CVE-2025-69130
— WordPress Entrepreneur - Booking for Small Businesses WordPress Theme theme <= 3.1.3 - PH…
Subscriber PHP Object Injection in Entrepreneur - Booking for Small Businesses WordPress Theme <= 3.1.3 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2025-69128
— WordPress JobCareer theme <= 7.3 - Arbitrary File Deletion vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in EMV JobCareer allows Path Traversal.
This issue affects JobCareer: from n/a through 7.3.
Remote
|
Path Traversal
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2025-69127
— WordPress Plumbing theme <= 1.6 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Plumbing <= 1.6 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2025-69126
— WordPress Fortius theme <= 2.3.0 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Fortius <= 2.3.0 versions.
Remote
|
Path Traversal
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2025-69123
— WordPress Snow Club theme <= 1.1 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Snow Club <= 1.1 versions.
Remote
|
Path Traversal
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2025-69120
— WordPress Dazzle theme <= 1.0.0 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Dazzle <= 1.0.0 versions.
Remote
|
Path Traversal
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2025-69115
— WordPress LuxMed | Medicine & Healthcare Doctor WordPress Theme theme <= 1.2.2 - Local Fi…
Unauthenticated Local File Inclusion in LuxMed | Medicine & Healthcare Doctor WordPress Theme <= 1.2.2 versions.
Remote
|
Path Traversal
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2025-69111
— WordPress Reisen theme <= 1.4.1 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Reisen <= 1.4.1 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2025-69106
— WordPress Imba theme <= 1.5.0 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Imba <= 1.5.0 versions.
Remote
|
Path Traversal
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2025-68524
— WordPress Avante theme < 3.0.5 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting (XSS) in Avante < 3.0.5 versions.
Remote
|
Cross-Site Scripting
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
In Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a workflow for write operations, e.g., the system will send a one-time password to an attacker-contro…
Remote
|
Authorization
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2025-60236
— WordPress Creatify theme <= 1.5 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in EMV Creatify allows Object Injection.
This issue affects Creatify: from n/a through 1.5.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2025-60231
— WordPress The Hospital theme <= 1.8.1 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in EMV The Hospital nrghospital allows Object Injection.
This issue affects The Hospital: from n/a through 1.8.1.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2025-60230
— WordPress The Barber Shop theme <= 1.9 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Themeton The Barber Shop allows Object Injection.
This issue affects The Barber Shop: from n/a through 1.9.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2025-60229
— WordPress Lagom theme <= 2.0 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Themeton Lagom allows Object Injection.
This issue affects Lagom: from n/a through 2.0.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2025-59554
— WordPress Advanced Ads – Tracking plugin < 3.0.7 - SQL Injection vulnerability
Unauthenticated SQL Injection in Advanced Ads – Tracking < 3.0.7 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2025-15657
— WordPress School Management plugin <= 93.1.0 - Insecure Direct Object References (IDOR) v…
Unauthenticated Insecure Direct Object References (IDOR) in School Management <= 93.1.0 versions.
Remote
|
Authorization
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-9690
— WordPress WP Media folder Addon plugin <= 4.0.1 - Arbitrary File Download vulnerability
Unauthenticated Arbitrary File Download in WP Media folder Addon <= 4.0.1 versions.
Remote
|
Path Traversal
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-9570
— Taskbuilder < 5.0.8 - Reflected XSS via Shortcode
The Taskbuilder WordPress plugin before 5.0.8 does not properly sanitise a URL parameter before echoing it into inline JavaScript on a frontend page containing one of its shortcodes, leading to a Re…
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-8607
— myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Pr…
The Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wrap' Shortcode Attribute in …
mycred
|
Remote
|
Cross-Site Scripting
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026