9.8
CVE-2025-39467 - WordPress Wanderland theme <= 1.7.1 - Local File Inclusion Vulnerability
Path Traversal: '.../...//' vulnerability in Mikado-Themes Wanderland wanderland allows PHP Local File Inclusion.This issue affects Wanderland: from n/a through <= 1.7.1.
9.8
CVE-2025-39466 - WordPress DΓΈr theme <= 2.4 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes DΓΈr dor allows PHP Local File Inclusion.This issue affects DΓΈr: from n/a through <= 2.4.
8.1
CVE-2025-39465 - WordPress Advanced Google Maps plugin <= 5.8.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in flippercode Advanced Google Maps wp-google-map-gold allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Google Maps: from n/a through <= 5.8.4.
9.8
CVE-2025-39463 - WordPress Dessau theme < 1.9 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Dessau dessau allows PHP Local File Inclusion.This issue affects Dessau: from n/a through < 1.9.
9.8
CVE-2025-32222 - WordPress Widget Logic <= 6.0.5 - Remote Code Execution (RCE) Vulnerability
Improper Control of Generation of Code ('Code Injection') vulnerability in Widgetlogic.org Widget Logic widget-logic allows Code Injection.This issue affects Widget Logic: from n/a through <= 6.0.5.
5.4
CVE-2025-31029 - WordPress replyMail plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bingu replyMail replymail allows Stored XSS.This issue affects replyMail: from n/a through <= 1.2.0.
0.0
CVE-2025-28953 - WordPress smart SEO plugin <= 4.0 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in axiomthemes smart SEO smartSEO allows SQL Injection.This issue affects smart SEO: from n/a through <= 4.0.
0.0
CVE-2025-22288 - WordPress Smush Image Compression and Optimization plugin <= 3.17.0 - Directory Traversal vulnerabiβ¦
Path Traversal: '.../...//' vulnerability in WPMU DEV - Your All-in-One WordPress Platform Smush Image Compression and Optimization wp-smushit allows Path Traversal.This issue affects Smush Image Compression and Optimization: from n/a through <= 3.17.0.
8.7
CVE-2025-12556 - IDIS ICM Viewer Argument Injection
An argument injection vulnerability exists in the affected product that could allow an attacker to execute arbitrary code within the context of the host machine.
8.9
CVE-2025-11956 - XSS in Proliz's OBS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Proliz Software Ltd. Co. OBS (Student Affairs Information System) allows Stored XSS.This issue affects OBS (Student Affairs Information System): before 25.0401.