Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2025-53198 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in favethemes Houzez houzez allows PHP Local File Inclusion.This issue affects Houzez: from n/a through <= 4.0.4. CVSSv3.1 8.1 (HIGH)
CVE-2025-53194 — Deserialization: of Untrusted Data vulnerability in Crocoblock JetEngine jet-engine allows Code Injection.This issue affects
Deserialization of Untrusted Data vulnerability in Crocoblock JetEngine jet-engine allows Code Injection.This issue affects JetEngine: from n/a through <= 3.7.0. CVSSv3.1 8.5 (HIGH)
CVE-2025-49894 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in uxper Nuss nuss allows PHP Local File Inclusion.This issue affects Nuss: from n/a through <= 1.3.3. CVSSv3.1 8.1 (HIGH)
CVE-2025-49892 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in uxper Uxper Booking uxper-booking allows PHP Local File Inclusion.This issue affects Uxper Booking: from n/a through <= 1.3.3. CVSSv3.1 8.1 (HIGH)
CVE-2025-49891 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in uxper Uxper Booking uxper-booking allows Blind SQL Injection.This issue affects Uxper Booking: from n/a through <= 1.3.3. CVSSv3.1 8.5 (HIGH)
CVE-2025-49890 — Deserialization: of Untrusted Data vulnerability in ThemeREX Organic Beauty organic-beauty allows Object Injection.This issue
Deserialization of Untrusted Data vulnerability in ThemeREX Organic Beauty organic-beauty allows Object Injection.This issue affects Organic Beauty: from n/a through <= 1.4.6. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-49889 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Edge-Themes Edge CPT edge-cpt allows PHP Local File Inclusion.This issue affects Edge CPT: from n/a through <= 1.4. CVSSv3.1 8.1 (HIGH)
CVE-2025-49438 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Max Chirkov Talemy talemy allows PHP Local File Inclusion.This issue affects Talemy: from n/a through <= 1.2.23. CVSSv3.1 8.1 (HIGH)
CVE-2025-49436 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CocoBasic Anotte anotte-wp allows PHP Local File Inclusion.This issue affects Anotte: from n/a through <= 1.8. CVSSv3.1 8.1 (HIGH)
CVE-2025-49434 — Deserialization: of Untrusted Data vulnerability in axiomthemes Cars4Rent cars4rent allows Object Injection.This issue affects
Deserialization of Untrusted Data vulnerability in axiomthemes Cars4Rent cars4rent allows Object Injection.This issue affects Cars4Rent: from n/a through <= 1.4.2. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-49426 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Dahz Kitring kitring allows PHP Local File Inclusion.This issue affects Kitring: from n/a through <= 2.8. CVSSv3.1 8.1 (HIGH)
CVE-2025-49422 — Incorrect: Privilege Assignment vulnerability in themepassion Support Ticket support-ticket allows Privilege Escalation.This issue affects
Incorrect Privilege Assignment vulnerability in themepassion Support Ticket support-ticket allows Privilege Escalation.This issue affects Support Ticket: from n/a through <= 1.9. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-49410 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in Imran Emu Portfolio Manager Pro
Unrestricted Upload of File with Dangerous Type vulnerability in Imran Emu Portfolio Manager Pro otw-portfolio-manager allows Upload a Web Shell to a Web Server.This issue affects Portfolio Manager Pro: from n/a through 3.8. CVSSv3.1 10.0 (CRITICAL)
CVE-2025-49409 — Deserialization: of Untrusted Data vulnerability in brewlabs Portfolio Manager Pro otw-portfolio-manager allows Object Injection.This
Deserialization of Untrusted Data vulnerability in brewlabs Portfolio Manager Pro otw-portfolio-manager allows Object Injection.This issue affects Portfolio Manager Pro: from n/a through 3.8. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-49408 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in WPDeveloper Premium Age Verification /
Unrestricted Upload of File with Dangerous Type vulnerability in WPDeveloper Premium Age Verification / Restriction for WordPress age-restriction allows Using Malicious Files.This issue affects Premium Age Verification / Restriction for WordPress: from n/a through <= 3.0.2. CVSSv3.1 10.0 (CRITICAL)
CVE-2025-49406 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in favethemes Premium Age Verification / Restriction for WordPress age-restriction allows Blind SQL Injection.This issue affects Premium Age Verification / Restriction for WordPress: from n/a through <= 3.0.2. CVSSv3.1 8.5 (HIGH)
CVE-2025-49400 — Deserialization: of Untrusted Data vulnerability in osama.esh PressApps Knowledge Base Contextual Sidebar Addon pressapps-knowledge-base
Deserialization of Untrusted Data vulnerability in osama.esh PressApps Knowledge Base Contextual Sidebar Addon pressapps-knowledge-base allows Object Injection.This issue affects PressApps Knowledge Base Contextual Sidebar Addon: from n/a through <= 4.2.1. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-49399 — Site: Cross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Cross Site Request Forgery.This
Cross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Cross Site Request Forgery.This issue affects NEX-Forms: from n/a through <= 9.1.3. CVSSv3.1 8.8 (HIGH)
CVE-2025-49382 — Site: Cross-Site Request Forgery (CSRF) vulnerability in DexignZone JobZilla - Job Board WordPress Theme jobzilla
Cross-Site Request Forgery (CSRF) vulnerability in DexignZone JobZilla - Job Board WordPress Theme jobzilla allows Privilege Escalation.This issue affects JobZilla - Job Board WordPress Theme: from n/a through <= 2.0. CVSSv3.1 8.8 (HIGH)
CVE-2025-49381 — Site: Cross-Site Request Forgery (CSRF) vulnerability in ads.txt Guru ads.txt Guru Connect adstxt-guru-connect allows Cross
Cross-Site Request Forgery (CSRF) vulnerability in ads.txt Guru ads.txt Guru Connect adstxt-guru-connect allows Cross Site Request Forgery.This issue affects ads.txt Guru Connect: from n/a through <= 1.1.1. CVSSv3.1 9.6 (CRITICAL)
CVE-2025-48171 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Cena Store cena allows PHP Local File Inclusion.This issue affects Cena Store: from n/a through <= 2.11.26. CVSSv3.1 8.1 (HIGH)
CVE-2025-48169 — Control: Improper Control of Generation of Code ('Code Injection') vulnerability in Jordy Meow Code Engine
Improper Control of Generation of Code ('Code Injection') vulnerability in Jordy Meow Code Engine code-engine allows Remote Code Inclusion.This issue affects Code Engine: from n/a through <= 0.3.3. CVSSv3.1 9.9 (CRITICAL)
CVE-2025-48165 — Incorrect: Privilege Assignment vulnerability in DELUCKS DELUCKS SEO delucks-seo allows Privilege Escalation.This issue affects
Incorrect Privilege Assignment vulnerability in DELUCKS DELUCKS SEO delucks-seo allows Privilege Escalation.This issue affects DELUCKS SEO: from n/a through <= 2.6.0. CVSSv3.1 8.8 (HIGH)
CVE-2025-48164 — Incorrect: Privilege Assignment vulnerability in Brainstorm Force SureDash suredash allows Privilege Escalation.This issue affects
Incorrect Privilege Assignment vulnerability in Brainstorm Force SureDash suredash allows Privilege Escalation.This issue affects SureDash: from n/a through <= 1.0.3. CVSSv3.1 8.8 (HIGH)
CVE-2025-48160 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CocoBasic Caliris caliris-wp allows PHP Local File Inclusion.This issue affects Caliris: from n/a through <= 1.5. CVSSv3.1 8.1 (HIGH)