9.9
CVE-2025-26892 - WordPress Celestial Aura plugin <= 2.2 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in dkszone Celestial Aura allows Using Malicious Files.This issue affects Celestial Aura: from n/a through 2.2.
9.9
CVE-2025-26872 - WordPress Eximius theme <= 2.2 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in dkszone Eximius allows Using Malicious Files.This issue affects Eximius: from n/a through 2.2.
7.5
CVE-2025-26735 - WordPress Grip theme <= 1.0.9 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Candid themes Grip.This issue affects Grip: from n/a through 1.0.9.
5.4
CVE-2025-22287 - WordPress LTL Freight Quotes β FreightQuote Edition plugin <= 2.3.11 - Broken Access Control vulnerβ¦
Missing Authorization vulnerability in enituretechnology LTL Freight Quotes β FreightQuote Edition ltl-freight-quotes-freightquote-edition allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LTL Freight Quotes β FreightQuote Edition: from n/a through <= 2.3.11.
9.9
CVE-2025-47282 - Malicious google credential in DNS secret can lead to privilege escalation
Gardener External DNS Management is an environment to manage external DNS entries for a kubernetes cluster. A security vulnerability was discovered in Gardener's External DNS Management prior to version 0.23.6 that could allow a user with administrative privileges for a Gardener project or a user wβ¦
6.5
CVE-2025-39448 - WordPress JetElements For Elementor plugin <= 2.7.4.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor jet-elements allows Stored XSS.This issue affects JetElements For Elementor: from n/a through <= 2.7.4.1.
6.5
CVE-2025-39450 - WordPress JetTabs plugin <= 2.2.7 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetTabs jet-tabs allows DOM-Based XSS.This issue affects JetTabs: from n/a through <= 2.2.7.
4.3
CVE-2025-39454 - WordPress Name Directory plugin <= 1.30.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Jeroen Peters Name Directory name-directory.This issue affects Name Directory: from n/a through <= 1.30.0.
5.3
CVE-2025-39460 - WordPress Eduma theme <= 5.6.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in ThimPress Eduma eduma allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eduma: from n/a through <= 5.6.4.
7.6
CVE-2025-43833 - WordPress Absolute Links plugin <= 1.1.1 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Amir Helzer Absolute Links absolute-links allows Blind SQL Injection.This issue affects Absolute Links: from n/a through <= 1.1.1.