Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2025-39494 — Qodeinteractive Wilmer: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Wilmër wilmer allows PHP Local File Inclusion.This issue affects Wilmër: from n/a through < 3.4.2. CVSSv3.1 8.1 (HIGH)
CVE-2025-39490 — Qodeinteractive Backpack_traveler: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Backpack Traveler backpacktraveler allows PHP Local File Inclusion.This issue affects Backpack Traveler: from n/a through <= 2.10.2. CVSSv3.1 8.1 (HIGH)
CVE-2025-39489 — Incorrect: Privilege Assignment vulnerability in pebas CouponXL couponxl allows Privilege Escalation.This issue affects CouponXL
Incorrect Privilege Assignment vulnerability in pebas CouponXL couponxl allows Privilege Escalation.This issue affects CouponXL: from n/a through <= 4.5.0. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-39485 — Themegoods Grand_tour: Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Tour grandtour allows Object Injection.This issue
Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Tour grandtour allows Object Injection.This issue affects Grand Tour: from n/a through <= 5.6. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-39480 — Deserialization: of Untrusted Data vulnerability in ThemeMakers Car Dealer cardealer allows Object Injection.This issue
Deserialization of Untrusted Data vulnerability in ThemeMakers Car Dealer cardealer allows Object Injection.This issue affects Car Dealer: from n/a through < 1.6.8. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-32309 — Thememove Healsoul: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Healsoul healsoul allows PHP Local File Inclusion.This issue affects Healsoul: from n/a through <= 2.2.3. CVSSv3.1 8.1 (HIGH)
CVE-2025-32302 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Winnex winnex allows PHP Local File Inclusion.This issue affects Winnex: from n/a through <= 1.3.2. CVSSv3.1 8.1 (HIGH)
CVE-2025-32294 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Oxpitan oxpitan allows PHP Local File Inclusion.This issue affects Oxpitan: from n/a through <= 1.3.5. CVSSv3.1 8.1 (HIGH)
CVE-2025-32293 — Deserialization: of Untrusted Data vulnerability in designthemes Finance Consultant finance allows Object Injection.This issue
Deserialization of Untrusted Data vulnerability in designthemes Finance Consultant finance allows Object Injection.This issue affects Finance Consultant: from n/a through <= 2.8. CVSSv3.1 8.8 (HIGH)
CVE-2025-32292 — Deserialization: of Untrusted Data vulnerability in AncoraThemes Jarvis – Night Club, Concert, Festival WordPress
Deserialization of Untrusted Data vulnerability in AncoraThemes Jarvis – Night Club, Concert, Festival WordPress jarvis allows Object Injection.This issue affects Jarvis – Night Club, Concert, Festival WordPress: from n/a through <= 1.8.11. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-32289 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme Yozi yozi allows PHP Local File Inclusion.This issue affects Yozi: from n/a through <= 2.0.63. CVSSv3.1 8.1 (HIGH)
CVE-2025-32286 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme Butcher butcher allows PHP Local File Inclusion.This issue affects Butcher: from n/a through <= 2.40. CVSSv3.1 8.1 (HIGH)
CVE-2025-32284 — Deserialization: of Untrusted Data vulnerability in designthemes Pet World petsworld allows Object Injection.This issue
Deserialization of Untrusted Data vulnerability in designthemes Pet World petsworld allows Object Injection.This issue affects Pet World: from n/a through <= 2.8. CVSSv3.1 8.8 (HIGH)
CVE-2025-31927 — Deserialization: of Untrusted Data vulnerability in themeton Acerola acerola allows Object Injection.This issue affects
Deserialization of Untrusted Data vulnerability in themeton Acerola acerola allows Object Injection.This issue affects Acerola: from n/a through <= 1.6.5. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-31924 — Deserialization: of Untrusted Data vulnerability in designthemes Crafts & Arts crafts-and-arts allows Object Injection.This
Deserialization of Untrusted Data vulnerability in designthemes Crafts & Arts crafts-and-arts allows Object Injection.This issue affects Crafts & Arts: from n/a through <= 2.5. CVSSv3.1 8.8 (HIGH)
CVE-2025-31918 — Incorrect: Privilege Assignment vulnerability in quantumcloud Simple Business Directory Pro simple-business-directory-pro allows Privilege Escalation.This
Incorrect Privilege Assignment vulnerability in quantumcloud Simple Business Directory Pro simple-business-directory-pro allows Privilege Escalation.This issue affects Simple Business Directory Pro: from n/a through < 15.6.9. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-31916 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in joy2012bd JP Students Result Management
Unrestricted Upload of File with Dangerous Type vulnerability in joy2012bd JP Students Result Management System Premium jp-students-result-system-premium allows Upload a Web Shell to a Web Server.This issue affects JP Students Result Management System Premium: from n/a through 1.1.7. CVSSv3.1 9.0 (CRITICAL)
CVE-2025-31914 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav Pixel WordPress Form BuilderPlugin & Autoresponder pixel-formbuilder allows Blind SQL Injection.This issue affects Pixel WordPress Form BuilderPlugin & Autoresponder: from n/a through <= 1.0.2. CVSSv3.1 9.3 (CRITICAL)
CVE-2025-31913 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme Ogami ogami allows PHP Local File Inclusion.This issue affects Ogami: from n/a through <= 1.53. CVSSv3.1 8.1 (HIGH)
CVE-2025-31912 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Enzio - Responsive Business WordPress Theme enzio allows PHP Local File Inclusion.This issue affects Enzio - Responsive Business WordPress Theme: from n/a through < 1.2.6. CVSSv3.1 8.1 (HIGH)
CVE-2025-31633 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Kiamo kiamo allows PHP Local File Inclusion.This issue affects Kiamo: from n/a through < 1.3.6. CVSSv3.1 8.1 (HIGH)
CVE-2025-31632 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SpyroPress La Boom laboom allows PHP Local File Inclusion.This issue affects La Boom: from n/a through <= 2.7. CVSSv3.1 8.1 (HIGH)
CVE-2025-31631 — Deserialization: of Untrusted Data vulnerability in AncoraThemes Fish House fish-house allows Object Injection.This issue
Deserialization of Untrusted Data vulnerability in AncoraThemes Fish House fish-house allows Object Injection.This issue affects Fish House: from n/a through <= 1.2.7. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-31430 — Deserialization: of Untrusted Data vulnerability in themeton The Business nrgbusiness allows Object Injection.This issue
Deserialization of Untrusted Data vulnerability in themeton The Business nrgbusiness allows Object Injection.This issue affects The Business: from n/a through <= 1.6.1. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-31423 — Deserialization: of Untrusted Data vulnerability in AncoraThemes Umberto umberto allows Object Injection.This issue affects
Deserialization of Untrusted Data vulnerability in AncoraThemes Umberto umberto allows Object Injection.This issue affects Umberto: from n/a through <= 1.2.8. CVSSv3.1 9.8 (CRITICAL)