4.9
CVE-2025-46443 - WordPress Animate plugin <= 0.5 - Server Side Request Forgery (SSRF) Vulnerability
Server-Side Request Forgery (SSRF) vulnerability in Adam Pery Animate animate allows Server Side Request Forgery.This issue affects Animate: from n/a through <= 0.5.
4.3
CVE-2025-46436 - WordPress SCSS-Library plugin <= 0.4.1 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Sebastian Echeverry SCSS-Library scss-library allows Cross Site Request Forgery.This issue affects SCSS-Library: from n/a through <= 0.4.1.
7.4
CVE-2025-46439 - WordPress Plugin Central plugin <= 2.5.1 - CSRF to Arbitrary File Deletion vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Vladimir Prelovac Plugin Central plugin-central allows Path Traversal.This issue affects Plugin Central: from n/a through <= 2.5.1.
7.1
CVE-2025-46435 - WordPress Time Based Greeting plugin <= 2.2.2 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Yash Binani Time Based Greeting time-based-greeting allows Stored XSS.This issue affects Time Based Greeting: from n/a through <= 2.2.2.
7.5
CVE-2025-32921 - WordPress Arrival theme <= 1.4.5 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpoperations Arrival arrival allows PHP Local File Inclusion.This issue affects Arrival: from n/a through <= 1.4.5.
7.5
CVE-2025-39359 - WordPress CWW Portfolio theme <= 1.3.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in codeworkweb CWW Portfolio cww-portfolio allows PHP Local File Inclusion.This issue affects CWW Portfolio: from n/a through <= 1.3.1.
7.5
CVE-2025-39360 - WordPress Grace Mag theme <= 1.1.5 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in everestthemes Grace Mag grace-mag allows PHP Local File Inclusion.This issue affects Grace Mag: from n/a through <= 1.1.5.
8.5
CVE-2025-39377 - WordPress Appsero Helper plugin <= 1.3.4 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs Appsero Helper appsero-helper allows SQL Injection.This issue affects Appsero Helper: from n/a through <= 1.3.4.
7.5
CVE-2025-39378 - WordPress Spreadsheet Price Changer for WooCommerce and WP E-commerce β Light plugin <= 2.4.37 - Loβ¦
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce β Light excel-like-price-change-for-woocommerce-and-wp-e-commerce-light allows PHP Local File Incluβ¦
7.5
CVE-2025-39379 - WordPress Capturly plugin <= 2.0.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Capturly Capturly capturly-optimize-your-website allows PHP Local File Inclusion.This issue affects Capturly: from n/a through <= 2.0.1.