2025-05-19
2025-05-19 20:15Z
CRIT

CVE-2025-39349 — Potenzaglobalsolutions Ciyashop: Deserialization of Untrusted Data vulnerability in Potenzaglobalsolutions CiyaShop ciyashop allows Object Injection.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-39349

Deserialization of Untrusted Data vulnerability in Potenzaglobalsolutions CiyaShop ciyashop allows Object Injection.This issue affects CiyaShop: from n/a through <= 4.18.0. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502VNDPotenzaglobalsolutionsTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-05-19
2025-05-19 20:15Z
CRIT

CVE-2025-39348 — Themegoods Grand_restaurant: Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Object Injection.This issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-39348

Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Object Injection.This issue affects Grand Restaurant: from n/a through <= 7.0. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502VNDThemegoodsTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-05-19
2025-05-19 20:15Z
CRIT

CVE-2025-32928 — Themegoods Altair: Deserialization of Untrusted Data vulnerability in ThemeGoods Altair altair allows Object Injection.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32928

Deserialization of Untrusted Data vulnerability in ThemeGoods Altair altair allows Object Injection.This issue affects Altair: from n/a through <= 5.2.2. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502VNDThemegoodsTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-05-19
2025-05-19 20:15Z
CRIT

CVE-2025-32927 — Chimpgroup Foodbakery: Deserialization of Untrusted Data vulnerability in Chimpstudio FoodBakery wp-foodbakery allows Object Injection.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32927

Deserialization of Untrusted Data vulnerability in Chimpstudio FoodBakery wp-foodbakery allows Object Injection.This issue affects FoodBakery: from n/a through <= 3.3. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502VNDChimpgroupTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-05-19
2025-05-19 20:15Z
CRIT

CVE-2025-32926 — Themegoods Grand_restaurant: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeGoods

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32926

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Path Traversal.This issue affects Grand Restaurant: from n/a through <= 7.0. CVSSv3.1 9.8 (CRITICAL)

CWECWE 22VNDThemegoodsTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-05-19
2025-05-19 20:15Z
HIGH

CVE-2025-32925 — Fantasticplugins Sumo_reward_points: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32925

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in FantasticPlugins SUMO Reward Points rewardsystem allows PHP Local File Inclusion.This issue affects SUMO Reward Points: from n/a through <= 30.7.0. CVSSv3.1 8.3 (HIGH)

CWECWE 98VNDFantasticpluginsTYPVulnerability
8.3
CVSS v3.1
92
Edit Score
2025-05-19
2025-05-19 20:15Z
HIGH

CVE-2025-32924 — Roninwp Revy: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32924

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in roninwp Revy revy allows SQL Injection.This issue affects Revy: from n/a through <= 2.1. CVSSv3.1 8.5 (HIGH)

CWECWE 89VNDRoninwpTYPVulnerability
8.5
CVSS v3.1
93
Edit Score
728 × 90 / responsive · programmatic ad slot
2025-05-19
2025-05-19 19:15Z
CRIT

CVE-2025-47581 — Deserialization: of Untrusted Data vulnerability in elbisnero WordPress Events Calendar Registration & Tickets wpeventplus

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-47581

Deserialization of Untrusted Data vulnerability in elbisnero WordPress Events Calendar Registration & Tickets wpeventplus allows Object Injection.This issue affects WordPress Events Calendar Registration & Tickets: from n/a through <= 2.6.0. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-05-19
2025-05-19 19:15Z
CRIT

CVE-2025-47577 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in templateinvaders TI WooCommerce Wishlist ti-woocommerce-wishlist

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-47577

Unrestricted Upload of File with Dangerous Type vulnerability in templateinvaders TI WooCommerce Wishlist ti-woocommerce-wishlist allows Upload a Web Shell to a Web Server.This issue affects TI WooCommerce Wishlist: from n/a through <= 2.9.2. CVSSv3.1 10.0 (CRITICAL)

CWECWE 434TYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2025-05-19
2025-05-19 19:15Z
HIGH

CVE-2025-39458 — Qodeinteractive Foton: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-39458

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Foton foton allows PHP Local File Inclusion.This issue affects Foton: from n/a through <= 2.5.2. CVSSv3.1 8.1 (HIGH)

CWECWE 98VNDQodeinteractiveTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-05-19
2025-05-19 19:15Z
CRIT

CVE-2025-39445 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-39445

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder superstorefinder-wp allows SQL Injection.This issue affects Super Store Finder: from n/a through <= 7.2. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2025-05-19
2025-05-19 19:15Z
CRIT

CVE-2025-39410 — Deserialization: of Untrusted Data vulnerability in themegusta Smart Sections Theme Builder - WPBakery Page

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-39410

Deserialization of Untrusted Data vulnerability in themegusta Smart Sections Theme Builder - WPBakery Page Builder Addon visucom-smart-sections.This issue affects Smart Sections Theme Builder - WPBakery Page Builder Addon: from n/a through <= 1.7.8. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-05-19
2025-05-19 19:15Z
CRIT

CVE-2025-39406 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-39406

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in mojoomla WPAMS apartment-management allows PHP Local File Inclusion.This issue affects WPAMS: from n/a through <= 44.0. CVSSv3.1 9.8 (CRITICAL)

CWECWE 98TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-05-19
2025-05-19 19:15Z
HIGH

CVE-2025-39405 — Incorrect: Privilege Assignment vulnerability in mojoomla WPAMS apartment-management allows Privilege Escalation.This issue affects WPAMS

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-39405

Incorrect Privilege Assignment vulnerability in mojoomla WPAMS apartment-management allows Privilege Escalation.This issue affects WPAMS: from n/a through <= 44.0 (17-08-2023). CVSSv3.1 8.8 (HIGH)

CWECWE 266TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-05-19
2025-05-19 19:15Z
HIGH

CVE-2025-39403 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-39403

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla WPAMS apartment-management allows SQL Injection.This issue affects WPAMS: from n/a through <= 44.0 (17-08-2023). CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2025-05-19
2025-05-19 18:15Z
CRIT

CVE-2025-47582 — Deserialization: of Untrusted Data vulnerability in QuantumCloud WPBot Pro Wordpress Chatbot wpbot-pro allows Object

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-47582

Deserialization of Untrusted Data vulnerability in QuantumCloud WPBot Pro Wordpress Chatbot wpbot-pro allows Object Injection.This issue affects WPBot Pro Wordpress Chatbot: from n/a through <= 12.7.0. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-05-19
2025-05-19 18:15Z
HIGH

CVE-2025-27010 — Path: Traversal: '.../...//' vulnerability in bslthemes Tastyc tastyc allows PHP Local File Inclusion.This issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-27010

Path Traversal: '.../...//' vulnerability in bslthemes Tastyc tastyc allows PHP Local File Inclusion.This issue affects Tastyc: from n/a through < 2.5.2. CVSSv3.1 8.1 (HIGH)

CWECWE 35TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-05-19
2025-05-19 18:15Z
CRIT

CVE-2025-26892 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in dkszone Celestial Aura celestial-aura allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-26892

Unrestricted Upload of File with Dangerous Type vulnerability in dkszone Celestial Aura celestial-aura allows Using Malicious Files.This issue affects Celestial Aura: from n/a through <= 2.2. CVSSv3.1 9.9 (CRITICAL)

CWECWE 434TYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2025-05-19
2025-05-19 18:15Z
CRIT

CVE-2025-26872 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in dkszone Eximius eximius allows Using

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-26872

Unrestricted Upload of File with Dangerous Type vulnerability in dkszone Eximius eximius allows Using Malicious Files.This issue affects Eximius: from n/a through <= 2.2. CVSSv3.1 9.9 (CRITICAL)

CWECWE 434TYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2025-05-19
2025-05-19 17:15Z
HIGH

CVE-2025-47576 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-47576

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Bringthepixel Bimber - Viral Magazine WordPress Theme bimber.This issue affects Bimber - Viral Magazine WordPress Theme: from n/a through <= 9.2.5. CVSSv3.1 8.8 (HIGH)

CWECWE 98TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-05-19
2025-05-19 15:15Z
HIGH

CVE-2025-48278 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-48278

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in davidfcarr RSVPMarker rsvpmaker allows SQL Injection.This issue affects RSVPMarker : from n/a through <= 11.5.6. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2025-05-19
2025-05-19 15:15Z
HIGH

CVE-2025-48236 — Neutralization: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bunny.net bunny.net

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-48236

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bunny.net bunny.net bunnycdn allows Stored XSS.This issue affects bunny.net: from n/a through <= 2.3.0. CVSSv3.1 8.5 (HIGH)

CWECWE 79TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2025-05-17
2025-05-17 22:15Z
HIGH

CVE-2025-4919 — Mozilla Firefox: An attacker was able to perform an out-of-bounds read or write on a JavaScript

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-4919

An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2. CVSSv3.1 8.8 (HIGH)

CWECWE 125CWECWE 787VNDMozillaTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-05-17
2025-05-17 22:15Z
CRIT

CVE-2025-4918 — Mozilla Firefox: An attacker was able to perform an out-of-bounds read or write on a JavaScript

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-4918

An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2. CVSSv3.1 9.8 (CRITICAL)

CWECWE 125CWECWE 787VNDMozillaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-05-16
2025-05-16 16:15Z
HIGH

CVE-2025-48137 — Proxymis Interview: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-48137

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in proxymis Interview interview allows SQL Injection.This issue affects Interview: from n/a through <= 1.01. CVSSv3.1 8.5 (HIGH)

CWECWE 89VNDProxymisTYPVulnerability
8.5
CVSS v3.1
93
Edit Score