0.0
CVE-2025-39468 - WordPress Modal Survey plugin <= 2.0.2.0.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in pantherius Modal Survey modal-survey.This issue affects Modal Survey: from n/a through <= 2.0.2.0.1.
0.0
CVE-2025-39467 - WordPress Wanderland theme <= 1.7.1 - Local File Inclusion Vulnerability
Path Traversal: '.../...//' vulnerability in Mikado-Themes Wanderland wanderland allows PHP Local File Inclusion.This issue affects Wanderland: from n/a through <= 1.7.1.
0.0
CVE-2025-39466 - WordPress DΓΈr theme <= 2.4 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes DΓΈr dor allows PHP Local File Inclusion.This issue affects DΓΈr: from n/a through <= 2.4.
0.0
CVE-2025-39465 - WordPress Advanced Google Maps plugin <= 5.8.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in flippercode Advanced Google Maps wp-google-map-gold allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Google Maps: from n/a through <= 5.8.4.
0.0
CVE-2025-39463 - WordPress Dessau theme < 1.9 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Dessau dessau allows PHP Local File Inclusion.This issue affects Dessau: from n/a through < 1.9.
0.0
CVE-2025-32222 - WordPress Widget Logic <= 6.0.5 - Remote Code Execution (RCE) Vulnerability
Improper Control of Generation of Code ('Code Injection') vulnerability in Widgetlogic.org Widget Logic widget-logic allows Code Injection.This issue affects Widget Logic: from n/a through <= 6.0.5.
0.0
CVE-2025-31029 - WordPress replyMail plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bingu replyMail replymail allows Stored XSS.This issue affects replyMail: from n/a through <= 1.2.0.
0.0
CVE-2025-28953 - WordPress smart SEO plugin <= 4.0 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in axiomthemes smart SEO smartSEO allows SQL Injection.This issue affects smart SEO: from n/a through <= 4.0.
0.0
CVE-2025-22288 - WordPress Smush Image Compression and Optimization plugin <= 3.17.0 - Directory Traversal vulnerabiβ¦
Path Traversal: '.../...//' vulnerability in WPMU DEV - Your All-in-One WordPress Platform Smush Image Compression and Optimization wp-smushit allows Path Traversal.This issue affects Smush Image Compression and Optimization: from n/a through <= 3.17.0.
8.7
CVE-2025-12556 - IDIS ICM Viewer Argument Injection
An argument injection vulnerability exists in the affected product that could allow an attacker to execute arbitrary code within the context of the host machine.