CVE-2025-69130
— WordPress Entrepreneur - Booking for Small Businesses WordPress Theme theme <= 3.1.3 - PH…
Subscriber PHP Object Injection in Entrepreneur - Booking for Small Businesses WordPress Theme <= 3.1.3 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2025-69128
— WordPress JobCareer theme <= 7.3 - Arbitrary File Deletion vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in EMV JobCareer allows Path Traversal.
This issue affects JobCareer: from n/a through 7.3.
Remote
|
Path Traversal
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2025-69127
— WordPress Plumbing theme <= 1.6 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Plumbing <= 1.6 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2025-69126
— WordPress Fortius theme <= 2.3.0 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Fortius <= 2.3.0 versions.
Remote
|
Path Traversal
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2025-69123
— WordPress Snow Club theme <= 1.1 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Snow Club <= 1.1 versions.
Remote
|
Path Traversal
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2025-69120
— WordPress Dazzle theme <= 1.0.0 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Dazzle <= 1.0.0 versions.
Remote
|
Path Traversal
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2025-69115
— WordPress LuxMed | Medicine & Healthcare Doctor WordPress Theme theme <= 1.2.2 - Local Fi…
Unauthenticated Local File Inclusion in LuxMed | Medicine & Healthcare Doctor WordPress Theme <= 1.2.2 versions.
Remote
|
Path Traversal
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2025-69111
— WordPress Reisen theme <= 1.4.1 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Reisen <= 1.4.1 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2025-69106
— WordPress Imba theme <= 1.5.0 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Imba <= 1.5.0 versions.
Remote
|
Path Traversal
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2025-68524
— WordPress Avante theme < 3.0.5 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting (XSS) in Avante < 3.0.5 versions.
Remote
|
Cross-Site Scripting
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
In Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a workflow for write operations, e.g., the system will send a one-time password to an attacker-contro…
Remote
|
Authorization
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2025-60236
— WordPress Creatify theme <= 1.5 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in EMV Creatify allows Object Injection.
This issue affects Creatify: from n/a through 1.5.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2025-60231
— WordPress The Hospital theme <= 1.8.1 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in EMV The Hospital nrghospital allows Object Injection.
This issue affects The Hospital: from n/a through 1.8.1.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2025-60230
— WordPress The Barber Shop theme <= 1.9 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Themeton The Barber Shop allows Object Injection.
This issue affects The Barber Shop: from n/a through 1.9.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2025-60229
— WordPress Lagom theme <= 2.0 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Themeton Lagom allows Object Injection.
This issue affects Lagom: from n/a through 2.0.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2025-59554
— WordPress Advanced Ads – Tracking plugin < 3.0.7 - SQL Injection vulnerability
Unauthenticated SQL Injection in Advanced Ads – Tracking < 3.0.7 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2025-15657
— WordPress School Management plugin <= 93.1.0 - Insecure Direct Object References (IDOR) v…
Unauthenticated Insecure Direct Object References (IDOR) in School Management <= 93.1.0 versions.
Remote
|
Authorization
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
When NGINX Plus is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied strin…
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-9690
— WordPress WP Media folder Addon plugin <= 4.0.1 - Arbitrary File Download vulnerability
Unauthenticated Arbitrary File Download in WP Media folder Addon <= 4.0.1 versions.
Remote
|
Path Traversal
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-9570
— Taskbuilder < 5.0.8 - Reflected XSS via Shortcode
The Taskbuilder WordPress plugin before 5.0.8 does not properly sanitise a URL parameter before echoing it into inline JavaScript on a frontend page containing one of its shortcodes, leading to a Re…
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026