7.5
CVE-2025-49451 - WordPress Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery plugin …
Path Traversal: '.../...//' vulnerability in yannisraft Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery aeroscroll-gallery allows Path Traversal.This issue affects Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery: from n/a through <…
9.3
CVE-2025-49452 - WordPress PostaPanduri plugin <= 2.1.3 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Adrian Ladó PostaPanduri postapanduri allows SQL Injection.This issue affects PostaPanduri: from n/a through <= 2.1.3.
8.1
CVE-2025-49508 - WordPress CozyStay theme < 1.7.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LoftOcean CozyStay cozystay allows PHP Local File Inclusion.This issue affects CozyStay: from n/a through < 1.7.1.
8.1
CVE-2025-24761 - WordPress DSK theme < 2.4 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme DSK dsk allows PHP Local File Inclusion.This issue affects DSK: from n/a through < 2.4.
9.3
CVE-2025-24773 - WordPress WPCRM - CRM for Contact form CF7 & WooCommerce plugin <= 3.2.0 - SQL Injection Vulnerabil…
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla WPCRM - CRM for Contact form CF7 & WooCommerce wpcrm allows SQL Injection.This issue affects WPCRM - CRM for Contact form CF7 & WooCommerce: from n/a through <= 3.2.0.
7.6
CVE-2025-28972 - WordPress WP Employee Attendance System plugin <= 3.5 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Suhas Surse WP Employee Attendance System wp-employee-attendance-system allows Blind SQL Injection.This issue affects WP Employee Attendance System: from n/a through <= 3.5.
8.1
CVE-2025-28991 - WordPress Evon theme <= 3.4 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme Evon snsevon allows PHP Local File Inclusion.This issue affects Evon: from n/a through <= 3.4.
8.1
CVE-2025-29002 - WordPress Simen theme <= 4.6 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme Simen snssimen allows PHP Local File Inclusion.This issue affects Simen: from n/a through <= 4.6.
0.0
CVE-2025-30562 - WordPress Navigation Tree Elementor plugin <= 1.0.1 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdistillery Navigation Tree Elementor navigation-tree-elementor allows Blind SQL Injection.This issue affects Navigation Tree Elementor: from n/a through <= 1.0.1.
9.8
CVE-2025-30618 - WordPress Rapyd Payment Extension for WooCommerce plugin <= 1.2.0 - PHP Object Injection Vulnerabil…
Deserialization of Untrusted Data vulnerability in yuliaz Rapyd Payment Extension for WooCommerce rapyd-payments allows Object Injection.This issue affects Rapyd Payment Extension for WooCommerce: from n/a through <= 1.2.0.