8.1
CVE-2025-28945 - WordPress Valen - Sport, Fashion WooCommerce WordPress Theme <= 2.4 - Local File Inclusion Vulnerabβ¦
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme Valen - Sport, Fashion WooCommerce WordPress Theme valen allows PHP Local File Inclusion.This issue affects Valen - Sport, Fashion WooCommerce WordPress Theme: from n/a β¦
8.1
CVE-2025-28992 - WordPress SNS Anton theme <= 4.1 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme SNS Anton snsanton allows PHP Local File Inclusion.This issue affects SNS Anton: from n/a through <= 4.1.
8.8
CVE-2025-31019 - WordPress Password Policy Manager plugin <= 2.0.4 - Account Takeover vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Password Policy Manager password-policy-manager allows Authentication Abuse.This issue affects Password Policy Manager: from n/a through <= 2.0.4.
9.8
CVE-2025-31022 - WordPress PayU India plugin < 3.8.8 - Account Takeover vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in PayU India PayU India payu-india allows Authentication Abuse.This issue affects PayU India: from n/a through < 3.8.8.
9.1
CVE-2025-31039 - WordPress Category Icon plugin <= 1.0.3 - XML External Entity (XXE) vulnerability
Improper Restriction of XML External Entity Reference vulnerability in pixelgrade Category Icon category-icon allows XML Entity Linking.This issue affects Category Icon: from n/a through <= 1.0.3.
7.5
CVE-2025-31045 - WordPress elfsight Contact Form widget plugin <= 2.3.1 - Sensitive Data Exposure Vulnerability
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in elfsight elfsight Contact Form widget elfsight-contact-form allows Retrieve Embedded Sensitive Data.This issue affects elfsight Contact Form widget: from n/a through <= 2.3.1.
7.5
CVE-2025-31050 - WordPress Apptha Slider Gallery plugin <= 2.5 - Arbitrary File Read vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in appthaplugins Apptha Slider Gallery apptha-slider-gallery allows Path Traversal.This issue affects Apptha Slider Gallery: from n/a through <= 2.5.
9.8
CVE-2025-31052 - WordPress The Fashion - Model Agency One Page Beauty Theme plugin <= 1.4.4 - Deserialization of untβ¦
Deserialization of Untrusted Data vulnerability in themeton The Fashion - Model Agency One Page Beauty Theme nrgfashion allows Object Injection.This issue affects The Fashion - Model Agency One Page Beauty Theme: from n/a through <= 1.4.4.
7.1
CVE-2025-31057 - WordPress Universal Video Player plugin <= 1.4.0 - Reflected Cross Site Scripting (XSS) vulnerabiliβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Universal Video Player elementor_widget_universal_video_player allows Reflected XSS.This issue affects Universal Video Player: from n/a through <= 1.4.0.
7.1
CVE-2025-31058 - WordPress Revolution Video Player plugin <= 2.9.2 - Reflected Cross Site Scripting (XSS) vulnerabilβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Revolution Video Player revolution_video_player allows Reflected XSS.This issue affects Revolution Video Player: from n/a through <= 2.9.2.