2025-04-10
2025-04-10 08:15Z
HIGH

CVE-2025-32145 — Deserialization: of Untrusted Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Object Injection.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32145

Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Object Injection.This issue affects WpEvently: from n/a through <= 4.3.6. CVSSv3.1 8.8 (HIGH)

CWECWE 502TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-04-10
2025-04-10 08:15Z
CRIT

CVE-2025-32140 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in Nirmal Kumar Ram WP Remote

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32140

Unrestricted Upload of File with Dangerous Type vulnerability in Nirmal Kumar Ram WP Remote Thumbnail wp-remote-thumbnail allows Upload a Web Shell to a Web Server.This issue affects WP Remote Thumbnail: from n/a through <= 1.3.2. CVSSv3.1 9.9 (CRITICAL)

CWECWE 434TYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2025-04-10
2025-04-10 08:15Z
HIGH

CVE-2025-32119 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32119

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CardGate CardGate Payments for WooCommerce cardgate allows Blind SQL Injection.This issue affects CardGate Payments for WooCommerce: from n/a through <= 3.2.1. CVSSv3.1 8.2 (HIGH) · EPSS 28th percentile

CWECWE 89TYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2025-04-10
2025-04-10 08:15Z
HIGH

CVE-2025-31524 — Incorrect: Privilege Assignment vulnerability in John James Jacoby WP User Profiles wp-users-profiles allows Privilege

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-31524

Incorrect Privilege Assignment vulnerability in John James Jacoby WP User Profiles wp-users-profiles allows Privilege Escalation.This issue affects WP User Profiles: from n/a through <= 2.6.2. CVSSv3.1 8.8 (HIGH)

CWECWE 266TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-04-10
2025-04-10 08:15Z
HIGH

CVE-2025-30582 — Limitation: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in aytechnet

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-30582

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in aytechnet DyaPress ERP/CRM dyapress allows PHP Local File Inclusion.This issue affects DyaPress ERP/CRM: from n/a through <= 18.0.2.0. CVSSv3.1 8.1 (HIGH)

CWECWE 22TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-04-09
2025-04-09 17:15Z
CRIT

CVE-2025-32695 — Incorrect: Privilege Assignment vulnerability in Mestres do WP Checkout Mestres WP checkout-mestres-wp allows Privilege

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32695

Incorrect Privilege Assignment vulnerability in Mestres do WP Checkout Mestres WP checkout-mestres-wp allows Privilege Escalation.This issue affects Checkout Mestres WP: from n/a through <= 8.7.5. CVSSv3.1 9.8 (CRITICAL)

CWECWE 266TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-04-09
2025-04-09 17:15Z
CRIT

CVE-2025-32642 — Site: Cross-Site Request Forgery (CSRF) vulnerability in appsbd Vite Coupon vite-coupon allows Remote Code Inclusion.This

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32642

Cross-Site Request Forgery (CSRF) vulnerability in appsbd Vite Coupon vite-coupon allows Remote Code Inclusion.This issue affects Vite Coupon: from n/a through <= 1.0.9. CVSSv3.1 10.0 (CRITICAL)

CWECWE 352TYPVulnerability
10.0
CVSS v3.1
100
Edit Score
728 × 90 / responsive · programmatic ad slot
2025-04-09
2025-04-09 17:15Z
CRIT

CVE-2025-32641 — Site: Cross-Site Request Forgery (CSRF) vulnerability in anantaddons Anant Addons for Elementor anant-addons-for-elementor allows Cross

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32641

Cross-Site Request Forgery (CSRF) vulnerability in anantaddons Anant Addons for Elementor anant-addons-for-elementor allows Cross Site Request Forgery.This issue affects Anant Addons for Elementor: from n/a through <= 1.1.8. CVSSv3.1 9.6 (CRITICAL)

CWECWE 352TYPVulnerability
9.6
CVSS v3.1
98
Edit Score
2025-04-09
2025-04-09 17:15Z
CRIT

CVE-2025-32576 — Site: Cross-Site Request Forgery (CSRF) vulnerability in Agence web Eoxia - Montpellier WP shop wpshop

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32576

Cross-Site Request Forgery (CSRF) vulnerability in Agence web Eoxia - Montpellier WP shop wpshop allows Upload a Web Shell to a Web Server.This issue affects WP shop: from n/a through <= 2.6.1. CVSSv3.1 9.6 (CRITICAL)

CWECWE 352TYPVulnerability
9.6
CVSS v3.1
98
Edit Score
2025-04-09
2025-04-09 17:15Z
HIGH

CVE-2025-32547 — Site: Cross-Site Request Forgery (CSRF) vulnerability in gtlwpdev All push notification for WP all-push-notification allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32547

Cross-Site Request Forgery (CSRF) vulnerability in gtlwpdev All push notification for WP all-push-notification allows Blind SQL Injection.This issue affects All push notification for WP: from n/a through <= 1.5.3. CVSSv3.1 8.2 (HIGH)

CWECWE 352TYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2025-04-09
2025-04-09 17:15Z
CRIT

CVE-2025-32496 — Site: Cross-Site Request Forgery (CSRF) vulnerability in Uncodethemes Ultra Demo Importer ut-demo-importer allows Upload a

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32496

Cross-Site Request Forgery (CSRF) vulnerability in Uncodethemes Ultra Demo Importer ut-demo-importer allows Upload a Web Shell to a Web Server.This issue affects Ultra Demo Importer: from n/a through <= 1.0.5. CVSSv3.1 9.6 (CRITICAL)

CWECWE 352TYPVulnerability
9.6
CVSS v3.1
98
Edit Score
2025-04-09
2025-04-09 17:15Z
HIGH

CVE-2025-31038 — Site: Cross-Site Request Forgery (CSRF) vulnerability in Essential Marketer Essential Breadcrumbs essential-breadcrumbs allows Privilege Escalation.This

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-31038

Cross-Site Request Forgery (CSRF) vulnerability in Essential Marketer Essential Breadcrumbs essential-breadcrumbs allows Privilege Escalation.This issue affects Essential Breadcrumbs: from n/a through <= 1.1.1. CVSSv3.1 8.8 (HIGH)

CWECWE 352TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-04-09
2025-04-09 17:15Z
HIGH

CVE-2025-31036 — Site: Cross-Site Request Forgery (CSRF) vulnerability in WPSOLR WPSolr wpsolr-free allows Privilege Escalation.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-31036

Cross-Site Request Forgery (CSRF) vulnerability in WPSOLR WPSolr wpsolr-free allows Privilege Escalation.This issue affects WPSolr: from n/a through <= 24.0. CVSSv3.1 8.8 (HIGH)

CWECWE 352TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-04-09
2025-04-09 17:15Z
CRIT

CVE-2025-31033 — Site: Cross-Site Request Forgery (CSRF) vulnerability in Adam Nowak Buddypress Humanity buddypress-humanity allows Cross Site

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-31033

Cross-Site Request Forgery (CSRF) vulnerability in Adam Nowak Buddypress Humanity buddypress-humanity allows Cross Site Request Forgery.This issue affects Buddypress Humanity: from n/a through <= 1.2. CVSSv3.1 9.8 (CRITICAL)

CWECWE 352TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-04-09
2025-04-09 17:15Z
HIGH

CVE-2025-31023 — Site: Cross-Site Request Forgery (CSRF) vulnerability in Purab Seo Meta Tags seo-meta-tags allows Cross Site

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-31023

Cross-Site Request Forgery (CSRF) vulnerability in Purab Seo Meta Tags seo-meta-tags allows Cross Site Request Forgery.This issue affects Seo Meta Tags: from n/a through <= 1.4. CVSSv3.1 8.8 (HIGH)

CWECWE 352TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-04-09
2025-04-09 17:15Z
CRIT

CVE-2025-31002 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in Bogdan Bendziukov Squeeze squeeze allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-31002

Unrestricted Upload of File with Dangerous Type vulnerability in Bogdan Bendziukov Squeeze squeeze allows Using Malicious Files.This issue affects Squeeze: from n/a through <= 1.6. CVSSv3.1 9.1 (CRITICAL)

CWECWE 434TYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2025-04-08
2025-04-08 20:15Z
CRIT

CVE-2025-22871 — The net/http package improperly accepts a bare LF as a line terminator in chunked

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-22871

The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext. CVSSv3.1 9.1 (CRITICAL) · EPSS 31th percentile

TYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2025-04-08
2025-04-08 05:15Z
CRIT

CVE-2025-2004 — Simple: The Simple WP Events plugin for WordPress is vulnerable to arbitrary file deletion due

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-2004

The Simple WP Events plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wpe_delete_file AJAX action in all versions up to, and including, 1.8.17. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). CVE-2025-32509 is a duplicate of this. CVSSv3.1 9.1 (CRITICAL)

CWECWE 73VNDSimpleTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2025-04-05
2025-04-05 02:15Z
HIGH

CVE-2025-2933 — Email: The Email Notifications for Updates plugin for WordPress is vulnerable to unauthorized modification of

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-2933

The Email Notifications for Updates plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the awun_import_settings() function in all versions up to, and including, 1.1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to admi CVSSv3.1 8.8 (HIGH)

CWECWE 862TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-04-04
2025-04-04 16:15Z
HIGH

CVE-2025-32149 — Mtrv Teachpress: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32149

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in winkm89 teachPress teachpress allows SQL Injection.This issue affects teachPress: from n/a through <= 9.0.11. CVSSv3.1 8.5 (HIGH)

CWECWE 89VNDMtrvTYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2025-04-04
2025-04-04 16:15Z
HIGH

CVE-2025-32148 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32148

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Daisycon Daisycon prijsvergelijkers daisycon allows SQL Injection.This issue affects Daisycon prijsvergelijkers: from n/a through <= 4.8.4. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2025-04-04
2025-04-04 16:15Z
HIGH

CVE-2025-32147 — Authorization: Missing Authorization vulnerability in coothemes Easy WP Optimizer easy-wp-optimizer allows Exploiting Incorrectly Configured Access

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32147

Missing Authorization vulnerability in coothemes Easy WP Optimizer easy-wp-optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy WP Optimizer: from n/a through <= 1.1.0. CVSSv3.1 8.8 (HIGH)

CWECWE 862TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-04-04
2025-04-04 16:15Z
HIGH

CVE-2025-32146 — Joomsky Js_job_manager: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32146

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JoomSky JS Job Manager js-jobs allows PHP Local File Inclusion.This issue affects JS Job Manager: from n/a through <= 2.0.2. CVSSv3.1 8.8 (HIGH)

CWECWE 98VNDJoomskyTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-04-04
2025-04-04 16:15Z
HIGH

CVE-2025-32142 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32142

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Stylemix Motors motors-car-dealership-classified-listings allows PHP Local File Inclusion.This issue affects Motors: from n/a through <= 1.4.71. CVSSv3.1 8.8 (HIGH)

CWECWE 98TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-04-04
2025-04-04 16:15Z
HIGH

CVE-2025-32141 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32141

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows PHP Local File Inclusion.This issue affects MasterStudy LMS: from n/a through <= 3.5.28. CVSSv3.1 8.8 (HIGH)

CWECWE 98TYPVulnerability
8.8
CVSS v3.1
94
Edit Score