7.5
CVE-2025-69383 - WordPress WP shop plugin <= 2.6.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Agence web Eoxia - Montpellier WP shop wpshop allows PHP Local File Inclusion.This issue affects WP shop: from n/a through <= 2.6.1.
9.8
CVE-2025-69382 - WordPress Themesflat Elementor plugin <= 1.0.1 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in themesflat Themesflat Elementor themesflat-elementor allows Object Injection.This issue affects Themesflat Elementor: from n/a through <= 1.0.1.
7.1
CVE-2025-69381 - WordPress WooCommerce Bulk Product Editor plugin <= 3.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in vanquish WooCommerce Bulk Product Editor woocommerce-quick-product-editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Bulk Product Editor: from n/a through <= 3.0.
7.5
CVE-2025-69380 - WordPress Upload Files Anywhere plugin <= 2.8 - Arbitrary File Download vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish Upload Files Anywhere wp-upload-files-anywhere allows Path Traversal.This issue affects Upload Files Anywhere: from n/a through <= 2.8.
8.6
CVE-2025-69379 - WordPress Upload Files Anywhere plugin <= 2.8 - Arbitrary File Deletion vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish Upload Files Anywhere wp-upload-files-anywhere allows Path Traversal.This issue affects Upload Files Anywhere: from n/a through <= 2.8.
7.2
CVE-2025-69378 - WordPress Product Filter for WooCommerce plugin <= 9.1.2 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in XforWooCommerce Product Filter for WooCommerce prdctfltr allows Privilege Escalation.This issue affects Product Filter for WooCommerce: from n/a through <= 9.1.2.
7.7
CVE-2025-69377 - WordPress User Extra Fields plugin <= 17.0 - Arbitrary File Deletion vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Path Traversal.This issue affects User Extra Fields: from n/a through <= 17.0.
8.6
CVE-2025-69376 - WordPress User Extra Fields plugin <= 17.0 - Arbitrary File Deletion vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Path Traversal.This issue affects User Extra Fields: from n/a through <= 17.0.
8.1
CVE-2025-69375 - WordPress Portfolio Builder plugin <= 1.2.5 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SolverWp Portfolio Builder swp-portfolio allows PHP Local File Inclusion.This issue affects Portfolio Builder: from n/a through <= 1.2.5.
8.1
CVE-2025-69374 - WordPress Eleblog β Elementor Blog And Magazine Addons plugin <= 2.0.3 - Local File Inclusion vulneβ¦
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SolverWp Eleblog β Elementor Blog And Magazine Addons ele-blog allows PHP Local File Inclusion.This issue affects Eleblog β Elementor Blog And Magazine Addons: from n/a through <β¦