2025-04-11
2025-04-11 09:15Z
CRIT

CVE-2025-32579 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in SoftClever Limited Sync Posts sync-posts

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32579

Unrestricted Upload of File with Dangerous Type vulnerability in SoftClever Limited Sync Posts sync-posts allows Upload a Web Shell to a Web Server.This issue affects Sync Posts: from n/a through <= 1.0. CVSSv3.1 9.9 (CRITICAL)

CWECWE 434TYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2025-04-11
2025-04-11 09:15Z
CRIT

CVE-2025-32577 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32577

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in hakeemnala Build App Online build-app-online allows PHP Local File Inclusion.This issue affects Build App Online: from n/a through <= 1.0.23. CVSSv3.1 9.8 (CRITICAL)

CWECWE 98TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-04-11
2025-04-11 09:15Z
CRIT

CVE-2025-32569 — Deserialization: of Untrusted Data vulnerability in RealMag777 TableOn posts-table-filterable allows Object Injection.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32569

Deserialization of Untrusted Data vulnerability in RealMag777 TableOn posts-table-filterable allows Object Injection.This issue affects TableOn: from n/a through <= 1.0.4.3. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-04-11
2025-04-11 09:15Z
CRIT

CVE-2025-32568 — Deserialization: of Untrusted Data vulnerability in empik EmpikPlace for Woocommerce empik-for-woocommerce allows Object Injection.This

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32568

Deserialization of Untrusted Data vulnerability in empik EmpikPlace for Woocommerce empik-for-woocommerce allows Object Injection.This issue affects EmpikPlace for Woocommerce: from n/a through <= 1.4.3. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-04-11
2025-04-11 09:15Z
HIGH

CVE-2025-32567 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32567

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in dev02ali Easy Post Duplicator easy-post-duplicator allows SQL Injection.This issue affects Easy Post Duplicator: from n/a through <= 1.0.1. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2025-04-11
2025-04-11 09:15Z
CRIT

CVE-2025-32565 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32565

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in vertim Neon Product Designer neon-product-designer-for-woocommerce allows SQL Injection.This issue affects Neon Product Designer: from n/a through <= 2.2.0. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2025-04-11
2025-04-11 09:15Z
HIGH

CVE-2025-32558 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32558

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ketanajani Duplicate Title Checker duplicate-title-checker allows Blind SQL Injection.This issue affects Duplicate Title Checker: from n/a through <= 1.2. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
728 × 90 / responsive · programmatic ad slot
2025-04-11
2025-04-11 09:15Z
HIGH

CVE-2025-32542 — Authorization: Missing Authorization vulnerability in EazyPlugins Eazy Plugin Manager plugins-on-steroids allows Exploiting Incorrectly Configured Access

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32542

Missing Authorization vulnerability in EazyPlugins Eazy Plugin Manager plugins-on-steroids allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eazy Plugin Manager: from n/a through <= 4.3.0. CVSSv3.1 8.8 (HIGH)

CWECWE 862TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-04-11
2025-04-11 09:15Z
HIGH

CVE-2025-32519 — Themeatelier Idonate: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32519

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Foysal Imran IDonate idonate allows PHP Local File Inclusion.This issue affects IDonate: from n/a through <= 2.1.18. CVSSv3.1 8.1 (HIGH)

CWECWE 98VNDThemeatelierTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-04-11
2025-04-11 09:15Z
CRIT

CVE-2025-32491 — Incorrect: Privilege Assignment vulnerability in Rankology Rankology SEO – On-site SEO rankology-seo-all-in-one-seo-analytics allows Privilege

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32491

Incorrect Privilege Assignment vulnerability in Rankology Rankology SEO – On-site SEO rankology-seo-all-in-one-seo-analytics allows Privilege Escalation.This issue affects Rankology SEO – On-site SEO: from n/a through <= 2.2.4. CVSSv3.1 9.8 (CRITICAL) · EPSS 30th percentile

CWECWE 266TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-04-11
2025-04-11 09:15Z
HIGH

CVE-2025-32144 — Deserialization: of Untrusted Data vulnerability in PickPlugins Job Board Manager job-board-manager allows Object Injection.This

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32144

Deserialization of Untrusted Data vulnerability in PickPlugins Job Board Manager job-board-manager allows Object Injection.This issue affects Job Board Manager: from n/a through <= 2.1.61. CVSSv3.1 8.8 (HIGH)

CWECWE 502TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-04-11
2025-04-11 09:15Z
HIGH

CVE-2025-32143 — Deserialization: of Untrusted Data vulnerability in PickPlugins Accordion accordions allows Object Injection.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32143

Deserialization of Untrusted Data vulnerability in PickPlugins Accordion accordions allows Object Injection.This issue affects Accordion: from n/a through <= 2.3.11. CVSSv3.1 8.8 (HIGH)

CWECWE 502TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-04-11
2025-04-11 09:15Z
CRIT

CVE-2025-31599 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-31599

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in N-Media Bulk Product Sync sync-wc-google allows SQL Injection.This issue affects Bulk Product Sync: from n/a through <= 8.6. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2025-04-11
2025-04-11 09:15Z
CRIT

CVE-2025-31565 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-31565

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lisandro Martinez WPSmartContracts wp-smart-contracts allows Blind SQL Injection.This issue affects WPSmartContracts: from n/a through <= 2.0.12. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2025-04-11
2025-04-11 09:15Z
HIGH

CVE-2025-31040 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-31040

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Exthemes WP Food ordering and Restaurant Menu wp-food allows PHP Local File Inclusion.This issue affects WP Food ordering and Restaurant Menu: from n/a through <= 2.7. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-04-11
2025-04-11 05:15Z
HIGH

CVE-2025-2636 — InstaWP: The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-2636

The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.1.0.85 via the 'instawp-database-manager' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php f CVSSv3.1 8.1 (HIGH)

CWECWE 22VNDInstawpTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-04-10
2025-04-10 08:15Z
HIGH

CVE-2025-32687 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32687

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Magnigenie Review Stars Count For WooCommerce review-stars-count-for-woocommerce allows SQL Injection.This issue affects Review Stars Count For WooCommerce: from n/a through <= 2.0. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2025-04-10
2025-04-10 08:15Z
HIGH

CVE-2025-32668 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32668

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Rameez Iqbal Real Estate Manager real-estate-manager allows PHP Local File Inclusion.This issue affects Real Estate Manager: from n/a through <= 7.3. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-04-10
2025-04-10 08:15Z
CRIT

CVE-2025-32206 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in LABCAT Processing Projects processing-projects allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32206

Unrestricted Upload of File with Dangerous Type vulnerability in LABCAT Processing Projects processing-projects allows Upload a Web Shell to a Web Server.This issue affects Processing Projects: from n/a through <= 1.0.2. CVSSv3.1 9.1 (CRITICAL)

CWECWE 434TYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2025-04-10
2025-04-10 08:15Z
CRIT

CVE-2025-32202 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in Brian Batt - elearningfreak.com Insert

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32202

Unrestricted Upload of File with Dangerous Type vulnerability in Brian Batt - elearningfreak.com Insert or Embed Articulate Content into WordPress insert-or-embed-articulate-content-into-wordpress allows Upload a Web Shell to a Web Server.This issue affects Insert or Embed Articulate Content into WordPress: from n/a through <= 4.3000000025. CVSSv3.1 9.1 (CRITICAL)

CWECWE 434TYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2025-04-10
2025-04-10 08:15Z
HIGH

CVE-2025-32145 — Deserialization: of Untrusted Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Object Injection.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32145

Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Object Injection.This issue affects WpEvently: from n/a through <= 4.3.6. CVSSv3.1 8.8 (HIGH)

CWECWE 502TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-04-10
2025-04-10 08:15Z
CRIT

CVE-2025-32140 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in Nirmal Kumar Ram WP Remote

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32140

Unrestricted Upload of File with Dangerous Type vulnerability in Nirmal Kumar Ram WP Remote Thumbnail wp-remote-thumbnail allows Upload a Web Shell to a Web Server.This issue affects WP Remote Thumbnail: from n/a through <= 1.3.2. CVSSv3.1 9.9 (CRITICAL)

CWECWE 434TYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2025-04-10
2025-04-10 08:15Z
HIGH

CVE-2025-32119 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32119

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CardGate CardGate Payments for WooCommerce cardgate allows Blind SQL Injection.This issue affects CardGate Payments for WooCommerce: from n/a through <= 3.2.1. CVSSv3.1 8.2 (HIGH) · EPSS 28th percentile

CWECWE 89TYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2025-04-10
2025-04-10 08:15Z
HIGH

CVE-2025-31524 — Incorrect: Privilege Assignment vulnerability in John James Jacoby WP User Profiles wp-users-profiles allows Privilege

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-31524

Incorrect Privilege Assignment vulnerability in John James Jacoby WP User Profiles wp-users-profiles allows Privilege Escalation.This issue affects WP User Profiles: from n/a through <= 2.6.2. CVSSv3.1 8.8 (HIGH)

CWECWE 266TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-04-10
2025-04-10 08:15Z
HIGH

CVE-2025-30582 — Limitation: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in aytechnet

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-30582

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in aytechnet DyaPress ERP/CRM dyapress allows PHP Local File Inclusion.This issue affects DyaPress ERP/CRM: from n/a through <= 18.0.2.0. CVSSv3.1 8.1 (HIGH)

CWECWE 22TYPVulnerability
8.1
CVSS v3.1
91
Edit Score