0.0
CVE-2025-32298 - WordPress CTUsers plugin <= 1.0.0 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Case-Themes CTUsers ctuser allows PHP Local File Inclusion.This issue affects CTUsers: from n/a through <= 1.0.0.
9.8
CVE-2025-39474 - WordPress Amely theme <= 3.1.4 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThemeMove Amely amely allows SQL Injection.This issue affects Amely: from n/a through <= 3.1.4.
7.1
CVE-2025-39478 - WordPress Smart Notification Plugin <= 10.3 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in smartiolabs Smart Notification allows Reflected XSS. This issue affects Smart Notification: from n/a through 10.3.
0.0
CVE-2025-39488 - WordPress MagOne theme <= 8.8 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sneeit MagOne magone allows Reflected XSS.This issue affects MagOne: from n/a through <= 8.8.
7.1
CVE-2025-47574 - WordPress School Management System Plugin <= 92.0.0 - Reflected Cross Site Scripting (XSS) vulnerabβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mojoomla School Management allows Reflected XSS. This issue affects School Management: from n/a through 92.0.0.
0.0
CVE-2025-47654 - WordPress FormLift for Infusionsoft Web Forms plugin <= 7.5.20 - Reflected Cross Site Scripting (XSβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms formlift allows Reflected XSS.This issue affects FormLift for Infusionsoft Web Forms: from n/a through <= 7.5.20.
0.0
CVE-2025-49290 - WordPress Off-Canvas Sidebars & Menus (Slidebars) plugin <= 0.5.8.4 - Reflected Cross Site Scriptinβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jory Hogeveen Off-Canvas Sidebars & Menus (Slidebars) off-canvas-sidebars allows Reflected XSS.This issue affects Off-Canvas Sidebars & Menus (Slidebars): from n/a through <= 0.5.8.4.
6.1
CVE-2025-49321 - WordPress Eventin plugin <= 4.0.28 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arraytics Eventin wp-event-solution allows Reflected XSS.This issue affects Eventin: from n/a through <= 4.0.28.
0.0
CVE-2025-49883 - WordPress Greenmart theme <= 4.2.3 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Greenmart greenmart allows PHP Local File Inclusion.This issue affects Greenmart: from n/a through <= 4.2.3.
0.0
CVE-2025-49885 - WordPress Drag and Drop Multiple File Upload (Pro) - WooCommerce plugin <= 5.0.6 - Arbitrary File Uβ¦
Unrestricted Upload of File with Dangerous Type vulnerability in HaruTheme Drag and Drop Multiple File Upload (Pro) - WooCommerce drag-and-drop-file-upload-wc-pro allows Upload a Web Shell to a Web Server.This issue affects Drag and Drop Multiple File Upload (Pro) - WooCommerce: from n/a through <=β¦