0.0
CVE-2025-49398 - WordPress Easy Appointments plugin <= 3.12.14 - Content Injection vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Easy Appointments Easy Appointments easy-appointments allows Code Injection.This issue affects Easy Appointments: from n/a through <= 3.12.14.
0.0
CVE-2025-49394 - WordPress Image Gallery block β Create and display photo gallery/photo album. plugin <= 1.0.7 - Broβ¦
Missing Authorization vulnerability in bPlugins Image Gallery block β Create and display photo gallery/photo album. 3d-image-gallery allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Image Gallery block β Create and display photo gallery/photo album.: from n/a throuβ¦
0.0
CVE-2025-49393 - WordPress Sign-up Sheets Plugin <= 2.3.2 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in Fetch Designs Sign-up Sheets sign-up-sheets allows Object Injection.This issue affects Sign-up Sheets: from n/a through <= 2.3.2.
0.0
CVE-2025-49390 - WordPress Cookie Notice & Consent plugin <= 1.6.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in christophrado Cookie Notice & Consent cookie-notice-consent allows Stored XSS.This issue affects Cookie Notice & Consent: from n/a through <= 1.6.4.
0.0
CVE-2025-49386 - WordPress Preserve Code Formatting Plugin <= 4.0.1 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in Scott Reilly Preserve Code Formatting preserve-code-formatting allows Object Injection.This issue affects Preserve Code Formatting: from n/a through <= 4.0.1.
0.0
CVE-2025-49372 - WordPress HAPPY plugin <= 1.0.7 - Remote Code Execution (RCE) vulnerability
Improper Control of Generation of Code ('Code Injection') vulnerability in VillaTheme HAPPY happy-helpdesk-support-ticket-system allows Remote Code Inclusion.This issue affects HAPPY: from n/a through <= 1.0.7.
0.0
CVE-2025-48330 - WordPress Real Time Validation for Gravity Forms <= 1.7.0 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Daman Jeet Real Time Validation for Gravity Forms real-time-validation-for-gravity-forms allows PHP Local File Inclusion.This issue affects Real Time Validation for Gravity Formsβ¦
0.0
CVE-2025-48290 - WordPress Kinsley theme <= 3.4.4 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in bslthemes Kinsley kinsley allows PHP Local File Inclusion.This issue affects Kinsley: from n/a through <= 3.4.4.
8.2
CVE-2025-48090 - WordPress Blanka - One Page WordPress Theme Theme < 1.5 - Local File Inclusion Vulnerability
Path Traversal: '.../...//' vulnerability in CocoBasic Blanka - One Page WordPress Theme blanka-wp allows PHP Local File Inclusion.This issue affects Blanka - One Page WordPress Theme: from n/a through < 1.5.
0.0
CVE-2025-48089 - WordPress Education WordPress Theme | HiStudy theme < 3.1.0 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rainbow-Themes Education WordPress Theme | HiStudy histudy allows SQL Injection.This issue affects Education WordPress Theme | HiStudy: from n/a through < 3.1.0.