9.8
CVE-2025-14430 - WordPress Brook - Agency Business Creative theme <= 2.8.9 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Brook - Agency Business Creative brook allows PHP Local File Inclusion.This issue affects Brook - Agency Business Creative: from n/a through <= 2.8.9.
9.8
CVE-2025-14429 - WordPress AeroLand theme <= 1.6.6 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove AeroLand aeroland allows PHP Local File Inclusion.This issue affects AeroLand: from n/a through <= 1.6.6.
9.8
CVE-2025-14360 - WordPress Blockons plugin <= 1.2.15 - Broken Access Control vulnerability
Missing Authorization vulnerability in Kaira Blockons blockons allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blockons: from n/a through <= 1.2.15.
9.8
CVE-2025-14359 - WordPress Oshine theme <= 7.2.7 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in brandexponents Oshine oshin allows PHP Local File Inclusion.This issue affects Oshine: from n/a through <= 7.2.7.
9.8
CVE-2025-14358 - WordPress REHub Framework plugin <= 19.9.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in sizam REHub Framework rehub-framework allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects REHub Framework: from n/a through <= 19.9.5.
6.1
CVE-2025-13504 - WordPress Real Estate Pro plugin <= 2.1.4 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e-plugins Real Estate Pro real-estate-pro allows Reflected XSS.This issue affects Real Estate Pro: from n/a through <= 2.1.4.
6.1
CVE-2025-12551 - WordPress ListingHub plugin 1.2.6 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e-plugins ListingHub listinghub allows Reflected XSS.This issue affects ListingHub: from n/a through 1.2.6.
9.8
CVE-2025-12550 - WordPress OchaHouse theme <= 2.2.8 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jwsthemes OchaHouse ochahouse allows PHP Local File Inclusion.This issue affects OchaHouse: from n/a through <= 2.2.8.
9.8
CVE-2025-12549 - WordPress Rozy - Flower Shop theme <= 1.2.25 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magentech Rozy - Flower Shop rozy allows PHP Local File Inclusion.This issue affects Rozy - Flower Shop: from n/a through <= 1.2.25.
5.1
CVE-2026-0701 - code-projects Intern Membership Management System add_admin.php sql injection
A vulnerability was identified in code-projects Intern Membership Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /intern/admin/add_admin.php. The manipulation of the argument Username leads to sql injection. The attack is possible to be carried out remβ¦