7.5
CVE-2025-32154 - WordPress Catch Dark Mode plugin <= 2.0.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Catch Themes Catch Dark Mode catch-dark-mode allows PHP Local File Inclusion.This issue affects Catch Dark Mode: from n/a through <= 2.0.1.
7.5
CVE-2025-32153 - WordPress VG WooCarousel plugin <= 1.3 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in vinagecko VG WooCarousel vg-woocarousel allows PHP Local File Inclusion.This issue affects VG WooCarousel: from n/a through <= 1.3.
7.5
CVE-2025-32152 - WordPress Slider a SlidersPack Plugin <= 2.3 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Essential Plugin Slider a SlidersPack sliderspack-all-in-one-image-sliders allows PHP Local File Inclusion.This issue affects Slider a SlidersPack: from n/a through <= 2.3.
7.5
CVE-2025-32151 - WordPress BuddyForms Plugin <= 2.9.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themekraft BuddyForms buddyforms allows PHP Local File Inclusion.This issue affects BuddyForms: from n/a through <= 2.9.0.
7.5
CVE-2025-32150 - WordPress Real Estate Manager plugin <= 7.3 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Rameez Iqbal Real Estate Manager real-estate-manager allows PHP Local File Inclusion.This issue affects Real Estate Manager: from n/a through <= 7.3.
8.5
CVE-2025-32149 - WordPress teachPress plugin <= 9.0.11 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in winkm89 teachPress teachpress allows SQL Injection.This issue affects teachPress: from n/a through <= 9.0.11.
8.5
CVE-2025-32148 - WordPress Daisycon prijsvergelijkers plugin <= 4.8.4 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Daisycon Daisycon prijsvergelijkers daisycon allows SQL Injection.This issue affects Daisycon prijsvergelijkers: from n/a through <= 4.8.4.
8.8
CVE-2025-32147 - WordPress Easy WP Optimizer Plugin <= 1.1.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in coothemes Easy WP Optimizer easy-wp-optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy WP Optimizer: from n/a through <= 1.1.0.
8.8
CVE-2025-32146 - WordPress JS Job Manager plugin <= 2.0.2 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JoomSky JS Job Manager js-jobs allows PHP Local File Inclusion.This issue affects JS Job Manager: from n/a through <= 2.0.2.
8.8
CVE-2025-32142 - WordPress Motors plugin <= 1.4.71 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Stylemix Motors motors-car-dealership-classified-listings allows PHP Local File Inclusion.This issue affects Motors: from n/a through <= 1.4.71.