Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2025-48292 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in GoodLayers Tourmaster tourmaster allows PHP Local File Inclusion.This issue affects Tourmaster: from n/a through <= 5.3.8. CVSSv3.1 8.1 (HIGH)
CVE-2025-48289 — Deserialization: of Untrusted Data vulnerability in AncoraThemes Kids Planet kidsplanet allows Object Injection.This issue
Deserialization of Untrusted Data vulnerability in AncoraThemes Kids Planet kidsplanet allows Object Injection.This issue affects Kids Planet: from n/a through <= 2.2.14. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-48287 — Deserialization: of Untrusted Data vulnerability in Pagaleve Pix 4x sem juros - Pagaleve wc-pagaleve
Deserialization of Untrusted Data vulnerability in Pagaleve Pix 4x sem juros - Pagaleve wc-pagaleve allows Object Injection.This issue affects Pix 4x sem juros - Pagaleve: from n/a through <= 1.6.9. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-48283 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Majestic Support Majestic Support majestic-support allows SQL Injection.This issue affects Majestic Support: from n/a through <= 1.1.0. CVSSv3.1 9.3 (CRITICAL)
CVE-2025-47690 — Authorization: Missing Authorization vulnerability in Smackcoders Inc., Lead Form Data Collection to CRM wp-leads-builder-any-crm allows
Missing Authorization vulnerability in Smackcoders Inc., Lead Form Data Collection to CRM wp-leads-builder-any-crm allows Privilege Escalation.This issue affects Lead Form Data Collection to CRM: from n/a through <= 3.1. CVSSv3.1 8.8 (HIGH)
CVE-2025-47687 — Upload: StoreKeeper for WooCommerce storekeeper-for-woocommerce allows Upload a Web Shell to a Web Server.This issue
Unrestricted Upload of File with Dangerous Type vulnerability in StoreKeeper B.V. StoreKeeper for WooCommerce storekeeper-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects StoreKeeper for WooCommerce: from n/a through <= 14.4.4. CVSSv3.1 10.0 (CRITICAL)
CVE-2025-47672 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in miniOrange miniOrange Discord Integration miniorange-discord-integration allows PHP Local File Inclusion.This issue affects miniOrange Discord Integration: from n/a through <= 2.2.2. CVSSv3.1 8.1 (HIGH)
CVE-2025-47670 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in miniOrange WordPress Social Login and Register miniorange-login-openid allows PHP Local File Inclusion.This issue affects WordPress Social Login and Register: from n/a through <= 7.6.10. CVSSv3.1 8.1 (HIGH)
CVE-2025-47663 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla Hospital Management System hospital-management
Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla Hospital Management System hospital-management allows Upload a Web Shell to a Web Server.This issue affects Hospital Management System: from n/a through <= 47.0(20-11-2023). CVSSv3.1 9.9 (CRITICAL)
CVE-2025-47660 — Deserialization: of Untrusted Data vulnerability in Codexpert, Inc WC Affiliate wc-affiliate allows Object Injection.This
Deserialization of Untrusted Data vulnerability in Codexpert, Inc WC Affiliate wc-affiliate allows Object Injection.This issue affects WC Affiliate: from n/a through <= 2.16. CVSSv3.1 8.8 (HIGH)
CVE-2025-47658 — Elula Wsdesk: Unrestricted Upload of File with Dangerous Type vulnerability in ELEXtensions ELEX WordPress HelpDesk &
Unrestricted Upload of File with Dangerous Type vulnerability in ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System elex-helpdesk-customer-support-ticket-system allows Upload a Web Shell to a Web Server.This issue affects ELEX WordPress HelpDesk & Customer Ticketing System: from n/a through <= 3.2.9. CVSSv3.1 9.9 (CRITICAL)
CVE-2025-47646 — Weak: Password Recovery Mechanism for Forgotten Password vulnerability in Gilblas Ngunte Possi PSW Front-end
Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gilblas Ngunte Possi PSW Front-end Login & Registration psw-login-and-registration allows Password Recovery Exploitation.This issue affects PSW Front-end Login & Registration: from n/a through <= 1.13. CVSSv3.1 9.8 (CRITICAL) · EPSS 57th percentile
CVE-2025-47642 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in Ajar Productions Ajar in5 Embed
Unrestricted Upload of File with Dangerous Type vulnerability in Ajar Productions Ajar in5 Embed ajar-productions-in5-embed allows Upload a Web Shell to a Web Server.This issue affects Ajar in5 Embed: from n/a through <= 3.1.5. CVSSv3.1 10.0 (CRITICAL)
CVE-2025-47641 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in printcart Printcart Web to Print
Unrestricted Upload of File with Dangerous Type vulnerability in printcart Printcart Web to Print Product Designer for WooCommerce printcart-integration allows Upload a Web Shell to a Web Server.This issue affects Printcart Web to Print Product Designer for WooCommerce: from n/a through <= 2.3.9. CVSSv3.1 10.0 (CRITICAL)
CVE-2025-47640 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in printcart Printcart Web to Print Product Designer for WooCommerce printcart-integration allows SQL Injection.This issue affects Printcart Web to Print Product Designer for WooCommerce: from n/a through <= 2.4.0. CVSSv3.1 9.3 (CRITICAL)
CVE-2025-47637 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in STAGGS STAGGS staggs allows Upload
Unrestricted Upload of File with Dangerous Type vulnerability in STAGGS STAGGS staggs allows Upload a Web Shell to a Web Server.This issue affects STAGGS: from n/a through <= 2.11.0. CVSSv3.1 10.0 (CRITICAL)
CVE-2025-47631 — Incorrect: Privilege Assignment vulnerability in mojoomla Hospital Management System hospital-management allows Privilege Escalation.This issue
Incorrect Privilege Assignment vulnerability in mojoomla Hospital Management System hospital-management allows Privilege Escalation.This issue affects Hospital Management System: from n/a through <= 47.0(20-11-2023). CVSSv3.1 8.8 (HIGH)
CVE-2025-47599 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in facturante Facturante facturante allows SQL Injection.This issue affects Facturante: from n/a through <= 1.11. CVSSv3.1 9.3 (CRITICAL)
CVE-2025-47575 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla School Management school-management allows SQL Injection.This issue affects School Management: from n/a through <= 92.0.0. CVSSv3.1 8.5 (HIGH)
CVE-2025-47568 — Digitalzoomstudio Zoomsounds: Deserialization of Untrusted Data vulnerability in ZoomIt ZoomSounds dzs-zoomsounds allows Object Injection.This issue affects
Deserialization of Untrusted Data vulnerability in ZoomIt ZoomSounds dzs-zoomsounds allows Object Injection.This issue affects ZoomSounds: from n/a through <= 6.91. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-47539 — Themewinter Eventin: Incorrect Privilege Assignment vulnerability in Arraytics Eventin wp-event-solution allows Privilege Escalation.This issue affects Eventin
Incorrect Privilege Assignment vulnerability in Arraytics Eventin wp-event-solution allows Privilege Escalation.This issue affects Eventin: from n/a through <= 4.0.26. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-47535 — Limitation: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpopal
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpopal Opal Woo Custom Product Variation opal-woo-custom-product-variation allows Path Traversal.This issue affects Opal Woo Custom Product Variation: from n/a through <= 1.2.0. CVSSv3.1 8.6 (HIGH)
CVE-2025-47532 — Deserialization: of Untrusted Data vulnerability in CoinPayments CoinPayments.net Payment Gateway for WooCommerce coinpayments-payment-gateway-for-woocommerce allows
Deserialization of Untrusted Data vulnerability in CoinPayments CoinPayments.net Payment Gateway for WooCommerce coinpayments-payment-gateway-for-woocommerce allows Object Injection.This issue affects CoinPayments.net Payment Gateway for WooCommerce: from n/a through <= 1.0.17. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-47530 — Deserialization: of Untrusted Data vulnerability in WPFunnels WPFunnels wpfunnels allows Object Injection.This issue affects
Deserialization of Untrusted Data vulnerability in WPFunnels WPFunnels wpfunnels allows Object Injection.This issue affects WPFunnels: from n/a through <= 3.5.18. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-47512 — Limitation: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in tainacan
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in tainacan Tainacan tainacan allows Path Traversal.This issue affects Tainacan: from n/a through <= 0.21.14. CVSSv3.1 8.6 (HIGH)