Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2025-32579 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in SoftClever Limited Sync Posts sync-posts
Unrestricted Upload of File with Dangerous Type vulnerability in SoftClever Limited Sync Posts sync-posts allows Upload a Web Shell to a Web Server.This issue affects Sync Posts: from n/a through <= 1.0. CVSSv3.1 9.9 (CRITICAL)
CVE-2025-32577 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in hakeemnala Build App Online build-app-online allows PHP Local File Inclusion.This issue affects Build App Online: from n/a through <= 1.0.23. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-32569 — Deserialization: of Untrusted Data vulnerability in RealMag777 TableOn posts-table-filterable allows Object Injection.This issue affects
Deserialization of Untrusted Data vulnerability in RealMag777 TableOn posts-table-filterable allows Object Injection.This issue affects TableOn: from n/a through <= 1.0.4.3. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-32568 — Deserialization: of Untrusted Data vulnerability in empik EmpikPlace for Woocommerce empik-for-woocommerce allows Object Injection.This
Deserialization of Untrusted Data vulnerability in empik EmpikPlace for Woocommerce empik-for-woocommerce allows Object Injection.This issue affects EmpikPlace for Woocommerce: from n/a through <= 1.4.3. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-32567 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in dev02ali Easy Post Duplicator easy-post-duplicator allows SQL Injection.This issue affects Easy Post Duplicator: from n/a through <= 1.0.1. CVSSv3.1 8.5 (HIGH)
CVE-2025-32565 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in vertim Neon Product Designer neon-product-designer-for-woocommerce allows SQL Injection.This issue affects Neon Product Designer: from n/a through <= 2.2.0. CVSSv3.1 9.3 (CRITICAL)
CVE-2025-32558 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ketanajani Duplicate Title Checker duplicate-title-checker allows Blind SQL Injection.This issue affects Duplicate Title Checker: from n/a through <= 1.2. CVSSv3.1 8.5 (HIGH)
CVE-2025-32542 — Authorization: Missing Authorization vulnerability in EazyPlugins Eazy Plugin Manager plugins-on-steroids allows Exploiting Incorrectly Configured Access
Missing Authorization vulnerability in EazyPlugins Eazy Plugin Manager plugins-on-steroids allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eazy Plugin Manager: from n/a through <= 4.3.0. CVSSv3.1 8.8 (HIGH)
CVE-2025-32519 — Themeatelier Idonate: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Foysal Imran IDonate idonate allows PHP Local File Inclusion.This issue affects IDonate: from n/a through <= 2.1.18. CVSSv3.1 8.1 (HIGH)
CVE-2025-32491 — Incorrect: Privilege Assignment vulnerability in Rankology Rankology SEO – On-site SEO rankology-seo-all-in-one-seo-analytics allows Privilege
Incorrect Privilege Assignment vulnerability in Rankology Rankology SEO – On-site SEO rankology-seo-all-in-one-seo-analytics allows Privilege Escalation.This issue affects Rankology SEO – On-site SEO: from n/a through <= 2.2.4. CVSSv3.1 9.8 (CRITICAL) · EPSS 30th percentile
CVE-2025-32144 — Deserialization: of Untrusted Data vulnerability in PickPlugins Job Board Manager job-board-manager allows Object Injection.This
Deserialization of Untrusted Data vulnerability in PickPlugins Job Board Manager job-board-manager allows Object Injection.This issue affects Job Board Manager: from n/a through <= 2.1.61. CVSSv3.1 8.8 (HIGH)
CVE-2025-32143 — Deserialization: of Untrusted Data vulnerability in PickPlugins Accordion accordions allows Object Injection.This issue affects
Deserialization of Untrusted Data vulnerability in PickPlugins Accordion accordions allows Object Injection.This issue affects Accordion: from n/a through <= 2.3.11. CVSSv3.1 8.8 (HIGH)
CVE-2025-31599 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in N-Media Bulk Product Sync sync-wc-google allows SQL Injection.This issue affects Bulk Product Sync: from n/a through <= 8.6. CVSSv3.1 9.3 (CRITICAL)
CVE-2025-31565 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lisandro Martinez WPSmartContracts wp-smart-contracts allows Blind SQL Injection.This issue affects WPSmartContracts: from n/a through <= 2.0.12. CVSSv3.1 9.3 (CRITICAL)
CVE-2025-31040 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Exthemes WP Food ordering and Restaurant Menu wp-food allows PHP Local File Inclusion.This issue affects WP Food ordering and Restaurant Menu: from n/a through <= 2.7. CVSSv3.1 8.1 (HIGH)
CVE-2025-2636 — InstaWP: The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable
The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.1.0.85 via the 'instawp-database-manager' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php f CVSSv3.1 8.1 (HIGH)
CVE-2025-32687 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Magnigenie Review Stars Count For WooCommerce review-stars-count-for-woocommerce allows SQL Injection.This issue affects Review Stars Count For WooCommerce: from n/a through <= 2.0. CVSSv3.1 8.5 (HIGH)
CVE-2025-32668 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Rameez Iqbal Real Estate Manager real-estate-manager allows PHP Local File Inclusion.This issue affects Real Estate Manager: from n/a through <= 7.3. CVSSv3.1 8.1 (HIGH)
CVE-2025-32206 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in LABCAT Processing Projects processing-projects allows
Unrestricted Upload of File with Dangerous Type vulnerability in LABCAT Processing Projects processing-projects allows Upload a Web Shell to a Web Server.This issue affects Processing Projects: from n/a through <= 1.0.2. CVSSv3.1 9.1 (CRITICAL)
CVE-2025-32202 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in Brian Batt - elearningfreak.com Insert
Unrestricted Upload of File with Dangerous Type vulnerability in Brian Batt - elearningfreak.com Insert or Embed Articulate Content into WordPress insert-or-embed-articulate-content-into-wordpress allows Upload a Web Shell to a Web Server.This issue affects Insert or Embed Articulate Content into WordPress: from n/a through <= 4.3000000025. CVSSv3.1 9.1 (CRITICAL)
CVE-2025-32145 — Deserialization: of Untrusted Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Object Injection.This issue affects
Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Object Injection.This issue affects WpEvently: from n/a through <= 4.3.6. CVSSv3.1 8.8 (HIGH)
CVE-2025-32140 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in Nirmal Kumar Ram WP Remote
Unrestricted Upload of File with Dangerous Type vulnerability in Nirmal Kumar Ram WP Remote Thumbnail wp-remote-thumbnail allows Upload a Web Shell to a Web Server.This issue affects WP Remote Thumbnail: from n/a through <= 1.3.2. CVSSv3.1 9.9 (CRITICAL)
CVE-2025-32119 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CardGate CardGate Payments for WooCommerce cardgate allows Blind SQL Injection.This issue affects CardGate Payments for WooCommerce: from n/a through <= 3.2.1. CVSSv3.1 8.2 (HIGH) · EPSS 28th percentile
CVE-2025-31524 — Incorrect: Privilege Assignment vulnerability in John James Jacoby WP User Profiles wp-users-profiles allows Privilege
Incorrect Privilege Assignment vulnerability in John James Jacoby WP User Profiles wp-users-profiles allows Privilege Escalation.This issue affects WP User Profiles: from n/a through <= 2.6.2. CVSSv3.1 8.8 (HIGH)
CVE-2025-30582 — Limitation: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in aytechnet
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in aytechnet DyaPress ERP/CRM dyapress allows PHP Local File Inclusion.This issue affects DyaPress ERP/CRM: from n/a through <= 18.0.2.0. CVSSv3.1 8.1 (HIGH)