PT-2025-16528 · Unknown · Notfound Unlimited Timeline

Name of the Vulnerable Software and Affected Versions: NotFound Unlimited Timeline affected versions not specified Description: The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. Recommendations: At the moment, the...

PT-2025-16525 · Unknown · Notfound Jetmenu

Name of the Vulnerable Software and Affected Versions: NotFound JetMenu versions n/d through 2.4.9 Description: The issue is related to a lack of authorization in NotFound JetMenu, allowing access to functionalities not properly constrained by Access Control Lists ACLs. Recommendations: For...

PT-2025-16317 · Unknown · Notfound Coming Soon

Name of the Vulnerable Software and Affected Versions: NotFound Coming Soon, Maintenance Mode versions n/a through 1.1.1 Description: The issue is related to Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion' vulnerability. This...

PT-2025-16536 · Unknown · Notfound Easy Contact

Name of the Vulnerable Software and Affected Versions: NotFound Easy Contact versions 0.1.2 and earlier Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows Reflected XSS. Recommendations: For versions...

PT-2025-16535 · WordPress · Wpjobboard

Name of the Vulnerable Software and Affected Versions: WPJobBoard affected versions not specified Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows an attacker to upload a web shell to a web server. This can be achieved through exploiting the CSRF vulnerability...

CVE-2025-32656

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in RadiusTheme Testimonial Slider And Showcase Pro testimonial-slider-showcase-pro allows PHP Local File Inclusion.This issue affects Testimonial Slider And Showcase Pro: from n/a...

CVE-2025-32240

Missing Authorization vulnerability in wpvsingh Site Notify site-notify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Site Notify: from n/a through = 1.0...

CVE-2025-31524

Incorrect Privilege Assignment vulnerability in John James Jacoby WP User Profiles wp-users-profiles allows Privilege Escalation.This issue affects WP User Profiles: from n/a through = 2.6.2...

CVE-2025-32656

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in RadiusTheme Testimonial Slider And Showcase Pro testimonial-slider-showcase-pro allows PHP Local File Inclusion.This issue affects Testimonial Slider And Showcase Pro: from n/a...

CVE-2025-31041

Missing Authorization vulnerability in AnyTrack AnyTrack Affiliate Link Manager anytrack-affiliate-link-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AnyTrack Affiliate Link Manager: from n/a through = 1.0.4...

CVE-2025-31028

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Huseyin Berberoglu WP Hide Categories wp-hide-categories allows Reflected XSS.This issue affects WP Hide Categories: from n/a through = 1.0...

CVE-2025-31040

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Exthemes WP Food ordering and Restaurant Menu wp-food allows PHP Local File Inclusion.This issue affects WP Food ordering and Restaurant Menu: from n/a through = 2.7...

CVE-2025-31040 WordPress WP Food ordering and Restaurant Menu plugin <= 2.7 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Exthemes WP Food ordering and Restaurant Menu wp-food allows PHP Local File Inclusion.This issue affects WP Food ordering and Restaurant Menu: from n/a through = 2.7...

PT-2025-16094 · Unknown · Notfound Testimonial Slider/Showcase Pro

Name of the Vulnerable Software and Affected Versions: NotFound Testimonial Slider And Showcase Pro versions 2.3.15 and earlier Description: The issue is related to improper control of filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion', which allows P...

CVE-2025-31524

Incorrect Privilege Assignment vulnerability in John James Jacoby WP User Profiles wp-users-profiles allows Privilege Escalation.This issue affects WP User Profiles: from n/a through = 2.6.2...

CVE-2025-32240

CVE-2025-32240: The connected Wordfence entry for Site Notify notes a Missing Authorization issue in Site Notify (

CVE-2025-31524

CVE-2025-31524 – WP User Profiles privilege escalation : Affected WP User Profiles (

PT-2025-15955 · Unknown · Notfound Site Notify

Name of the Vulnerable Software and Affected Versions: NotFound Site Notify versions n/d through 1.0 Description: The issue is related to a lack of authorization in NotFound Site Notify, which can be exploited due to incorrectly configured access control security levels. Recommendations: For...

CVE-2025-30596

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in tstafford include-file include-file allows Path Traversal.This issue affects include-file: from n/a through = 1...

CVE-2025-30616

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in David Wood Latest Custom Post Type Updates latest-custom-post-type-updates allows Reflected XSS.This issue affects Latest Custom Post Type Updates: from n/a through = 1.3.0...