Skip to main content
CVE-2025-55708 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExpressTech Systems Quiz And Survey Master allows SQL Injection.2.4. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.0%
CVE-2025-52823 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ovatheme Cube Portfolio allows SQL Injection.16.8. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.0%
CVE-2025-52820 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in infosoftplugin WooCommerce Point Of Sale (POS) allows SQL Injection.4. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi
NVD
CVSS 3.1
8.5
EPSS
0.0%
CVE-2025-49267 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shabti Kaplan Frontend Admin by DynamiApps allows Blind SQL Injection.28.3. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.0%
CVE-2025-49033 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid allows Blind SQL Injection.9.5.3. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.0%
CVE-2025-39510 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Pinterest Automatic Pin allows SQL Injection. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.0%
CVE-2025-30998 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rico Macchi WP Links Page allows SQL Injection.9.6. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.0%
CVE-2025-52797 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in josepsitjar StoryMap allows SQL Injection.1. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF SQLi
NVD
CVSS 3.1
8.2
EPSS
0.0%
CVE-2025-54701 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Unicamp allows PHP Local File Inclusion.6.3. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

LFI PHP Information Disclosure
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-54700 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Makeaholic allows PHP Local File Inclusion.8.4. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

LFI PHP Information Disclosure
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-54690 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themeStek Xinterio allows PHP Local File Inclusion.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

LFI PHP Information Disclosure
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-54689 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Urna allows PHP Local File Inclusion.5.7. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

LFI PHP Information Disclosure
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-30635 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeAtelier IDonatePro allows PHP Local File Inclusion.1.9. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

LFI PHP Information Disclosure
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-28979 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress WP Pipes allows PHP Local File Inclusion.4.3. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

LFI PHP Information Disclosure
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-25172 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in beeteam368 VidMov allows PHP Local File Inclusion.9.4. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

LFI PHP Information Disclosure
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-49036 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in octagonwebstudio Premium Addons for KingComposer allows PHP Local File. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

LFI PHP Information Disclosure
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-52806 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in eyecix JobSearch allows PHP Local File Inclusion.9.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

LFI PHP Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-3703 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wipeoutmedia CSS & JavaScript Toolbox allows PHP Local File Inclusion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

LFI PHP Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-52728 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WebCodingPlace Responsive Posts Carousel WordPress Plugin allows PHP Local. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

LFI PHP WordPress Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-52716 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Acato WP REST Cache allows PHP Local File Inclusion.1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

LFI PHP Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-49271 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in GravityWP GravityWP - Merge Tags allows PHP Local File Inclusion.4.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

LFI PHP Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-49264 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Cloud Infrastructure Services Cloud SAML SSO - Single Sign On Login allows PHP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

LFI PHP Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-48332 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PublishPress Gutenberg Blocks allows PHP Local File Inclusion.3.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

LFI PHP Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-32288 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in stmcan RT-Theme 18 | Extensions allows PHP Local File Inclusion.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

LFI PHP Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-24766 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Royal Themes News Magazine X allows PHP Local File Inclusion.2.37. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

LFI PHP Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-54679 HIGH This Week

Missing Authorization vulnerability in vertim Neon Channel Product Customizer Free allows Exploiting Incorrectly Configured Access Control Security Levels.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-31425 HIGH This Week

Missing Authorization vulnerability in kamleshyadav WP Lead Capturing Pages allows Exploiting Incorrectly Configured Access Control Security Levels.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2023-43692 HIGH This Week

An issue was discovered in Malwarebytes before 4.6.14.326 and before 5.1.5.116 (and Nebula 2020-10-21 and later). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-54692 HIGH This Week

Missing Authorization vulnerability in WP Swings Membership For WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.9.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-52731 HIGH This Week

Missing Authorization vulnerability in themefunction WordPress Event Manager, Event Calendar and Booking Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.0.24. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-30639 HIGH This Week

Missing Authorization vulnerability in ThemeAtelier IDonatePro allows Exploiting Incorrectly Configured Access Control Security Levels.1.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-52801 HIGH This Week

Missing Authorization vulnerability in VonStroheim TheBooking allows Accessing Functionality Not Properly Constrained by ACLs.4.4. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-52800 HIGH This Week

Missing Authorization vulnerability in Unity Business Technology Pty Ltd The E-Commerce ERP allows Accessing Functionality Not Properly Constrained by ACLs.1.1.3. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-7971 HIGH This Week

A security issues exists within Studio 5000 Logix Designer due to unsafe handling of environment variables. Rated high severity (CVSS 7.3). No vendor patch available.

Denial Of Service
NVD
CVSS 4.0
7.3
EPSS
0.0%
CVE-2025-47536 HIGH This Week

Deserialization of Untrusted Data vulnerability in keywordrush Content Egg allows Object Injection.0.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-54697 HIGH This Week

Incorrect Privilege Assignment vulnerability in Ben Ritner - Kadence WP Kadence WooCommerce Email Designer allows Privilege Escalation.5.16. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Privilege Escalation
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-52785 HIGH This Week

Missing Authorization vulnerability in softnwords SMM API allows Exploiting Incorrectly Configured Access Control Security Levels.0.30. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-52775 HIGH This Week

Missing Authorization vulnerability in Ronik@UnlimitedWP Project Cost Calculator allows Exploiting Incorrectly Configured Access Control Security Levels.0.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-53575 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in primersoftware Primer MyData for Woocommerce allows Reflected XSS.2.5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-52788 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Russell Jamieson CaptionPix allows Reflected XSS.8. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-49065 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BestiaDurmiente Visit Counter allows Stored XSS.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-49064 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webilop User Language Switch allows Reflected XSS.6.10. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-49063 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in i3geek BaiduXZH Submit(百度熊掌号) allows Reflected XSS.4.6. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-49062 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cornfeed WP-jScrollPane allows Reflected XSS.0.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-49058 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sound Strategies SoundSt SEO Search allows Reflected XSS.2.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-49057 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ko Min WP Voting allows Reflected XSS.8. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-49056 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shen2 多说社会化评论框 allows Reflected XSS.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-49054 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mrdenny Time Sheets allows Reflected XSS.1.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-49038 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Soflyy WP Dynamic Links allows Reflected XSS.0.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-47689 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in johnh10 Video Blogster Lite allows Reflected XSS.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
Prev Page 2 of 7 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy