Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2025-52810 — Path: Traversal: '.../...//' vulnerability in TMRW-studio Katerio - Magazine katerio allows PHP Local File
Path Traversal: '.../...//' vulnerability in TMRW-studio Katerio - Magazine katerio allows PHP Local File Inclusion.This issue affects Katerio - Magazine: from n/a through <= 1.5.1. CVSSv3.1 8.1 (HIGH)
CVE-2025-52809 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in John Russell National Weather Service Alerts national-weather-service-alerts allows PHP Local File Inclusion.This issue affects National Weather Service Alerts: from n/a through <= 1.3.5. CVSSv3.1 8.1 (HIGH)
CVE-2025-52808 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in real-web RealtyElite realtyelite allows PHP Local File Inclusion.This issue affects RealtyElite: from n/a through <= 1.0.0. CVSSv3.1 8.1 (HIGH)
CVE-2025-52729 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Diza diza allows PHP Local File Inclusion.This issue affects Diza: from n/a through <= 1.3.9. CVSSv3.1 8.1 (HIGH)
CVE-2025-52726 — Incorrect: Privilege Assignment vulnerability in pebas CouponXxL Custom Post Types couponxxl-cpt allows Privilege Escalation.This
Incorrect Privilege Assignment vulnerability in pebas CouponXxL Custom Post Types couponxxl-cpt allows Privilege Escalation.This issue affects CouponXxL Custom Post Types: from n/a through <= 3.0. CVSSv3.1 8.6 (HIGH)
CVE-2025-52725 — Deserialization: of Untrusted Data vulnerability in pebas CouponXxL couponxxl allows Object Injection.This issue affects
Deserialization of Untrusted Data vulnerability in pebas CouponXxL couponxxl allows Object Injection.This issue affects CouponXxL: from n/a through <= 3.0.0. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-52724 — Deserialization: of Untrusted Data vulnerability in BoldThemes Amwerk amwerk allows Object Injection.This issue affects
Deserialization of Untrusted Data vulnerability in BoldThemes Amwerk amwerk allows Object Injection.This issue affects Amwerk: from n/a through <= 1.2.0. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-52723 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in codesupplyco Networker networker allows PHP Local File Inclusion.This issue affects Networker: from n/a through <= 1.2.0. CVSSv3.1 8.1 (HIGH)
CVE-2025-52722 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoinWebs Classiera classiera allows SQL Injection.This issue affects Classiera: from n/a through <= 4.0.34. CVSSv3.1 9.3 (CRITICAL)
CVE-2025-52717 — Lifterlms Lifterlms: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in chrisbadgett LifterLMS lifterlms allows SQL Injection.This issue affects LifterLMS: from n/a through <= 8.0.6. CVSSv3.1 9.3 (CRITICAL)
CVE-2025-49886 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WebGeniusLab Zikzag Core zikzag-core allows PHP Local File Inclusion.This issue affects Zikzag Core: from n/a through <= 1.4.5. CVSSv3.1 8.1 (HIGH)
CVE-2025-49885 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in HaruTheme Drag and Drop Multiple
Unrestricted Upload of File with Dangerous Type vulnerability in HaruTheme Drag and Drop Multiple File Upload (Pro) - WooCommerce drag-and-drop-file-upload-wc-pro allows Upload a Web Shell to a Web Server.This issue affects Drag and Drop Multiple File Upload (Pro) - WooCommerce: from n/a through <= 5.0.6. CVSSv3.1 10.0 (CRITICAL)
CVE-2025-49883 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Greenmart greenmart allows PHP Local File Inclusion.This issue affects Greenmart: from n/a through <= 4.2.3. CVSSv3.1 8.1 (HIGH)
CVE-2025-49448 — Limitation: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Fastw3b
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Fastw3b LLC FW Food Menu fw-food-menu allows Path Traversal.This issue affects FW Food Menu : from n/a through <= 6.0.0. CVSSv3.1 8.6 (HIGH)
CVE-2025-49416 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Fastw3b LLC FW Gallery fw-gallery allows PHP Local File Inclusion.This issue affects FW Gallery: from n/a through <= 8.0.0. CVSSv3.1 8.1 (HIGH)
CVE-2025-39474 — Thememove Amely: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThemeMove Amely amely allows SQL Injection.This issue affects Amely: from n/a through <= 3.1.4. CVSSv3.1 9.3 (CRITICAL)
CVE-2025-30992 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Puca puca allows PHP Local File Inclusion.This issue affects Puca: from n/a through <= 2.6.33. CVSSv3.1 8.1 (HIGH)
CVE-2025-28998 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in serpednet SERPed.net serped-net allows PHP Local File Inclusion.This issue affects SERPed.net: from n/a through <= 4.6. CVSSv3.1 8.1 (HIGH)
CVE-2025-28993 — Control: Improper Control of Generation of Code ('Code Injection') vulnerability in Jose Mortellaro Content No
Improper Control of Generation of Code ('Code Injection') vulnerability in Jose Mortellaro Content No Cache content-no-cache allows Code Injection.This issue affects Content No Cache: from n/a through <= 0.1.4. CVSSv3.1 8.6 (HIGH)
CVE-2025-28990 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme SNS Vicky snsvicky allows PHP Local File Inclusion.This issue affects SNS Vicky: from n/a through <= 3.7. CVSSv3.1 8.1 (HIGH)
CVE-2025-28970 — Deserialization: of Untrusted Data vulnerability in pep.vn WP Optimize By xTraffic wp-optimize-by-xtraffic allows Object
Deserialization of Untrusted Data vulnerability in pep.vn WP Optimize By xTraffic wp-optimize-by-xtraffic allows Object Injection.This issue affects WP Optimize By xTraffic: from n/a through <= 5.1.6. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-28947 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme MBStore - Digital WooCommerce WordPress Theme mbstore allows PHP Local File Inclusion.This issue affects MBStore - Digital WooCommerce WordPress Theme: from n/a through <= 2.3. CVSSv3.1 8.1 (HIGH)
CVE-2025-28946 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BZOTheme PrintXtore bw-printxtore allows PHP Local File Inclusion.This issue affects PrintXtore: from n/a through < 1.7.8. CVSSv3.1 8.1 (HIGH)
CVE-2025-25171 — Authentication: Bypass Using an Alternate Path or Channel vulnerability in Convers Lab WP SmartPay
Authentication Bypass Using an Alternate Path or Channel vulnerability in Convers Lab WP SmartPay smartpay allows Authentication Abuse.This issue affects WP SmartPay: from n/a through <= 2.7.13. CVSSv3.1 8.8 (HIGH)
CVE-2025-24769 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BZOTheme Zenny bw-zenny allows PHP Local File Inclusion.This issue affects Zenny: from n/a through <= 1.7.5. CVSSv3.1 8.1 (HIGH)