7.1
CVE-2025-30988 - WordPress Elite Video Player plugin <= 10.0.5 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in _CreativeMedia_ Elite Video Player elite-video-player allows Stored XSS.This issue affects Elite Video Player: from n/a through <= 10.0.5.
9.8
CVE-2025-31919 - WordPress Spare <= 1.7 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in themeton Spare allows Object Injection. This issue affects Spare: from n/a through 1.7.
10
CVE-2025-32510 - WordPress Ovatheme Events Manager plugin <= 1.8.4 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in ovatheme Ovatheme Events Manager ova-events-manager allows Using Malicious Files.This issue affects Ovatheme Events Manager: from n/a through <= 1.8.4.
7.5
CVE-2025-32549 - WordPress WPGYM <= 65.0 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in mojoomla WPGYM allows PHP Local File Inclusion. This issue affects WPGYM: from n/a through 65.0.
9.3
CVE-2025-39479 - WordPress Smart Notification Plugin <= 10.3 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in smartiolabs Smart Notification allows Blind SQL Injection. This issue affects Smart Notification: from n/a through 10.3.
8.5
CVE-2025-39486 - WordPress Rankie plugin < 1.8.2 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Rankie valvepress-rankie allows SQL Injection.This issue affects Rankie: from n/a through < 1.8.2.
7.1
CVE-2025-39508 - WordPress Nasa Core Plugin <= 6.4.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NasaTheme Nasa Core nasa-core allows Reflected XSS.This issue affects Nasa Core: from n/a through <= 6.4.4.
9.9
CVE-2025-47452 - WordPress WP VR plugin <= 8.5.26 - Arbitrary File Upload Vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in RexTheme WP VR wpvr allows Upload a Web Shell to a Web Server.This issue affects WP VR: from n/a through <= 8.5.26.
9.9
CVE-2025-47559 - WordPress MapSVG plugin < 8.7.4 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG mapsvg allows Upload a Web Shell to a Web Server.This issue affects MapSVG: from n/a through < 8.7.4.
7.5
CVE-2025-47572 - WordPress School Management <= 93.0.0 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in mojoomla School Management allows PHP Local File Inclusion. This issue affects School Management: from n/a through 93.0.0.