2025-06-09
2025-06-09 16:15Z
CRIT

CVE-2025-47608 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-47608

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in sonalsinha21 Recover abandoned cart for WooCommerce recover-wc-abandoned-cart allows SQL Injection.This issue affects Recover abandoned cart for WooCommerce: from n/a through <= 2.5. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2025-06-09
2025-06-09 16:15Z
HIGH

CVE-2025-47561 — Incorrect: Privilege Assignment vulnerability in RomanCode MapSVG mapsvg allows Privilege Escalation.This issue affects MapSVG

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-47561

Incorrect Privilege Assignment vulnerability in RomanCode MapSVG mapsvg allows Privilege Escalation.This issue affects MapSVG: from n/a through < 8.6.13. CVSSv3.1 8.8 (HIGH)

CWECWE 266TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-06-09
2025-06-09 16:15Z
HIGH

CVE-2025-39475 — Path: Traversal: '.../...//' vulnerability in Frenify Arlo arlo allows PHP Local File Inclusion.This issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-39475

Path Traversal: '.../...//' vulnerability in Frenify Arlo arlo allows PHP Local File Inclusion.This issue affects Arlo: from n/a through <= 6.0.3. CVSSv3.1 8.1 (HIGH)

CWECWE 35TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-06-09
2025-06-09 16:15Z
HIGH

CVE-2025-39473 — Limitation: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WebGeniusLab

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-39473

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WebGeniusLab Seofy Core seofy-core allows PHP Local File Inclusion.This issue affects Seofy Core: from n/a through <= 1.6.8. CVSSv3.1 8.1 (HIGH)

CWECWE 22TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-06-09
2025-06-09 16:15Z
HIGH

CVE-2025-32595 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32595

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Krowd krowd allows PHP Local File Inclusion.This issue affects Krowd: from n/a through < 1.5.0. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-06-09
2025-06-09 16:15Z
CRIT

CVE-2025-32291 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in FantasticPlugins SUMO Affiliates Pro affs

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32291

Unrestricted Upload of File with Dangerous Type vulnerability in FantasticPlugins SUMO Affiliates Pro affs allows Using Malicious Files.This issue affects SUMO Affiliates Pro: from n/a through < 11.1.0. CVSSv3.1 10.0 (CRITICAL)

CWECWE 434TYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2025-06-09
2025-06-09 16:15Z
HIGH

CVE-2025-31920 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-31920

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AmentoTech WP Guppy wp-guppy allows SQL Injection.This issue affects WP Guppy: from n/a through <= 4.3.3. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
728 × 90 / responsive · programmatic ad slot
2025-06-09
2025-06-09 16:15Z
CRIT

CVE-2025-31429 — Deserialization: of Untrusted Data vulnerability in themeton PressGrid - Frontend Publish Reaction & Multimedia

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-31429

Deserialization of Untrusted Data vulnerability in themeton PressGrid - Frontend Publish Reaction & Multimedia Theme press-grid allows Object Injection.This issue affects PressGrid - Frontend Publish Reaction & Multimedia Theme: from n/a through <= 1.3.1. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-06-09
2025-06-09 16:15Z
CRIT

CVE-2025-31424 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-31424

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav WP Lead Capturing Pages leadcapture allows Blind SQL Injection.This issue affects WP Lead Capturing Pages: from n/a through < 2.6. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2025-06-09
2025-06-09 16:15Z
CRIT

CVE-2025-31398 — Deserialization: of Untrusted Data vulnerability in themeton PIMP - Creative MultiPurpose pimp allows Object

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-31398

Deserialization of Untrusted Data vulnerability in themeton PIMP - Creative MultiPurpose pimp allows Object Injection.This issue affects PIMP - Creative MultiPurpose: from n/a through <= 1.7. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-06-09
2025-06-09 16:15Z
CRIT

CVE-2025-31396 — Deserialization: of Untrusted Data vulnerability in themeton FLAP - Business WordPress Theme flap allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-31396

Deserialization of Untrusted Data vulnerability in themeton FLAP - Business WordPress Theme flap allows Object Injection.This issue affects FLAP - Business WordPress Theme: from n/a through <= 1.5. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-06-09
2025-06-09 16:15Z
CRIT

CVE-2025-31059 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-31059

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in woobewoo WBW Product Table PRO woo-producttables-pro allows SQL Injection.This issue affects WBW Product Table PRO: from n/a through <= 2.2.6. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2025-06-09
2025-06-09 16:15Z
CRIT

CVE-2025-31052 — Deserialization: of Untrusted Data vulnerability in themeton The Fashion - Model Agency One Page

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-31052

Deserialization of Untrusted Data vulnerability in themeton The Fashion - Model Agency One Page Beauty Theme nrgfashion allows Object Injection.This issue affects The Fashion - Model Agency One Page Beauty Theme: from n/a through <= 1.4.4. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-06-09
2025-06-09 16:15Z
CRIT

CVE-2025-31039 — Restriction: Improper Restriction of XML External Entity Reference vulnerability in pixelgrade Category Icon category-icon allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-31039

Improper Restriction of XML External Entity Reference vulnerability in pixelgrade Category Icon category-icon allows XML Entity Linking.This issue affects Category Icon: from n/a through <= 1.0.3. CVSSv3.1 9.1 (CRITICAL)

CWECWE 611TYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2025-06-09
2025-06-09 16:15Z
CRIT

CVE-2025-31022 — Authentication: Bypass Using an Alternate Path or Channel vulnerability in PayU India PayU India

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-31022

Authentication Bypass Using an Alternate Path or Channel vulnerability in PayU India PayU India payu-india allows Authentication Abuse.This issue affects PayU India: from n/a through < 3.8.8. CVSSv3.1 9.8 (CRITICAL)

CWECWE 288TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-06-09
2025-06-09 16:15Z
HIGH

CVE-2025-31019 — Authentication: Bypass Using an Alternate Path or Channel vulnerability in miniOrange Password Policy Manager

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-31019

Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Password Policy Manager password-policy-manager allows Authentication Abuse.This issue affects Password Policy Manager: from n/a through <= 2.0.4. CVSSv3.1 8.8 (HIGH)

CWECWE 288TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-06-09
2025-06-09 16:15Z
HIGH

CVE-2025-28992 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-28992

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme SNS Anton snsanton allows PHP Local File Inclusion.This issue affects SNS Anton: from n/a through <= 4.1. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-06-09
2025-06-09 16:15Z
HIGH

CVE-2025-28945 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-28945

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme Valen - Sport, Fashion WooCommerce WordPress Theme valen allows PHP Local File Inclusion.This issue affects Valen - Sport, Fashion WooCommerce WordPress Theme: from n/a through <= 2.4. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-06-09
2025-06-09 16:15Z
HIGH

CVE-2025-28944 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-28944

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme Avaz snsavaz allows PHP Local File Inclusion.This issue affects Avaz: from n/a through <= 2.8. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-06-09
2025-06-09 16:15Z
HIGH

CVE-2025-28888 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-28888

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BZOTheme GiftXtore bw-giftxtore allows PHP Local File Inclusion.This issue affects GiftXtore: from n/a through < 1.7.7. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-06-09
2025-06-09 16:15Z
HIGH

CVE-2025-27362 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-27362

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BZOTheme Petito bw-petito allows PHP Local File Inclusion.This issue affects Petito: from n/a through < 1.6.6. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-06-09
2025-06-09 16:15Z
HIGH

CVE-2025-26592 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-26592

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Lab lab allows PHP Local File Inclusion.This issue affects Lab: from n/a through <= 1.0.0. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-06-09
2025-06-09 16:15Z
HIGH

CVE-2025-24770 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-24770

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BZOTheme CraftXtore bw-craftxtore allows PHP Local File Inclusion.This issue affects CraftXtore: from n/a through <= 1.7. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-06-09
2025-06-09 16:15Z
HIGH

CVE-2025-24768 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-24768

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme Nitan snsnitan allows PHP Local File Inclusion.This issue affects Nitan: from n/a through <= 2.9. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-06-09
2025-06-09 16:15Z
CRIT

CVE-2025-24767 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-24767

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in facturaone TicketBAI Facturas para WooCommerce wp-ticketbai allows Blind SQL Injection.This issue affects TicketBAI Facturas para WooCommerce: from n/a through <= 3.19. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score