33 matches found
CVE-2025-3671
CVE-2025-3671 concerns the WPGYM WordPress plugin (Gym Management System) with a Local File Inclusion vulnerability exploitable via the vulnerable parameter “page.” According to the primary sources, this affects all versions up to 67.7.0 and requires authentication at Subscriber level or higher; ...
CVE-2025-3671 WPGYM - Wordpress Gym Management System <= 67.7.0 - Authenticated (Subscriber+) Local File Inclusion to Privilege Escalation via Password Update
The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 67.7.0 via the 'page' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrar...
WordPress BizCalendar Web plugin <= 1.1.0.50 - Authenticated (Contributor+) Local File Inclusion vulnerability
Authenticated Contributor+ Local File Inclusion vulnerability discovered by muhammad yudha in WordPress Plugin bizcalendar-web versions = 1.1.0.53...
WordPress CSS & JavaScript Toolbox plugin < 12.0.3 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Martin Herancourt in WordPress Plugin CSS & JavaScript Toolbox versions 12.0.3...
WordPress Support Board <= 3.8.0 - Local File Inclusion Vulnerability
Local File Inclusion Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Support Board versions = 3.8.0...
WordPress PrivateContent - Mail Actions plugin <= 2.3.2 - Local File Inclusion vulnerability
WordPress PrivateContent - Mail Actions plugin = 2.3.2 - Local File Inclusion vulnerability discovered by Bonds in WordPress Plugin PrivateContent - Mail Actions versions = 2.3.2...
CVE-2025-32298 WordPress CTUsers plugin <= 1.0.0 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Case-Themes CTUsers ctuser allows PHP Local File Inclusion.This issue affects CTUsers: from n/a through = 1.0.0...
WordPress WP Travel Engine plugin <= 6.5.1 - Local File Inclusion Vulnerability
Local File Inclusion Vulnerability discovered by muhammad yudha in WordPress Plugin WP Travel Engine versions = 6.5.1...
WordPress WP Event Manager plugin <= 3.1.51 - Local File Inclusion Vulnerability
Local File Inclusion Vulnerability discovered by LVT-tholv2k in WordPress Plugin WP Event Manager versions = 3.1.51...
WordPress WHMpress plugin <= 6.2-revision-9 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Bonds in WordPress Plugin WHMpress versions = 6.2-revision-9...
WordPress WHMpress plugin <= 6.2-revision-9 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Bonds in WordPress Plugin WHMpress versions = 6.2-revision-9...
WordPress WP Job Portal plugin <= 2.3.1 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin WP Job Portal versions = 2.3.1...
WordPress XT Event Widget for Social Events plugin <= 1.1.7 - Local File Inclusion Vulnerability
Local File Inclusion Vulnerability discovered by timomangcut in WordPress Plugin XT Event Widget for Social Events versions = 1.1.7...
CVE-2025-39452 WordPress WPCafe plugin <= 2.2.32 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Arraytics WPCafe wp-cafe allows PHP Local File Inclusion.This issue affects WPCafe: from n/a through = 2.2.32...
WordPress WPAMS plugin <= 44.0 - Local File Inclusion to Privilege Escalation vulnerability
Local File Inclusion to Privilege Escalation vulnerability discovered by Aiden Thái An in WordPress Plugin WPAMS versions = 44.0...
WordPress Modal Survey plugin <= 2.0.2.0.1 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Bonds Patchstack Alliance in WordPress Plugin Modal Survey versions = 2.0.2.0.1...
CVE-2025-39592
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in WP Shuffle Subscribe to Unlock Lite subscribe-to-unlock-lite allows PHP Local File Inclusion.This issue affects Subscribe to Unlock Lite: from n/a through = 1.3.0...
WordPress hockeydata LOS plugin <= 1.2.4 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin hockeydata LOS versions = 1.2.4...
WordPress Coming Soon, Maintenance Mode plugin <= 1.1.1 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin Coming Soon, Maintenance Mode versions = 1.1.1...
WordPress Ray Enterprise Translation plugin <= 1.7.0 - Local File Inclusion via CSRF Vulnerability
Local File Inclusion via CSRF Vulnerability discovered by astra.r3verii in WordPress Plugin Ray Enterprise Translation versions = 1.7.0...