9.8
CVE-2025-52816 - WordPress Zita theme <= 1.6.5 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themehunk Zita zita allows PHP Local File Inclusion.This issue affects Zita: from n/a through <= 1.6.5.
0.0
CVE-2025-52817 - WordPress Abandoned Contact Form 7 plugin <= 2.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in ZealousWeb Abandoned Contact Form 7 abandoned-contact-form-7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Abandoned Contact Form 7: from n/a through <= 2.2.
0.0
CVE-2025-52818 - WordPress Trusty Whistleblowing plugin <= 2.0.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Dejan Jasnic Trusty Whistleblowing trusty-whistleblowing-solution allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trusty Whistleblowing: from n/a through <= 2.0.1.
0.0
CVE-2025-52824 - WordPress Mobile DJ Manager plugin <= 1.7.8.3 - Privilege Escalation vulnerability
Missing Authorization vulnerability in MDJM Mobile DJ Manager mobile-dj-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mobile DJ Manager: from n/a through <= 1.7.8.3.
8.8
CVE-2025-52826 - WordPress Sala theme <= 1.1.3 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in uxper Sala allows Object Injection. This issue affects Sala: from n/a through 1.1.3.
0.0
CVE-2025-52827 - WordPress Nuss theme <= 1.3.3 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in uxper Nuss nuss allows Object Injection.This issue affects Nuss: from n/a through <= 1.3.3.
0.0
CVE-2025-52829 - WordPress DirectIQ Email Marketing plugin <= 2.0 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in DirectIQ DirectIQ Email Marketing directiq-wp allows SQL Injection.This issue affects DirectIQ Email Marketing: from n/a through <= 2.0.
0.0
CVE-2025-52834 - WordPress Homey theme <= 2.4.7 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in favethemes Homey homey allows SQL Injection.This issue affects Homey: from n/a through <= 2.4.7.
8.1
CVE-2023-25998 - WordPress Samex - Clean, Minimal Shop WooCommerce WordPress Theme <= 2.6 - Local File Inclusion Vulβ¦
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme Samex - Clean, Minimal Shop WooCommerce WordPress Theme allows PHP Local File Inclusion. This issue affects Samex - Clean, Minimal Shop WooCommerce WordPress Theme: fromβ¦
0.0
CVE-2025-23967 - WordPress GG Bought Together for WooCommerce plugin <= 1.0.2 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpopal GG Bought Together for WooCommerce gg-bought-together allows SQL Injection.This issue affects GG Bought Together for WooCommerce: from n/a through <= 1.0.2.