9.3
CVE-2025-31397 - WordPress Bus Ticket Booking with Seat Reservation for WooCommerce plugin <= 1.7 - SQL Injection vuβ¦
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in smartcms Bus Ticket Booking with Seat Reservation for WooCommerce scw-bus-seat-reservation allows SQL Injection.This issue affects Bus Ticket Booking with Seat Reservation for WooCommerce: from n/aβ¦
9.8
CVE-2025-31423 - WordPress Umberto theme <= 1.2.8 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in AncoraThemes Umberto umberto allows Object Injection.This issue affects Umberto: from n/a through <= 1.2.8.
9.8
CVE-2025-31430 - WordPress The Business <= 1.6.1 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in themeton The Business allows Object Injection. This issue affects The Business: from n/a through 1.6.1.
9.8
CVE-2025-31631 - WordPress Fish House theme <= 1.2.7 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in AncoraThemes Fish House fish-house allows Object Injection.This issue affects Fish House: from n/a through <= 1.2.7.
8.1
CVE-2025-31632 - WordPress La Boom <= 2.7 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SpyroPress La Boom allows PHP Local File Inclusion. This issue affects La Boom: from n/a through 2.7.
8.1
CVE-2025-31633 - WordPress Kiamo - Responsive Business Service WordPress Theme <= 1.3.3 - Local File Inclusion Vulneβ¦
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Kiamo - Responsive Business Service WordPress Theme allows PHP Local File Inclusion. This issue affects Kiamo - Responsive Business Service WordPress Theme: from n/a throuβ¦
7.1
CVE-2025-31636 - WordPress WP Post Modules for Elementor plugin <= 2.5.0 - Reflected Cross Site Scripting (XSS) vulnβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SaurabhSharma WP Post Modules for Elementor wp-post-modules-el allows Reflected XSS.This issue affects WP Post Modules for Elementor: from n/a through <= 2.5.0.
8.1
CVE-2025-31912 - WordPress Enzio - Responsive Business WordPress Theme theme < 1.2.6 - Local File Inclusion vulnerabβ¦
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Enzio - Responsive Business WordPress Theme enzio allows PHP Local File Inclusion.This issue affects Enzio - Responsive Business WordPress Theme: from n/a through < 1.2.6.
8.1
CVE-2025-31913 - WordPress Ogami theme <= 1.53 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme Ogami ogami allows PHP Local File Inclusion.This issue affects Ogami: from n/a through <= 1.53.
9.3
CVE-2025-31914 - WordPress Pixel Form BuilderPlugin & Autoresponder plugin <= 1.0.2 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav Pixel WordPress Form BuilderPlugin & Autoresponder pixel-formbuilder allows Blind SQL Injection.This issue affects Pixel WordPress Form BuilderPlugin & Autoresponder: from n/a through β¦