2025-05-23
2025-05-23 13:15Z
HIGH

CVE-2025-39494 — Qodeinteractive Wilmer: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-39494

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Wilmër wilmer allows PHP Local File Inclusion.This issue affects Wilmër: from n/a through < 3.4.2. CVSSv3.1 8.1 (HIGH)

CWECWE 98VNDQodeinteractiveTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-05-23
2025-05-23 13:15Z
HIGH

CVE-2025-39490 — Qodeinteractive Backpack_traveler: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-39490

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Backpack Traveler backpacktraveler allows PHP Local File Inclusion.This issue affects Backpack Traveler: from n/a through <= 2.10.2. CVSSv3.1 8.1 (HIGH)

CWECWE 98VNDQodeinteractiveTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-05-23
2025-05-23 13:15Z
CRIT

CVE-2025-39489 — Incorrect: Privilege Assignment vulnerability in pebas CouponXL couponxl allows Privilege Escalation.This issue affects CouponXL

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-39489

Incorrect Privilege Assignment vulnerability in pebas CouponXL couponxl allows Privilege Escalation.This issue affects CouponXL: from n/a through <= 4.5.0. CVSSv3.1 9.8 (CRITICAL)

CWECWE 266TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-05-23
2025-05-23 13:15Z
CRIT

CVE-2025-39485 — Themegoods Grand_tour: Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Tour grandtour allows Object Injection.This issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-39485

Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Tour grandtour allows Object Injection.This issue affects Grand Tour: from n/a through <= 5.6. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502VNDThemegoodsTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-05-23
2025-05-23 13:15Z
CRIT

CVE-2025-39480 — Deserialization: of Untrusted Data vulnerability in ThemeMakers Car Dealer cardealer allows Object Injection.This issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-39480

Deserialization of Untrusted Data vulnerability in ThemeMakers Car Dealer cardealer allows Object Injection.This issue affects Car Dealer: from n/a through < 1.6.8. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-05-23
2025-05-23 13:15Z
HIGH

CVE-2025-32309 — Thememove Healsoul: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32309

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Healsoul healsoul allows PHP Local File Inclusion.This issue affects Healsoul: from n/a through <= 2.2.3. CVSSv3.1 8.1 (HIGH)

CWECWE 98VNDThememoveTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-05-23
2025-05-23 13:15Z
HIGH

CVE-2025-32302 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32302

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Winnex winnex allows PHP Local File Inclusion.This issue affects Winnex: from n/a through <= 1.3.2. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
728 × 90 / responsive · programmatic ad slot
2025-05-23
2025-05-23 13:15Z
HIGH

CVE-2025-32294 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32294

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Oxpitan oxpitan allows PHP Local File Inclusion.This issue affects Oxpitan: from n/a through <= 1.3.5. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-05-23
2025-05-23 13:15Z
HIGH

CVE-2025-32293 — Deserialization: of Untrusted Data vulnerability in designthemes Finance Consultant finance allows Object Injection.This issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32293

Deserialization of Untrusted Data vulnerability in designthemes Finance Consultant finance allows Object Injection.This issue affects Finance Consultant: from n/a through <= 2.8. CVSSv3.1 8.8 (HIGH)

CWECWE 502TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-05-23
2025-05-23 13:15Z
CRIT

CVE-2025-32292 — Deserialization: of Untrusted Data vulnerability in AncoraThemes Jarvis – Night Club, Concert, Festival WordPress

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32292

Deserialization of Untrusted Data vulnerability in AncoraThemes Jarvis – Night Club, Concert, Festival WordPress jarvis allows Object Injection.This issue affects Jarvis – Night Club, Concert, Festival WordPress: from n/a through <= 1.8.11. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-05-23
2025-05-23 13:15Z
HIGH

CVE-2025-32289 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32289

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme Yozi yozi allows PHP Local File Inclusion.This issue affects Yozi: from n/a through <= 2.0.63. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-05-23
2025-05-23 13:15Z
HIGH

CVE-2025-32286 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32286

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme Butcher butcher allows PHP Local File Inclusion.This issue affects Butcher: from n/a through <= 2.40. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-05-23
2025-05-23 13:15Z
HIGH

CVE-2025-32284 — Deserialization: of Untrusted Data vulnerability in designthemes Pet World petsworld allows Object Injection.This issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32284

Deserialization of Untrusted Data vulnerability in designthemes Pet World petsworld allows Object Injection.This issue affects Pet World: from n/a through <= 2.8. CVSSv3.1 8.8 (HIGH)

CWECWE 502TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-05-23
2025-05-23 13:15Z
CRIT

CVE-2025-31927 — Deserialization: of Untrusted Data vulnerability in themeton Acerola acerola allows Object Injection.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-31927

Deserialization of Untrusted Data vulnerability in themeton Acerola acerola allows Object Injection.This issue affects Acerola: from n/a through <= 1.6.5. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-05-23
2025-05-23 13:15Z
HIGH

CVE-2025-31924 — Deserialization: of Untrusted Data vulnerability in designthemes Crafts & Arts crafts-and-arts allows Object Injection.This

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-31924

Deserialization of Untrusted Data vulnerability in designthemes Crafts & Arts crafts-and-arts allows Object Injection.This issue affects Crafts & Arts: from n/a through <= 2.5. CVSSv3.1 8.8 (HIGH)

CWECWE 502TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-05-23
2025-05-23 13:15Z
CRIT

CVE-2025-31918 — Incorrect: Privilege Assignment vulnerability in quantumcloud Simple Business Directory Pro simple-business-directory-pro allows Privilege Escalation.This

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-31918

Incorrect Privilege Assignment vulnerability in quantumcloud Simple Business Directory Pro simple-business-directory-pro allows Privilege Escalation.This issue affects Simple Business Directory Pro: from n/a through < 15.6.9. CVSSv3.1 9.8 (CRITICAL)

CWECWE 266TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-05-23
2025-05-23 13:15Z
CRIT

CVE-2025-31916 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in joy2012bd JP Students Result Management

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-31916

Unrestricted Upload of File with Dangerous Type vulnerability in joy2012bd JP Students Result Management System Premium jp-students-result-system-premium allows Upload a Web Shell to a Web Server.This issue affects JP Students Result Management System Premium: from n/a through 1.1.7. CVSSv3.1 9.0 (CRITICAL)

CWECWE 434TYPVulnerability
9.0
CVSS v3.1
95
Edit Score
2025-05-23
2025-05-23 13:15Z
CRIT

CVE-2025-31914 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-31914

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav Pixel WordPress Form BuilderPlugin & Autoresponder pixel-formbuilder allows Blind SQL Injection.This issue affects Pixel WordPress Form BuilderPlugin & Autoresponder: from n/a through <= 1.0.2. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2025-05-23
2025-05-23 13:15Z
HIGH

CVE-2025-31913 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-31913

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme Ogami ogami allows PHP Local File Inclusion.This issue affects Ogami: from n/a through <= 1.53. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-05-23
2025-05-23 13:15Z
HIGH

CVE-2025-31912 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-31912

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Enzio - Responsive Business WordPress Theme enzio allows PHP Local File Inclusion.This issue affects Enzio - Responsive Business WordPress Theme: from n/a through < 1.2.6. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-05-23
2025-05-23 13:15Z
HIGH

CVE-2025-31633 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-31633

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Kiamo kiamo allows PHP Local File Inclusion.This issue affects Kiamo: from n/a through < 1.3.6. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-05-23
2025-05-23 13:15Z
HIGH

CVE-2025-31632 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-31632

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SpyroPress La Boom laboom allows PHP Local File Inclusion.This issue affects La Boom: from n/a through <= 2.7. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-05-23
2025-05-23 13:15Z
CRIT

CVE-2025-31631 — Deserialization: of Untrusted Data vulnerability in AncoraThemes Fish House fish-house allows Object Injection.This issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-31631

Deserialization of Untrusted Data vulnerability in AncoraThemes Fish House fish-house allows Object Injection.This issue affects Fish House: from n/a through <= 1.2.7. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-05-23
2025-05-23 13:15Z
CRIT

CVE-2025-31430 — Deserialization: of Untrusted Data vulnerability in themeton The Business nrgbusiness allows Object Injection.This issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-31430

Deserialization of Untrusted Data vulnerability in themeton The Business nrgbusiness allows Object Injection.This issue affects The Business: from n/a through <= 1.6.1. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-05-23
2025-05-23 13:15Z
CRIT

CVE-2025-31423 — Deserialization: of Untrusted Data vulnerability in AncoraThemes Umberto umberto allows Object Injection.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-31423

Deserialization of Untrusted Data vulnerability in AncoraThemes Umberto umberto allows Object Injection.This issue affects Umberto: from n/a through <= 1.2.8. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score