9.3
CVE-2025-52832 - WordPress NGG Smart Image Search plugin <= 3.4.1 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpo-HR NGG Smart Image Search ngg-smart-image-search allows SQL Injection.This issue affects NGG Smart Image Search: from n/a through <= 3.4.1.
9.3
CVE-2025-52833 - WordPress LMS theme <= 9.2 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in designthemes LMS lms allows SQL Injection.This issue affects LMS: from n/a through <= 9.2.
8.1
CVE-2025-4414 - WordPress CMSMasters Content Composer plugin < 2.5.7 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in cmsmasters CMSMasters Content Composer cmsmasters-content-composer allows PHP Local File Inclusion.This issue affects CMSMasters Content Composer: from n/a through < 2.5.7.
7.5
CVE-2025-49070 - WordPress Elessi < 6.4.1 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NasaTheme Elessi elessi-theme allows PHP Local File Inclusion.This issue affects Elessi: from n/a through < 6.4.1.
10
CVE-2025-49414 - WordPress FW Gallery plugin <= 8.0.0 - Arbitrary File Upload Vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Fastw3b LLC FW Gallery fw-gallery allows Using Malicious Files.This issue affects FW Gallery: from n/a through <= 8.0.0.
9.8
CVE-2025-49417 - WordPress WooCommerce Product Multi-Action plugin <= 1.3 - Deserialization of untrusted data Vulnerβ¦
Deserialization of Untrusted Data vulnerability in BestWpDeveloper WooCommerce Product Multi-Action Woo-product-multiaction allows Object Injection.This issue affects WooCommerce Product Multi-Action: from n/a through <= 1.3.
7.2
CVE-2025-49418 - WordPress Allmart plugin <= 1.0.0 - Server Side Request Forgery (SSRF) Vulnerability
Server-Side Request Forgery (SSRF) vulnerability in TeconceTheme Allmart allmart-core allows Server Side Request Forgery.This issue affects Allmart: from n/a through <= 1.0.0.
6.5
CVE-2025-49431 - WordPress MF Plus WPML plugin <= 1.1 - Settings Change Vulnerability
Missing Authorization vulnerability in Gnuget MF Plus WPML mf-plus-wpml allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MF Plus WPML: from n/a through <= 1.1.
2.1
CVE-2025-7060 - Monitorr Installer mkdbajax.php input validation
A vulnerability was found in Monitorr up to 1.7.6m. It has been classified as problematic. This affects an unknown part of the file assets/config/_installation/mkdbajax.php of the component Installer. The manipulation of the argument datadir leads to improper input validation. It is possible to iniβ¦
7.5
CVE-2025-5920 - Sharable Password Protected Posts < 1.1.1 - Unauthenticated Password Protect Post Access
The Sharable Password Protected Posts before version 1.1.1 allows access to password protected posts by providing a secret key in a GET parameter. However, the key is exposed by the REST API.