7.5
CVE-2025-39364 - WordPress Product Category Slider for WooCommerce plugin <= 4.3.4 - Local File Inclusion vulnerabilβ¦
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PluginEver Product Category Slider for WooCommerce woo-category-slider-by-pluginever allows PHP Local File Inclusion.This issue affects Product Category Slider for WooCommerce: fβ¦
8.8
CVE-2025-47576 - WordPress Bimber - Viral Magazine WordPress Theme theme <= 9.2.5 - Local File Inclusion vulnerabiliβ¦
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Bringthepixel Bimber - Viral Magazine WordPress Theme.This issue affects Bimber - Viral Magazine WordPress Theme: from n/a through 9.2.5.
5.4
CVE-2025-47583 - WordPress Salon booking system plugin <= 10.16 - CSRF to Arbitrary Content Deletion vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Dimitri Grassi Salon booking system salon-booking-system allows Cross Site Request Forgery.This issue affects Salon booking system: from n/a through <= 10.16.
6.5
CVE-2025-32920 - WordPress TI WooCommerce Wishlist plugin <= 2.10.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in templateinvaders TI WooCommerce Wishlist ti-woocommerce-wishlist allows Stored XSS.This issue affects TI WooCommerce Wishlist: from n/a through <= 2.10.0.
6
CVE-2025-4876 - Hardcoded Key Revealed in ConnectWise Password Encryption Utility
ConnectWise-Password-Encryption-Utility.exe in ConnectWise Risk Assessment allows an attacker to extract a hardcoded AES decryption key via reverse engineering. This key is embedded in plaintext within the binary and used in cryptographic operations without dynamic key management. Once obtained theβ¦
7.1
CVE-2025-23988 - WordPress ghostwriter theme <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bruno Cavalcante Ghostwriter allows Reflected XSS.This issue affects Ghostwriter: from n/a through 1.4.
7.1
CVE-2025-23986 - WordPress Tiki Time theme <= 1.3 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fyrewurks Tiki Time allows Reflected XSS.This issue affects Tiki Time: from n/a through 1.3.
7.1
CVE-2025-23983 - WordPress Tijaji theme <= 1.43 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tijaji Tijaji tijaji allows Reflected XSS.This issue affects Tijaji: from n/a through <= 1.43.
7.6
CVE-2025-26621 - OpenCTI vulnerable to Denial of Service through web hook
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.5.2, any user with the capability manage customizations can edit webhook that will execute javascript code. This can be abused to cause a denial of service attack by prototype polβ¦
7.1
CVE-2025-23981 - WordPress CarZine theme <= 1.4.6 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Takimi Themes CarZine allows Reflected XSS.This issue affects CarZine: from n/a through 1.4.6.