2026-03-25
2026-03-25 17:16Z
HIGH

CVE-2026-24977 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-24977

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NooTheme Organici Library noo-organici-library allows Blind SQL Injection.This issue affects Organici Library: from n/a through <= 2.1.2. CVSSv3.1 8.5 (HIGH) · EPSS 10th percentile

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2026-03-25
2026-03-25 17:16Z
HIGH

CVE-2026-24976 — Deserialization: of Untrusted Data vulnerability in NooTheme Organici Library noo-organici-library allows Object Injection.This issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-24976

Deserialization of Untrusted Data vulnerability in NooTheme Organici Library noo-organici-library allows Object Injection.This issue affects Organici Library: from n/a through <= 2.1.2. CVSSv3.1 8.8 (HIGH) · EPSS 17th percentile

CWECWE 502TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-03-25
2026-03-25 17:16Z
HIGH

CVE-2026-24974 — Deserialization: of Untrusted Data vulnerability in NooTheme CitiLights noo-citilights allows Object Injection.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-24974

Deserialization of Untrusted Data vulnerability in NooTheme CitiLights noo-citilights allows Object Injection.This issue affects CitiLights: from n/a through <= 3.7.1. CVSSv3.1 8.8 (HIGH) · EPSS 17th percentile

CWECWE 502TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-03-25
2026-03-25 17:16Z
CRIT

CVE-2026-24971 — Incorrect: Privilege Assignment vulnerability in Elated-Themes Search & Go searchgo allows Privilege Escalation.This issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-24971

Incorrect Privilege Assignment vulnerability in Elated-Themes Search & Go searchgo allows Privilege Escalation.This issue affects Search & Go: from n/a through <= 2.8. CVSSv3.1 9.8 (CRITICAL) · EPSS 17th percentile

CWECWE 266TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-25
2026-03-25 17:16Z
CRIT

CVE-2026-24968 — Incorrect: Privilege Assignment vulnerability in Xagio SEO Xagio SEO xagio-seo allows Privilege Escalation.This issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-24968

Incorrect Privilege Assignment vulnerability in Xagio SEO Xagio SEO xagio-seo allows Privilege Escalation.This issue affects Xagio SEO: from n/a through <= 7.1.0.30. CVSSv3.1 9.8 (CRITICAL) · EPSS 17th percentile

CWECWE 266TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-25
2026-03-25 17:16Z
CRIT

CVE-2026-24378 — Deserialization: of Untrusted Data vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Object Injection.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-24378

Deserialization of Untrusted Data vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Object Injection.This issue affects EventPrime: from n/a through <= 4.2.8.0. CVSSv3.1 9.8 (CRITICAL) · EPSS 17th percentile

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-25
2026-03-25 17:16Z
HIGH

CVE-2026-24373 — Incorrect: Privilege Assignment vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Privilege Escalation.This issue affects Re

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-24373

Incorrect Privilege Assignment vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Privilege Escalation.This issue affects RegistrationMagic: from n/a through <= 6.0.7.1. CVSSv3.1 8.1 (HIGH) · EPSS 17th percentile

CWECWE 266TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
728 × 90 / responsive · programmatic ad slot
2026-03-25
2026-03-25 17:16Z
HIGH

CVE-2026-24359 — Authentication: Bypass Using an Alternate Path or Channel vulnerability in Dokan, Inc.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-24359

Authentication Bypass Using an Alternate Path or Channel vulnerability in Dokan, Inc. Dokan dokan-lite allows Authentication Abuse.This issue affects Dokan: from n/a through <= 4.2.4. CVSSv3.1 8.8 (HIGH) · EPSS 18th percentile

CWECWE 288TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-03-25
2026-03-25 17:16Z
HIGH

CVE-2026-23971 — Deserialization: of Untrusted Data vulnerability in xtemos WoodMart woodmart allows Object Injection.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-23971

Deserialization of Untrusted Data vulnerability in xtemos WoodMart woodmart allows Object Injection.This issue affects WoodMart: from n/a through <= 8.3.8. CVSSv3.1 8.1 (HIGH) · EPSS 17th percentile

CWECWE 502TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-25
2026-03-25 17:16Z
HIGH

CVE-2026-22516 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-22516

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Wizor's wizors-investments allows PHP Local File Inclusion.This issue affects Wizor's: from n/a through <= 2.12. CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-25
2026-03-25 17:16Z
HIGH

CVE-2026-22515 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-22515

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes VegaDays vegadays allows PHP Local File Inclusion.This issue affects VegaDays: from n/a through <= 1.2.0. CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-25
2026-03-25 17:16Z
HIGH

CVE-2026-22514 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-22514

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Unica unica allows PHP Local File Inclusion.This issue affects Unica: from n/a through <= 1.4.1. CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-25
2026-03-25 17:16Z
HIGH

CVE-2026-22513 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-22513

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Triompher triompher allows PHP Local File Inclusion.This issue affects Triompher: from n/a through <= 1.1.0. CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-25
2026-03-25 17:16Z
HIGH

CVE-2026-22512 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-22512

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Roisin roisin allows PHP Local File Inclusion.This issue affects Roisin: from n/a through <= 1.2.1. CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-25
2026-03-25 17:16Z
HIGH

CVE-2026-22511 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-22511

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes NeoBeat neobeat allows PHP Local File Inclusion.This issue affects NeoBeat: from n/a through <= 1.2. CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-25
2026-03-25 17:16Z
HIGH

CVE-2026-22510 — Deserialization: of Untrusted Data vulnerability in AncoraThemes Melody melodyschool allows Object Injection.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-22510

Deserialization of Untrusted Data vulnerability in AncoraThemes Melody melodyschool allows Object Injection.This issue affects Melody: from n/a through <= 1.6.3. CVSSv3.1 8.1 (HIGH) · EPSS 17th percentile

CWECWE 502TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-25
2026-03-25 17:16Z
HIGH

CVE-2026-22509 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-22509

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Gioia gioia allows PHP Local File Inclusion.This issue affects Gioia: from n/a through <= 1.4. CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-25
2026-03-25 17:16Z
HIGH

CVE-2026-22508 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-22508

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Dentalux dentalux allows PHP Local File Inclusion.This issue affects Dentalux: from n/a through <= 3.3. CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-25
2026-03-25 17:16Z
CRIT

CVE-2026-22507 — Deserialization: of Untrusted Data vulnerability in AncoraThemes Beelove beelove allows Object Injection.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-22507

Deserialization of Untrusted Data vulnerability in AncoraThemes Beelove beelove allows Object Injection.This issue affects Beelove: from n/a through <= 1.2.6. CVSSv3.1 9.8 (CRITICAL) · EPSS 17th percentile

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-25
2026-03-25 17:16Z
HIGH

CVE-2026-22506 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-22506

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Amoli amoli allows PHP Local File Inclusion.This issue affects Amoli: from n/a through <= 1.0. CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-25
2026-03-25 17:16Z
HIGH

CVE-2026-22505 — Deserialization: of Untrusted Data vulnerability in AncoraThemes Morning Records morning-records allows Object Injection.This issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-22505

Deserialization of Untrusted Data vulnerability in AncoraThemes Morning Records morning-records allows Object Injection.This issue affects Morning Records: from n/a through <= 1.2. CVSSv3.1 8.1 (HIGH) · EPSS 17th percentile

CWECWE 502TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-25
2026-03-25 17:16Z
HIGH

CVE-2026-22504 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-22504

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX ProLingua prolingua allows PHP Local File Inclusion.This issue affects ProLingua: from n/a through <= 1.1.12. CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-25
2026-03-25 17:16Z
HIGH

CVE-2026-22503 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-22503

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Nelson nelson allows PHP Local File Inclusion.This issue affects Nelson: from n/a through <= 1.2.0. CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-25
2026-03-25 17:16Z
HIGH

CVE-2026-22502 — Control: Cobbler mr-cobbler allows PHP Local File Inclusion.This issue affects Mr.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-22502

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Mr. Cobbler mr-cobbler allows PHP Local File Inclusion.This issue affects Mr. Cobbler: from n/a through <= 1.1.9. CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-25
2026-03-25 17:16Z
CRIT

CVE-2026-22500 — Deserialization: of Untrusted Data vulnerability in axiomthemes m2 | Construction and Tools Store m2-ce

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-22500

Deserialization of Untrusted Data vulnerability in axiomthemes m2 | Construction and Tools Store m2-ce allows Object Injection.This issue affects m2 | Construction and Tools Store: from n/a through <= 1.1.2. CVSSv3.1 9.8 (CRITICAL) · EPSS 17th percentile

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score