10
CVE-2025-32510 - WordPress Ovatheme Events Manager plugin <= 1.7.5 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in ovatheme Ovatheme Events Manager allows Using Malicious Files. This issue affects Ovatheme Events Manager: from n/a through 1.7.5.
7.5
CVE-2025-32549 - WordPress WPGYM <= 65.0 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in mojoomla WPGYM allows PHP Local File Inclusion. This issue affects WPGYM: from n/a through 65.0.
9.3
CVE-2025-39479 - WordPress Smart Notification Plugin <= 10.3 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in smartiolabs Smart Notification allows Blind SQL Injection. This issue affects Smart Notification: from n/a through 10.3.
8.5
CVE-2025-39486 - WordPress Rankie plugin < 1.8.2 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Rankie allows SQL Injection. This issue affects Rankie: from n/a through n/a.
7.1
CVE-2025-39508 - WordPress Nasa Core Plugin <= 6.3.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NasaTheme Nasa Core allows Reflected XSS. This issue affects Nasa Core: from n/a through 6.3.2.
9.9
CVE-2025-47452 - WordPress WP VR <= 8.5.26 - Arbitrary File Upload Vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in RexTheme WP VR allows Upload a Web Shell to a Web Server. This issue affects WP VR: from n/a through 8.5.26.
9.9
CVE-2025-47559 - WordPress MapSVG plugin <= 8.5.32 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG allows Upload a Web Shell to a Web Server. This issue affects MapSVG: from n/a through 8.5.32.
7.5
CVE-2025-47572 - WordPress School Management <= 93.0.0 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in mojoomla School Management allows PHP Local File Inclusion. This issue affects School Management: from n/a through 93.0.0.
9.3
CVE-2025-47573 - WordPress School Management System Plugin <= 92.0.0 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla School Management allows Blind SQL Injection. This issue affects School Management: from n/a through 92.0.0.
8.5
CVE-2025-48118 - WordPress Woocommerce Partial Shipment <= 3.2 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WpExperts Hub Woocommerce Partial Shipment allows SQL Injection. This issue affects Woocommerce Partial Shipment: from n/a through 3.2.