2025-05-23
2025-05-23 13:15Z
HIGH

CVE-2025-48292 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-48292

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in GoodLayers Tourmaster tourmaster allows PHP Local File Inclusion.This issue affects Tourmaster: from n/a through <= 5.3.8. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-05-23
2025-05-23 13:15Z
CRIT

CVE-2025-48289 — Deserialization: of Untrusted Data vulnerability in AncoraThemes Kids Planet kidsplanet allows Object Injection.This issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-48289

Deserialization of Untrusted Data vulnerability in AncoraThemes Kids Planet kidsplanet allows Object Injection.This issue affects Kids Planet: from n/a through <= 2.2.14. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-05-23
2025-05-23 13:15Z
CRIT

CVE-2025-48287 — Deserialization: of Untrusted Data vulnerability in Pagaleve Pix 4x sem juros - Pagaleve wc-pagaleve

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-48287

Deserialization of Untrusted Data vulnerability in Pagaleve Pix 4x sem juros - Pagaleve wc-pagaleve allows Object Injection.This issue affects Pix 4x sem juros - Pagaleve: from n/a through <= 1.6.9. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-05-23
2025-05-23 13:15Z
CRIT

CVE-2025-48283 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-48283

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Majestic Support Majestic Support majestic-support allows SQL Injection.This issue affects Majestic Support: from n/a through <= 1.1.0. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2025-05-23
2025-05-23 13:15Z
HIGH

CVE-2025-47690 — Authorization: Missing Authorization vulnerability in Smackcoders Inc., Lead Form Data Collection to CRM wp-leads-builder-any-crm allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-47690

Missing Authorization vulnerability in Smackcoders Inc., Lead Form Data Collection to CRM wp-leads-builder-any-crm allows Privilege Escalation.This issue affects Lead Form Data Collection to CRM: from n/a through <= 3.1. CVSSv3.1 8.8 (HIGH)

CWECWE 862TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-05-23
2025-05-23 13:15Z
CRIT

CVE-2025-47687 — Upload: StoreKeeper for WooCommerce storekeeper-for-woocommerce allows Upload a Web Shell to a Web Server.This issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-47687

Unrestricted Upload of File with Dangerous Type vulnerability in StoreKeeper B.V. StoreKeeper for WooCommerce storekeeper-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects StoreKeeper for WooCommerce: from n/a through <= 14.4.4. CVSSv3.1 10.0 (CRITICAL)

CWECWE 434TYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2025-05-23
2025-05-23 13:15Z
HIGH

CVE-2025-47672 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-47672

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in miniOrange miniOrange Discord Integration miniorange-discord-integration allows PHP Local File Inclusion.This issue affects miniOrange Discord Integration: from n/a through <= 2.2.2. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
728 × 90 / responsive · programmatic ad slot
2025-05-23
2025-05-23 13:15Z
HIGH

CVE-2025-47670 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-47670

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in miniOrange WordPress Social Login and Register miniorange-login-openid allows PHP Local File Inclusion.This issue affects WordPress Social Login and Register: from n/a through <= 7.6.10. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-05-23
2025-05-23 13:15Z
CRIT

CVE-2025-47663 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla Hospital Management System hospital-management

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-47663

Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla Hospital Management System hospital-management allows Upload a Web Shell to a Web Server.This issue affects Hospital Management System: from n/a through <= 47.0(20-11-2023). CVSSv3.1 9.9 (CRITICAL)

CWECWE 434TYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2025-05-23
2025-05-23 13:15Z
HIGH

CVE-2025-47660 — Deserialization: of Untrusted Data vulnerability in Codexpert, Inc WC Affiliate wc-affiliate allows Object Injection.This

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-47660

Deserialization of Untrusted Data vulnerability in Codexpert, Inc WC Affiliate wc-affiliate allows Object Injection.This issue affects WC Affiliate: from n/a through <= 2.16. CVSSv3.1 8.8 (HIGH)

CWECWE 502TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-05-23
2025-05-23 13:15Z
CRIT

CVE-2025-47658 — Elula Wsdesk: Unrestricted Upload of File with Dangerous Type vulnerability in ELEXtensions ELEX WordPress HelpDesk &

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-47658

Unrestricted Upload of File with Dangerous Type vulnerability in ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System elex-helpdesk-customer-support-ticket-system allows Upload a Web Shell to a Web Server.This issue affects ELEX WordPress HelpDesk & Customer Ticketing System: from n/a through <= 3.2.9. CVSSv3.1 9.9 (CRITICAL)

CWECWE 434VNDElulaTYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2025-05-23
2025-05-23 13:15Z
CRIT

CVE-2025-47646 — Weak: Password Recovery Mechanism for Forgotten Password vulnerability in Gilblas Ngunte Possi PSW Front-end

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-47646

Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gilblas Ngunte Possi PSW Front-end Login & Registration psw-login-and-registration allows Password Recovery Exploitation.This issue affects PSW Front-end Login & Registration: from n/a through <= 1.13. CVSSv3.1 9.8 (CRITICAL) · EPSS 57th percentile

CWECWE 640VNDWeakTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-05-23
2025-05-23 13:15Z
CRIT

CVE-2025-47642 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in Ajar Productions Ajar in5 Embed

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-47642

Unrestricted Upload of File with Dangerous Type vulnerability in Ajar Productions Ajar in5 Embed ajar-productions-in5-embed allows Upload a Web Shell to a Web Server.This issue affects Ajar in5 Embed: from n/a through <= 3.1.5. CVSSv3.1 10.0 (CRITICAL)

CWECWE 434TYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2025-05-23
2025-05-23 13:15Z
CRIT

CVE-2025-47641 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in printcart Printcart Web to Print

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-47641

Unrestricted Upload of File with Dangerous Type vulnerability in printcart Printcart Web to Print Product Designer for WooCommerce printcart-integration allows Upload a Web Shell to a Web Server.This issue affects Printcart Web to Print Product Designer for WooCommerce: from n/a through <= 2.3.9. CVSSv3.1 10.0 (CRITICAL)

CWECWE 434TYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2025-05-23
2025-05-23 13:15Z
CRIT

CVE-2025-47640 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-47640

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in printcart Printcart Web to Print Product Designer for WooCommerce printcart-integration allows SQL Injection.This issue affects Printcart Web to Print Product Designer for WooCommerce: from n/a through <= 2.4.0. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2025-05-23
2025-05-23 13:15Z
CRIT

CVE-2025-47637 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in STAGGS STAGGS staggs allows Upload

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-47637

Unrestricted Upload of File with Dangerous Type vulnerability in STAGGS STAGGS staggs allows Upload a Web Shell to a Web Server.This issue affects STAGGS: from n/a through <= 2.11.0. CVSSv3.1 10.0 (CRITICAL)

CWECWE 434TYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2025-05-23
2025-05-23 13:15Z
HIGH

CVE-2025-47631 — Incorrect: Privilege Assignment vulnerability in mojoomla Hospital Management System hospital-management allows Privilege Escalation.This issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-47631

Incorrect Privilege Assignment vulnerability in mojoomla Hospital Management System hospital-management allows Privilege Escalation.This issue affects Hospital Management System: from n/a through <= 47.0(20-11-2023). CVSSv3.1 8.8 (HIGH)

CWECWE 266TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-05-23
2025-05-23 13:15Z
CRIT

CVE-2025-47599 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-47599

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in facturante Facturante facturante allows SQL Injection.This issue affects Facturante: from n/a through <= 1.11. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2025-05-23
2025-05-23 13:15Z
HIGH

CVE-2025-47575 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-47575

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla School Management school-management allows SQL Injection.This issue affects School Management: from n/a through <= 92.0.0. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2025-05-23
2025-05-23 13:15Z
CRIT

CVE-2025-47568 — Digitalzoomstudio Zoomsounds: Deserialization of Untrusted Data vulnerability in ZoomIt ZoomSounds dzs-zoomsounds allows Object Injection.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-47568

Deserialization of Untrusted Data vulnerability in ZoomIt ZoomSounds dzs-zoomsounds allows Object Injection.This issue affects ZoomSounds: from n/a through <= 6.91. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502VNDDigitalzoomstudioTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-05-23
2025-05-23 13:15Z
CRIT

CVE-2025-47539 — Themewinter Eventin: Incorrect Privilege Assignment vulnerability in Arraytics Eventin wp-event-solution allows Privilege Escalation.This issue affects Eventin

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-47539

Incorrect Privilege Assignment vulnerability in Arraytics Eventin wp-event-solution allows Privilege Escalation.This issue affects Eventin: from n/a through <= 4.0.26. CVSSv3.1 9.8 (CRITICAL)

CWECWE 266VNDThemewinterTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-05-23
2025-05-23 13:15Z
HIGH

CVE-2025-47535 — Limitation: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpopal

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-47535

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpopal Opal Woo Custom Product Variation opal-woo-custom-product-variation allows Path Traversal.This issue affects Opal Woo Custom Product Variation: from n/a through <= 1.2.0. CVSSv3.1 8.6 (HIGH)

CWECWE 22TYPVulnerability
8.6
CVSS v3.1
93
Edit Score
2025-05-23
2025-05-23 13:15Z
CRIT

CVE-2025-47532 — Deserialization: of Untrusted Data vulnerability in CoinPayments CoinPayments.net Payment Gateway for WooCommerce coinpayments-payment-gateway-for-woocommerce allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-47532

Deserialization of Untrusted Data vulnerability in CoinPayments CoinPayments.net Payment Gateway for WooCommerce coinpayments-payment-gateway-for-woocommerce allows Object Injection.This issue affects CoinPayments.net Payment Gateway for WooCommerce: from n/a through <= 1.0.17. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-05-23
2025-05-23 13:15Z
CRIT

CVE-2025-47530 — Deserialization: of Untrusted Data vulnerability in WPFunnels WPFunnels wpfunnels allows Object Injection.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-47530

Deserialization of Untrusted Data vulnerability in WPFunnels WPFunnels wpfunnels allows Object Injection.This issue affects WPFunnels: from n/a through <= 3.5.18. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-05-23
2025-05-23 13:15Z
HIGH

CVE-2025-47512 — Limitation: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in tainacan

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-47512

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in tainacan Tainacan tainacan allows Path Traversal.This issue affects Tainacan: from n/a through <= 0.21.14. CVSSv3.1 8.6 (HIGH)

CWECWE 22TYPVulnerability
8.6
CVSS v3.1
93
Edit Score