2025-08-20
2025-08-20 08:15Z
HIGH

CVE-2025-53198 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-53198

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in favethemes Houzez houzez allows PHP Local File Inclusion.This issue affects Houzez: from n/a through <= 4.0.4. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-08-20
2025-08-20 08:15Z
HIGH

CVE-2025-53194 — Deserialization: of Untrusted Data vulnerability in Crocoblock JetEngine jet-engine allows Code Injection.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-53194

Deserialization of Untrusted Data vulnerability in Crocoblock JetEngine jet-engine allows Code Injection.This issue affects JetEngine: from n/a through <= 3.7.0. CVSSv3.1 8.5 (HIGH)

CWECWE 82TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2025-08-20
2025-08-20 08:15Z
HIGH

CVE-2025-49894 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-49894

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in uxper Nuss nuss allows PHP Local File Inclusion.This issue affects Nuss: from n/a through <= 1.3.3. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-08-20
2025-08-20 08:15Z
HIGH

CVE-2025-49892 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-49892

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in uxper Uxper Booking uxper-booking allows PHP Local File Inclusion.This issue affects Uxper Booking: from n/a through <= 1.3.3. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-08-20
2025-08-20 08:15Z
HIGH

CVE-2025-49891 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-49891

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in uxper Uxper Booking uxper-booking allows Blind SQL Injection.This issue affects Uxper Booking: from n/a through <= 1.3.3. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2025-08-20
2025-08-20 08:15Z
CRIT

CVE-2025-49890 — Deserialization: of Untrusted Data vulnerability in ThemeREX Organic Beauty organic-beauty allows Object Injection.This issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-49890

Deserialization of Untrusted Data vulnerability in ThemeREX Organic Beauty organic-beauty allows Object Injection.This issue affects Organic Beauty: from n/a through <= 1.4.6. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-08-20
2025-08-20 08:15Z
HIGH

CVE-2025-49889 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-49889

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Edge-Themes Edge CPT edge-cpt allows PHP Local File Inclusion.This issue affects Edge CPT: from n/a through <= 1.4. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
728 × 90 / responsive · programmatic ad slot
2025-08-20
2025-08-20 08:15Z
HIGH

CVE-2025-49438 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-49438

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Max Chirkov Talemy talemy allows PHP Local File Inclusion.This issue affects Talemy: from n/a through <= 1.2.23. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-08-20
2025-08-20 08:15Z
HIGH

CVE-2025-49436 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-49436

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CocoBasic Anotte anotte-wp allows PHP Local File Inclusion.This issue affects Anotte: from n/a through <= 1.8. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-08-20
2025-08-20 08:15Z
CRIT

CVE-2025-49434 — Deserialization: of Untrusted Data vulnerability in axiomthemes Cars4Rent cars4rent allows Object Injection.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-49434

Deserialization of Untrusted Data vulnerability in axiomthemes Cars4Rent cars4rent allows Object Injection.This issue affects Cars4Rent: from n/a through <= 1.4.2. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-08-20
2025-08-20 08:15Z
HIGH

CVE-2025-49426 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-49426

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Dahz Kitring kitring allows PHP Local File Inclusion.This issue affects Kitring: from n/a through <= 2.8. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-08-20
2025-08-20 08:15Z
CRIT

CVE-2025-49422 — Incorrect: Privilege Assignment vulnerability in themepassion Support Ticket support-ticket allows Privilege Escalation.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-49422

Incorrect Privilege Assignment vulnerability in themepassion Support Ticket support-ticket allows Privilege Escalation.This issue affects Support Ticket: from n/a through <= 1.9. CVSSv3.1 9.8 (CRITICAL)

CWECWE 266TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-08-20
2025-08-20 08:15Z
CRIT

CVE-2025-49410 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in Imran Emu Portfolio Manager Pro

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-49410

Unrestricted Upload of File with Dangerous Type vulnerability in Imran Emu Portfolio Manager Pro otw-portfolio-manager allows Upload a Web Shell to a Web Server.This issue affects Portfolio Manager Pro: from n/a through 3.8. CVSSv3.1 10.0 (CRITICAL)

CWECWE 434TYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2025-08-20
2025-08-20 08:15Z
CRIT

CVE-2025-49409 — Deserialization: of Untrusted Data vulnerability in brewlabs Portfolio Manager Pro otw-portfolio-manager allows Object Injection.This

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-49409

Deserialization of Untrusted Data vulnerability in brewlabs Portfolio Manager Pro otw-portfolio-manager allows Object Injection.This issue affects Portfolio Manager Pro: from n/a through 3.8. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-08-20
2025-08-20 08:15Z
CRIT

CVE-2025-49408 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in WPDeveloper Premium Age Verification /

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-49408

Unrestricted Upload of File with Dangerous Type vulnerability in WPDeveloper Premium Age Verification / Restriction for WordPress age-restriction allows Using Malicious Files.This issue affects Premium Age Verification / Restriction for WordPress: from n/a through <= 3.0.2. CVSSv3.1 10.0 (CRITICAL)

CWECWE 434TYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2025-08-20
2025-08-20 08:15Z
HIGH

CVE-2025-49406 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-49406

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in favethemes Premium Age Verification / Restriction for WordPress age-restriction allows Blind SQL Injection.This issue affects Premium Age Verification / Restriction for WordPress: from n/a through <= 3.0.2. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2025-08-20
2025-08-20 08:15Z
CRIT

CVE-2025-49400 — Deserialization: of Untrusted Data vulnerability in osama.esh PressApps Knowledge Base Contextual Sidebar Addon pressapps-knowledge-base

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-49400

Deserialization of Untrusted Data vulnerability in osama.esh PressApps Knowledge Base Contextual Sidebar Addon pressapps-knowledge-base allows Object Injection.This issue affects PressApps Knowledge Base Contextual Sidebar Addon: from n/a through <= 4.2.1. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-08-20
2025-08-20 08:15Z
HIGH

CVE-2025-49399 — Site: Cross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Cross Site Request Forgery.This

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-49399

Cross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Cross Site Request Forgery.This issue affects NEX-Forms: from n/a through <= 9.1.3. CVSSv3.1 8.8 (HIGH)

CWECWE 352TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-08-20
2025-08-20 08:15Z
HIGH

CVE-2025-49382 — Site: Cross-Site Request Forgery (CSRF) vulnerability in DexignZone JobZilla - Job Board WordPress Theme jobzilla

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-49382

Cross-Site Request Forgery (CSRF) vulnerability in DexignZone JobZilla - Job Board WordPress Theme jobzilla allows Privilege Escalation.This issue affects JobZilla - Job Board WordPress Theme: from n/a through <= 2.0. CVSSv3.1 8.8 (HIGH)

CWECWE 352TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-08-20
2025-08-20 08:15Z
CRIT

CVE-2025-49381 — Site: Cross-Site Request Forgery (CSRF) vulnerability in ads.txt Guru ads.txt Guru Connect adstxt-guru-connect allows Cross

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-49381

Cross-Site Request Forgery (CSRF) vulnerability in ads.txt Guru ads.txt Guru Connect adstxt-guru-connect allows Cross Site Request Forgery.This issue affects ads.txt Guru Connect: from n/a through <= 1.1.1. CVSSv3.1 9.6 (CRITICAL)

CWECWE 352TYPVulnerability
9.6
CVSS v3.1
98
Edit Score
2025-08-20
2025-08-20 08:15Z
HIGH

CVE-2025-48171 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-48171

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Cena Store cena allows PHP Local File Inclusion.This issue affects Cena Store: from n/a through <= 2.11.26. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-08-20
2025-08-20 08:15Z
CRIT

CVE-2025-48169 — Control: Improper Control of Generation of Code ('Code Injection') vulnerability in Jordy Meow Code Engine

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-48169

Improper Control of Generation of Code ('Code Injection') vulnerability in Jordy Meow Code Engine code-engine allows Remote Code Inclusion.This issue affects Code Engine: from n/a through <= 0.3.3. CVSSv3.1 9.9 (CRITICAL)

CWECWE 94TYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2025-08-20
2025-08-20 08:15Z
HIGH

CVE-2025-48165 — Incorrect: Privilege Assignment vulnerability in DELUCKS DELUCKS SEO delucks-seo allows Privilege Escalation.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-48165

Incorrect Privilege Assignment vulnerability in DELUCKS DELUCKS SEO delucks-seo allows Privilege Escalation.This issue affects DELUCKS SEO: from n/a through <= 2.6.0. CVSSv3.1 8.8 (HIGH)

CWECWE 266TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-08-20
2025-08-20 08:15Z
HIGH

CVE-2025-48164 — Incorrect: Privilege Assignment vulnerability in Brainstorm Force SureDash suredash allows Privilege Escalation.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-48164

Incorrect Privilege Assignment vulnerability in Brainstorm Force SureDash suredash allows Privilege Escalation.This issue affects SureDash: from n/a through <= 1.0.3. CVSSv3.1 8.8 (HIGH)

CWECWE 266TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-08-20
2025-08-20 08:15Z
HIGH

CVE-2025-48160 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-48160

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CocoBasic Caliris caliris-wp allows PHP Local File Inclusion.This issue affects Caliris: from n/a through <= 1.5. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score