397 matches found
WordPress Arlo Theme <= 6.0.3 is vulnerable to Local File Inclusion
Software Arlo Type Theme Vulnerable versions = 6.0.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-39475 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID eaea2827ac9d Credits Bonds Required privilege Unauthenticated Published 3...
WordPress Lesya Theme <= 1.7.2 is vulnerable to Local File Inclusion
Software Lesya Type Theme Vulnerable versions = 1.7.2 Fixed in 1.7.3 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-48290 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID b9712c5f2cb9 Credits Bonds Required privilege Unauthenticated Published ...
WordPress Mr. Murphy Theme < 1.2.12.1 is vulnerable to PHP Object Injection
Software Mr. Murphy Type Theme Vulnerable versions 1.2.12.1 Fixed in 1.2.12.1 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-49072 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 743adbe763dd Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber...
WordPress Infility Global plugin <= 2.14.51 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Martino Spagnuolo r3verii in WordPress Plugin Infility Global versions = 2.14.51...
WordPress eMagicOne Store Manager for WooCommerce plugin <= 1.2.5 - Unauthenticated Arbitrary File Upload via set_file() vulnerability
Unauthenticated Arbitrary File Upload via setfile vulnerability discovered by Ryan Kozak in WordPress Plugin eMagicOne Store Manager versions = 1.2.5...
WordPress Ads Pro plugin <= 4.89 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Nguyễn Trung Kiên anhchangmutrang in WordPress Plugin Ads Pro versions = 4.89...
WordPress Tourmaster plugin <= 5.3.8 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Bonds in WordPress Plugin Tourmaster versions = 5.3.8...
WordPress Ogami Theme <= 1.53 is vulnerable to Local File Inclusion
Software Ogami Type Theme Vulnerable versions = 1.53 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-31913 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID b4ec72647766 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity Requir...
WordPress DZS Video Gallery plugin <= 12.39 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin DZS Video Gallery versions = 12.39...
WordPress PGS Core plugin <= 5.8.0 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by István Márton in WordPress Plugin PGS Core versions = 5.8.0...
WordPress Aeropage Sync for Airtable plugin <= 3.2.0 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability
Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by Cheng Liu in WordPress Plugin Aeropage Sync for Airtable versions = 3.2.0...
WordPress BM Content Builder plugin <= 3.16.2.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Options Update vulnerability discovered by Tonn in WordPress Plugin BM Content Builder versions = 3.16.2.1...
WordPress Altair Theme <= 5.2.2 is vulnerable to PHP Object Injection
Software Altair Type Theme Vulnerable versions = 5.2.2 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-32928 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 644e001022df Credits Bonds Required privilege Unauthenticated Published 2...
WordPress FluentCommunity plugin <= 1.2.15 - PHP Object Injection Vulnerability
PHP Object Injection Vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin FluentCommunity versions = 1.2.15...
WordPress StoreContrl Woocommerce plugin <= 4.1.3 - Arbitrary File Download Vulnerability
Arbitrary File Download Vulnerability discovered by astra.r3verii in WordPress Plugin StoreContrl Woocommerce versions = 4.1.3...
WordPress Foton Theme <= 2.5.2 is vulnerable to Local File Inclusion
Software Foton Type Theme Vulnerable versions = 2.5.2 Fixed in 2.6.1 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-39458 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID e548d81179ab Credits Bonds Required privilege Unauthenticated Published ...
WordPress Dessau Theme < 1.9 is vulnerable to Local File Inclusion
Software Dessau Type Theme Vulnerable versions 1.9 Fixed in 1.9 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-39463 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 0679c8533d71 Credits Bonds Required privilege Unauthenticated Published 17...
WordPress Ivy School Theme <= 1.6.0 is vulnerable to Local File Inclusion
Software Ivy School Type Theme Vulnerable versions = 1.6.0 Fixed in 1.6.1 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-39470 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 2982cc652634 Credits Bonds Required privilege Unauthenticated...
WordPress TuriTop Booking System Plugin <= 1.0.10 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by LVT-tholv2k in WordPress Plugin TuriTop Booking System versions = 1.0.10...
WordPress Sync Posts Plugin <= 1.0 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Sync Posts versions = 1.0...