7.5
CVE-2025-67925 - WordPress Corpkit theme <= 2.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in zozothemes Corpkit corpkit allows PHP Local File Inclusion.This issue affects Corpkit: from n/a through <= 2.0.
9.9
CVE-2025-67924 - WordPress Corpkit theme <= 2.0 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Corpkit corpkit allows Upload a Web Shell to a Web Server.This issue affects Corpkit: from n/a through <= 2.0.
7.1
CVE-2025-67922 - WordPress Grand Restaurant theme < 7.0.9 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Reflected XSS.This issue affects Grand Restaurant: from n/a through < 7.0.9.
8.5
CVE-2025-67921 - WordPress Lobo theme < 2.8.6 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VanKarWai Lobo lobo allows Blind SQL Injection.This issue affects Lobo: from n/a through < 2.8.6.
8.1
CVE-2025-67920 - WordPress Neo Ocular theme < 1.2 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Neo Ocular neoocular allows PHP Local File Inclusion.This issue affects Neo Ocular: from n/a through < 1.2.
6.5
CVE-2025-67919 - WordPress Woffice Core plugin <= 5.4.30 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in WofficeIO Woffice Core woffice-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woffice Core: from n/a through <= 5.4.30.
7.1
CVE-2025-67918 - WordPress Woffice theme <= 5.4.30 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WofficeIO Woffice woffice allows Reflected XSS.This issue affects Woffice: from n/a through <= 5.4.30.
6.5
CVE-2025-67917 - WordPress Traveler theme <= 3.2.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in shinetheme Traveler traveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Traveler: from n/a through <= 3.2.6.
7.1
CVE-2025-67916 - WordPress Jobify theme <= 4.3.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Astoundify Jobify jobify allows Reflected XSS.This issue affects Jobify: from n/a through <= 4.3.0.
8.8
CVE-2025-67915 - WordPress Timetics plugin <= 1.0.46 - Broken Authentication vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in Arraytics Timetics timetics allows Authentication Abuse.This issue affects Timetics: from n/a through <= 1.0.46.