from n/a through <= 13.7. CVSSv3.1 8.1 (HIGH) · EPSS 15th percentile
CVE-2026-25345 — Validation: Improper Validation of Specified Quantity in Input vulnerability in GalleryCreator SimpLy Gallery simply-gallery-block allows
Improper Validation of Specified Quantity in Input vulnerability in GalleryCreator SimpLy Gallery simply-gallery-block allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects SimpLy Gallery: from n/a through <= 3.3.2. CVSSv3.1 9.9 (CRITICAL) · EPSS 22th percentile
CVE-2026-25340 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NooTheme Jobmonster noo-jobmonster allows Blind SQL Injection.This issue affects Jobmonster: from n/a through < 4.8.4. CVSSv3.1 9.3 (CRITICAL) · EPSS 12th percentile
CVE-2026-25334 — Incorrect: Privilege Assignment vulnerability in wordpresschef Salon Booking System Pro salon-booking-plugin-pro allows Privilege Escalation.This
Incorrect Privilege Assignment vulnerability in wordpresschef Salon Booking System Pro salon-booking-plugin-pro allows Privilege Escalation.This issue affects Salon Booking System Pro: from n/a through < 10.30.12. CVSSv3.1 8.1 (HIGH) · EPSS 17th percentile
CVE-2026-25035 — Authentication: Bypass Using an Alternate Path or Channel vulnerability in Wasiliy Strecker / ContestGallery
Authentication Bypass Using an Alternate Path or Channel vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Authentication Abuse.This issue affects Contest Gallery: from n/a through <= 28.1.2.2. CVSSv3.1 9.8 (CRITICAL) · EPSS 21th percentile
CVE-2026-25032 — Deserialization: of Untrusted Data vulnerability in park_of_ideas Ricky ricky allows Object Injection.This issue affects
Deserialization of Untrusted Data vulnerability in park_of_ideas Ricky ricky allows Object Injection.This issue affects Ricky: from n/a through < 2.31. CVSSv3.1 9.8 (CRITICAL) · EPSS 17th percentile
CVE-2026-25031 — Deserialization: of Untrusted Data vulnerability in park_of_ideas Tasty Daily tastydaily allows Object Injection.This issue
Deserialization of Untrusted Data vulnerability in park_of_ideas Tasty Daily tastydaily allows Object Injection.This issue affects Tasty Daily: from n/a through < 1.27. CVSSv3.1 9.8 (CRITICAL) · EPSS 17th percentile
CVE-2026-25030 — Deserialization: of Untrusted Data vulnerability in park_of_ideas Goldish goldish allows Object Injection.This issue affects
Deserialization of Untrusted Data vulnerability in park_of_ideas Goldish goldish allows Object Injection.This issue affects Goldish: from n/a through < 3.47. CVSSv3.1 9.8 (CRITICAL) · EPSS 17th percentile
CVE-2026-25029 — Deserialization: of Untrusted Data vulnerability in park_of_ideas KIDZ kidz allows Object Injection.This issue affects
Deserialization of Untrusted Data vulnerability in park_of_ideas KIDZ kidz allows Object Injection.This issue affects KIDZ: from n/a through <= 5.24. CVSSv3.1 9.8 (CRITICAL) · EPSS 17th percentile
CVE-2026-25017 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in stmcan NaturaLife Extensions naturalife-extensions allows PHP Local File Inclusion.This issue affects NaturaLife Extensions: from n/a through <= 2.1. CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile
CVE-2026-25007 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows Blind SQL Injection.This issue affects ElementInvader Addons for Elementor: from n/a through <= 1.4.2. CVSSv3.1 8.5 (HIGH) · EPSS 10th percentile
CVE-2026-25001 — Control: Improper Control of Generation of Code ('Code Injection') vulnerability in Saad Iqbal Post Snippets
Improper Control of Generation of Code ('Code Injection') vulnerability in Saad Iqbal Post Snippets post-snippets allows Remote Code Inclusion.This issue affects Post Snippets: from n/a through <= 4.0.12. CVSSv3.1 8.5 (HIGH) · EPSS 17th percentile
CVE-2026-24993 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFactory Advanced WooCommerce Product Sales Reporting webd-woocommerce-advanced-reporting-statistics allows Blind SQL Injection.This issue affects Advanced WooCommerce Product Sales Reporting: from n/a through <= 4.1.3. CVSSv3.1 9.3 (CRITICAL) · EPSS 12th percentile
CVE-2026-24989 — Deserialization: of Untrusted Data vulnerability in FantasticPlugins SUMO Affiliates Pro affs allows Object Injection.This
Deserialization of Untrusted Data vulnerability in FantasticPlugins SUMO Affiliates Pro affs allows Object Injection.This issue affects SUMO Affiliates Pro: from n/a through < 11.4.0. CVSSv3.1 9.8 (CRITICAL) · EPSS 17th percentile
CVE-2026-24981 — Deserialization: of Untrusted Data vulnerability in NooTheme Visionary Core noo-visionary-core allows Object Injection.This issue
Deserialization of Untrusted Data vulnerability in NooTheme Visionary Core noo-visionary-core allows Object Injection.This issue affects Visionary Core: from n/a through <= 1.4.9. CVSSv3.1 8.8 (HIGH) · EPSS 17th percentile
CVE-2026-24978 — Deserialization: of Untrusted Data vulnerability in NooTheme Jobica Core jobica-core allows Object Injection.This issue
Deserialization of Untrusted Data vulnerability in NooTheme Jobica Core jobica-core allows Object Injection.This issue affects Jobica Core: from n/a through <= 1.4.1. CVSSv3.1 8.8 (HIGH) · EPSS 17th percentile
CVE-2026-24977 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NooTheme Organici Library noo-organici-library allows Blind SQL Injection.This issue affects Organici Library: from n/a through <= 2.1.2. CVSSv3.1 8.5 (HIGH) · EPSS 10th percentile