7.5
CVE-2025-39452 - WordPress WPCafe plugin <= 2.2.32 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Arraytics WPCafe wp-cafe allows PHP Local File Inclusion.This issue affects WPCafe: from n/a through <= 2.2.32.
4.3
CVE-2025-39453 - WordPress Advanced Dynamic Pricing for WooCommerce plugin <= 4.9.3 - Cross Site Request Forgery (CSโฆ
Cross-Site Request Forgery (CSRF) vulnerability in algol.plus Advanced Dynamic Pricing for WooCommerce advanced-dynamic-pricing-for-woocommerce allows Cross Site Request Forgery.This issue affects Advanced Dynamic Pricing for WooCommerce: from n/a through <= 4.9.3.
7.1
CVE-2025-39455 - WordPress IP2Location Variables plugin <= 2.9.5 - CSRF to Cross Site Scripting (XSS) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in IP2Location IP2Location Variables ip2location-variables allows Reflected XSS.This issue affects IP2Location Variables: from n/a through <= 2.9.5.
5.4
CVE-2025-39456 - WordPress WP Logger plugin <= 2.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in iTRON WP Logger wp-data-logger allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Logger: from n/a through <= 2.2.
5.3
CVE-2025-39457 - WordPress Booking and Rental Manager plugin <= 2.2.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking and Rental Manager: from n/a through <= 2.2.8.
7.5
CVE-2025-39461 - WordPress Docket Cache plugin <= 24.07.02 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Nawawi Jamili Docket Cache docket-cache allows PHP Local File Inclusion.This issue affects Docket Cache: from n/a through <= 24.07.02.
7.5
CVE-2025-39462 - WordPress Smart Agreements plugin <= 1.0.3 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in teamzt Smart Agreements smart-agreements allows PHP Local File Inclusion.This issue affects Smart Agreements: from n/a through <= 1.0.3.
7.1
CVE-2025-39464 - WordPress AdminQuickbar plugin <= 1.9.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rtowebsites AdminQuickbar adminquickbar allows Reflected XSS.This issue affects AdminQuickbar: from n/a through <= 1.9.1.
7.1
CVE-2025-25234 -
Omnissa UAG contains a Cross-Origin Resource Sharing (CORS) bypass vulnerability.ย A malicious actor with network access to UAG may be able to bypass administrator-configured CORS restrictions to gain access to sensitive networks.
9.3
CVE-2025-3651 - Command Injection in iManage Work Desktop for Mac's Agent Service
Improper Verification of Source of a Communication Channel in Work Desktop for Mac versions 10.8.1.46 and earlier allows attackers to execute arbitrary commands via unauthorized access to the Agent service.ย This has been remediated in Work Desktop for Mac version 10.8.2.33.