7.1
CVE-2025-52778 - WordPress xili-dictionary plugin <= 2.12.5.2 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michel - xiligroup dev xili-dictionary xili-dictionary allows Reflected XSS.This issue affects xili-dictionary: from n/a through <= 2.12.5.2.
7.1
CVE-2025-52799 - WordPress LMS theme <= 9.2 - Reflected Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes LMS lms allows Reflected XSS.This issue affects LMS: from n/a through <= 9.2.
8.1
CVE-2025-52808 - WordPress RealtyElite theme <= 1.0.0 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in real-web RealtyElite realtyelite allows PHP Local File Inclusion.This issue affects RealtyElite: from n/a through <= 1.0.0.
8.1
CVE-2025-52809 - WordPress National Weather Service Alerts plugin <= 1.3.5 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in John Russell National Weather Service Alerts national-weather-service-alerts allows PHP Local File Inclusion.This issue affects National Weather Service Alerts: from n/a through โฆ
8.1
CVE-2025-52810 - WordPress Katerio - Magazine theme <= 1.5.1 - Local File Inclusion Vulnerability
Path Traversal vulnerability in TMRW-studio Katerio - Magazine allows PHP Local File Inclusion. This issue affects Katerio - Magazine: from n/a through 1.5.1.
8.1
CVE-2025-52811 - WordPress Davenport - Versatile Blog and Magazine WordPress Theme <= 1.3 - Local File Inclusion Vulโฆ
Path Traversal: '.../...//' vulnerability in Creanncy Davenport - Versatile Blog and Magazine WordPress Theme davenport allows PHP Local File Inclusion.This issue affects Davenport - Versatile Blog and Magazine WordPress Theme: from n/a through <= 1.3.
8.1
CVE-2025-52812 - WordPress Domnoo theme <= 1.49 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusWP Domnoo domnoo allows PHP Local File Inclusion.This issue affects Domnoo: from n/a through <= 1.49.
8.1
CVE-2025-52814 - WordPress BRW plugin <= 1.8.8 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme BRW ova-brw allows PHP Local File Inclusion.This issue affects BRW: from n/a through <= 1.8.7.
8.1
CVE-2025-52815 - WordPress CityGov theme <= 1.9 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes CityGov citygov allows PHP Local File Inclusion.This issue affects CityGov: from n/a through <= 1.9.
8.1
CVE-2025-52816 - WordPress Zita theme <= 1.6.5 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themehunk Zita zita allows PHP Local File Inclusion.This issue affects Zita: from n/a through <= 1.6.5.