Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2025-49281 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Magways magways allows PHP Local File Inclusion.This issue affects Magways: from n/a through <= 1.2.1. CVSSv3.1 8.1 (HIGH)
CVE-2025-49280 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Magty magty allows PHP Local File Inclusion.This issue affects Magty: from n/a through <= 1.0.6. CVSSv3.1 8.1 (HIGH)
CVE-2025-49279 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Blogvy blogvy allows PHP Local File Inclusion.This issue affects Blogvy: from n/a through <= 1.0.7. CVSSv3.1 8.1 (HIGH)
CVE-2025-49278 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Blogty blogty allows PHP Local File Inclusion.This issue affects Blogty: from n/a through <= 1.0.11. CVSSv3.1 8.1 (HIGH)
CVE-2025-49277 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Blogprise blogprise allows PHP Local File Inclusion.This issue affects Blogprise: from n/a through <= 1.0.9. CVSSv3.1 8.1 (HIGH)
CVE-2025-49276 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Blogmine blogmine allows PHP Local File Inclusion.This issue affects Blogmine: from n/a through <= 1.1.7. CVSSv3.1 8.1 (HIGH)
CVE-2025-49275 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Blogbyte blogbyte allows PHP Local File Inclusion.This issue affects Blogbyte: from n/a through <= 1.1.1. CVSSv3.1 8.1 (HIGH)
CVE-2025-48281 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mystyleplatform MyStyle Custom Product Designer mystyle-custom-product-designer allows Blind SQL Injection.This issue affects MyStyle Custom Product Designer: from n/a through <= 3.21.1. CVSSv3.1 9.3 (CRITICAL)
CVE-2025-48267 — Thimpress Wp_pipes: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThimPress
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThimPress WP Pipes wp-pipes allows Path Traversal.This issue affects WP Pipes: from n/a through <= 1.4.2. CVSSv3.1 8.6 (HIGH)
CVE-2025-48141 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alex Zaytseff Multi CryptoCurrency Payments multi-crypto-currency-payment allows SQL Injection.This issue affects Multi CryptoCurrency Payments: from n/a through <= 2.0.7. CVSSv3.1 9.3 (CRITICAL)
CVE-2025-48140 — Control: Improper Control of Generation of Code ('Code Injection') vulnerability in metalpriceapi MetalpriceAPI metalpriceapi allows
Improper Control of Generation of Code ('Code Injection') vulnerability in metalpriceapi MetalpriceAPI metalpriceapi allows Code Injection.This issue affects MetalpriceAPI: from n/a through <= 1.1.4. CVSSv3.1 9.9 (CRITICAL)
CVE-2025-48129 — Incorrect: Privilege Assignment vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP
Incorrect Privilege Assignment vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light excel-like-price-change-for-woocommerce-and-wp-e-commerce-light allows Privilege Escalation.This issue affects Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light: from n/a through <= 2.4.37. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-48126 — G5plus Essential_real_estate: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in g5theme Essential Real Estate essential-real-estate allows PHP Local File Inclusion.This issue affects Essential Real Estate: from n/a through <= 5.3.2. CVSSv3.1 8.1 (HIGH)
CVE-2025-48125 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Event Manager WP Event Manager wp-event-manager allows PHP Local File Inclusion.This issue affects WP Event Manager: from n/a through <= 3.1.51. CVSSv3.1 8.1 (HIGH)
CVE-2025-48123 — Control: Improper Control of Generation of Code ('Code Injection') vulnerability in Holest Engineering Spreadsheet Price
Improper Control of Generation of Code ('Code Injection') vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light excel-like-price-change-for-woocommerce-and-wp-e-commerce-light allows Code Injection.This issue affects Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light: from n/a through <= 2.4.37. CVSSv3.1 10.0 (CRITICAL)
CVE-2025-48122 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light excel-like-price-change-for-woocommerce-and-wp-e-commerce-light allows SQL Injection.This issue affects Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light: from n/a through <= 2.4.37. CVSSv3.1 9.3 (CRITICAL)
CVE-2025-47651 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infility Infility Global infility-global allows SQL Injection.This issue affects Infility Global: from n/a through <= 2.15.11. CVSSv3.1 8.5 (HIGH)
CVE-2025-47608 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in sonalsinha21 Recover abandoned cart for WooCommerce recover-wc-abandoned-cart allows SQL Injection.This issue affects Recover abandoned cart for WooCommerce: from n/a through <= 2.5. CVSSv3.1 9.3 (CRITICAL)
CVE-2025-47561 — Incorrect: Privilege Assignment vulnerability in RomanCode MapSVG mapsvg allows Privilege Escalation.This issue affects MapSVG
Incorrect Privilege Assignment vulnerability in RomanCode MapSVG mapsvg allows Privilege Escalation.This issue affects MapSVG: from n/a through < 8.6.13. CVSSv3.1 8.8 (HIGH)
CVE-2025-39475 — Path: Traversal: '.../...//' vulnerability in Frenify Arlo arlo allows PHP Local File Inclusion.This issue
Path Traversal: '.../...//' vulnerability in Frenify Arlo arlo allows PHP Local File Inclusion.This issue affects Arlo: from n/a through <= 6.0.3. CVSSv3.1 8.1 (HIGH)
CVE-2025-39473 — Limitation: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WebGeniusLab
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WebGeniusLab Seofy Core seofy-core allows PHP Local File Inclusion.This issue affects Seofy Core: from n/a through <= 1.6.8. CVSSv3.1 8.1 (HIGH)
CVE-2025-32595 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Krowd krowd allows PHP Local File Inclusion.This issue affects Krowd: from n/a through < 1.5.0. CVSSv3.1 8.1 (HIGH)
CVE-2025-32291 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in FantasticPlugins SUMO Affiliates Pro affs
Unrestricted Upload of File with Dangerous Type vulnerability in FantasticPlugins SUMO Affiliates Pro affs allows Using Malicious Files.This issue affects SUMO Affiliates Pro: from n/a through < 11.1.0. CVSSv3.1 10.0 (CRITICAL)
CVE-2025-31920 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AmentoTech WP Guppy wp-guppy allows SQL Injection.This issue affects WP Guppy: from n/a through <= 4.3.3. CVSSv3.1 8.5 (HIGH)
CVE-2025-31429 — Deserialization: of Untrusted Data vulnerability in themeton PressGrid - Frontend Publish Reaction & Multimedia
Deserialization of Untrusted Data vulnerability in themeton PressGrid - Frontend Publish Reaction & Multimedia Theme press-grid allows Object Injection.This issue affects PressGrid - Frontend Publish Reaction & Multimedia Theme: from n/a through <= 1.3.1. CVSSv3.1 9.8 (CRITICAL)