9.3
CVE-2025-31056 - WordPress WhatsCart plugin <= 1.1.0 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Techspawn WhatsCart - Whatsapp Abandoned Cart Recovery, Order Notifications, Chat Box, OTP for WooCommerce WhatsCart-for-WooCommerce allows SQL Injection.This issue affects WhatsCart - Whatsapp Abaβ¦
8.1
CVE-2025-31060 - WordPress Capie theme <= 1.0.40 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme Capie capie allows PHP Local File Inclusion.This issue affects Capie: from n/a through <= 1.0.40.
8.1
CVE-2025-31064 - WordPress Vizeon theme < 1.2.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Vizeon - Business Consulting vizeon allows PHP Local File Inclusion.This issue affects Vizeon - Business Consulting: from n/a through < 1.2.1.
9.8
CVE-2025-31069 - WordPress HotStar β Multi-Purpose Business Theme <= 1.4 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in themeton HotStar β Multi-Purpose Business Theme allows Object Injection. This issue affects HotStar β Multi-Purpose Business Theme: from n/a through 1.4.
9.3
CVE-2025-31397 - WordPress Bus Ticket Booking with Seat Reservation for WooCommerce plugin <= 1.7 - SQL Injection vuβ¦
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in smartcms Bus Ticket Booking with Seat Reservation for WooCommerce scw-bus-seat-reservation allows SQL Injection.This issue affects Bus Ticket Booking with Seat Reservation for WooCommerce: from n/aβ¦
9.8
CVE-2025-31423 - WordPress Umberto theme <= 1.2.8 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in AncoraThemes Umberto umberto allows Object Injection.This issue affects Umberto: from n/a through <= 1.2.8.
9.8
CVE-2025-31430 - WordPress The Business <= 1.6.1 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in themeton The Business allows Object Injection. This issue affects The Business: from n/a through 1.6.1.
9.8
CVE-2025-31631 - WordPress Fish House theme <= 1.2.7 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in AncoraThemes Fish House fish-house allows Object Injection.This issue affects Fish House: from n/a through <= 1.2.7.
8.1
CVE-2025-31632 - WordPress La Boom <= 2.7 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SpyroPress La Boom allows PHP Local File Inclusion. This issue affects La Boom: from n/a through 2.7.
8.1
CVE-2025-31633 - WordPress Kiamo - Responsive Business Service WordPress Theme <= 1.3.3 - Local File Inclusion Vulneβ¦
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Kiamo - Responsive Business Service WordPress Theme allows PHP Local File Inclusion. This issue affects Kiamo - Responsive Business Service WordPress Theme: from n/a throuβ¦