0.0
CVE-2025-49386 - WordPress Preserve Code Formatting Plugin <= 4.0.1 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in Scott Reilly Preserve Code Formatting preserve-code-formatting allows Object Injection.This issue affects Preserve Code Formatting: from n/a through <= 4.0.1.
0.0
CVE-2025-49372 - WordPress HAPPY plugin <= 1.0.7 - Remote Code Execution (RCE) vulnerability
Improper Control of Generation of Code ('Code Injection') vulnerability in VillaTheme HAPPY happy-helpdesk-support-ticket-system allows Remote Code Inclusion.This issue affects HAPPY: from n/a through <= 1.0.7.
0.0
CVE-2025-48330 - WordPress Real Time Validation for Gravity Forms <= 1.7.0 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Daman Jeet Real Time Validation for Gravity Forms real-time-validation-for-gravity-forms allows PHP Local File Inclusion.This issue affects Real Time Validation for Gravity Formsβ¦
0.0
CVE-2025-48290 - WordPress Kinsley theme <= 3.4.4 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in bslthemes Kinsley kinsley allows PHP Local File Inclusion.This issue affects Kinsley: from n/a through <= 3.4.4.
8.2
CVE-2025-48090 - WordPress Blanka - One Page WordPress Theme Theme < 1.5 - Local File Inclusion Vulnerability
Path Traversal: '.../...//' vulnerability in CocoBasic Blanka - One Page WordPress Theme blanka-wp allows PHP Local File Inclusion.This issue affects Blanka - One Page WordPress Theme: from n/a through < 1.5.
0.0
CVE-2025-48089 - WordPress Education WordPress Theme | HiStudy theme < 3.1.0 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rainbow-Themes Education WordPress Theme | HiStudy histudy allows SQL Injection.This issue affects Education WordPress Theme | HiStudy: from n/a through < 3.1.0.
0.0
CVE-2025-48086 - WordPress Ajax Search Lite plugin <= 4.13.3 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in wpdreams Ajax Search Lite ajax-search-lite allows Object Injection.This issue affects Ajax Search Lite: from n/a through <= 4.13.3.
0.0
CVE-2025-48085 - WordPress Simple Stripe plugin <= 0.9.17 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerabβ¦
Cross-Site Request Forgery (CSRF) vulnerability in ZIPANG Simple Stripe simple-stripe allows Stored XSS.This issue affects Simple Stripe: from n/a through <= 0.9.17.
0.0
CVE-2025-48083 - WordPress wpNamedUsers plugin <= 0.5 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in andriassundskard wpNamedUsers wpnamedusers allows Stored XSS.This issue affects wpNamedUsers: from n/a through <= 0.5.
0.0
CVE-2025-48078 - WordPress Slick Google Map plugin <= 0.3 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerabβ¦
Cross-Site Request Forgery (CSRF) vulnerability in Norbert Slick Google Map slick-google-map allows Stored XSS.This issue affects Slick Google Map: from n/a through <= 0.3.