CVE-2025-69158
— WordPress Granola theme <= 1.13 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Granola <= 1.13 versions.
Remote
|
Path Traversal
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2025-69157
— WordPress Gamic theme <= 1.15 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Gamic <= 1.15 versions.
Remote
|
Path Traversal
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2025-69144
— WordPress Preservation theme <= 1.10 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Preservation <= 1.10 versions.
Remote
|
Path Traversal
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2025-69140
— WordPress SweetDate Core plugin < 1.1.5 - Reflected Cross Site Scripting (XSS) vulnerabil…
Unauthenticated Cross Site Scripting (XSS) in SweetDate Core < 1.1.5 versions.
Remote
|
Cross-Site Scripting
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2025-69130
— WordPress Entrepreneur - Booking for Small Businesses WordPress Theme theme <= 3.1.3 - PH…
Subscriber PHP Object Injection in Entrepreneur - Booking for Small Businesses WordPress Theme <= 3.1.3 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2025-69127
— WordPress Plumbing theme <= 1.6 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Plumbing <= 1.6 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2025-69126
— WordPress Fortius theme <= 2.3.0 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Fortius <= 2.3.0 versions.
Remote
|
Path Traversal
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2025-69123
— WordPress Snow Club theme <= 1.1 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Snow Club <= 1.1 versions.
Remote
|
Path Traversal
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2025-69120
— WordPress Dazzle theme <= 1.0.0 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Dazzle <= 1.0.0 versions.
Remote
|
Path Traversal
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2025-69115
— WordPress LuxMed | Medicine & Healthcare Doctor WordPress Theme theme <= 1.2.2 - Local Fi…
Unauthenticated Local File Inclusion in LuxMed | Medicine & Healthcare Doctor WordPress Theme <= 1.2.2 versions.
Remote
|
Path Traversal
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2025-69111
— WordPress Reisen theme <= 1.4.1 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Reisen <= 1.4.1 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2025-69106
— WordPress Imba theme <= 1.5.0 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Imba <= 1.5.0 versions.
Remote
|
Path Traversal
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2025-68524
— WordPress Avante theme < 3.0.5 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting (XSS) in Avante < 3.0.5 versions.
Remote
|
Cross-Site Scripting
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2025-59554
— WordPress Advanced Ads – Tracking plugin < 3.0.7 - SQL Injection vulnerability
Unauthenticated SQL Injection in Advanced Ads – Tracking < 3.0.7 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2025-15657
— WordPress School Management plugin <= 93.1.0 - Insecure Direct Object References (IDOR) v…
Unauthenticated Insecure Direct Object References (IDOR) in School Management <= 93.1.0 versions.
Remote
|
Authorization
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-54193
— WordPress Fusion Builder plugin <= 3.15.4 - Arbitrary File Deletion vulnerability
Contributor Arbitrary File Deletion in Fusion Builder <= 3.15.4 versions.
Remote
|
Path Traversal
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2025-59872
— HCL ZIE for Web is affetced by an Unrestricted File Upload vulnerability,
HCL ZIE for Web is affetced by an Unrestricted File Upload vulnerability, If the server is configured to execute code, then it may be possible to obtain command execution on the server by uploading a…
Remote
|
Misconfiguration
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-11975
— Stored Cross-Site Scripting (XSS) in SimplCommerce News Module Admin Interface
Stored cross-site scripting (XSS) in NewsItemApiController In SimplCommerce prior to commit 6142d3b5 allows an authenticated administrator to execute arbitrary JavaScript via the ShortContent and Ful…
Remote
|
Cross-Site Scripting
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2025-62340
— HCL iControl was affected by Inadequate Session Timeout vulnerability
HCL iControl was affected by Inadequate Session Timeout vulnerability. The vulnerability involves a security risk where a web application fails to automatically terminate user sessions after a period…
Remote
|
Authentication
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2024-37496
— WordPress Metro Magazine theme <= 1.3.7 - Broken Access Control on Notice Dismissal vulne…
Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Metro Magazine: from n/a through 1.3.7.
Remote
|
Authorization
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
