CVSS: 10.0EPSS: %CPEs: 1EXPL: 0CVE-2025-12352 – Gravity Forms <= 2.9.20 - Unauthenticated Arbitrary File Upload via 'copy_post_image'
https://notcve.org/view.php?id=CVE-2025-12352
06 Nov 2025 — The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the copy_post_image() function in all versions up to, and including, 2.9.20. • https://github.com/pronamic/gravityforms/blob/06de1b7e169e4f073e9d0d491e17b89365b48c20/forms_model.php#L5451C26-L5451C41 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-11749 – AI Engine <= 3.1.3 - Unauthenticated Sensitive Information Exposure to Privilege Escalation
https://notcve.org/view.php?id=CVE-2025-11749
04 Nov 2025 — The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.3 via the /mcp/v1/ REST API endpoint that exposes the 'Bearer Token' value when 'No-Auth URL' is enabled. • https://plugins.trac.wordpress.org/browser/ai-engine/trunk/labs/mcp.php#L226 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-12674 – KiotViet Sync <= 1.8.5 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2025-12674
04 Nov 2025 — The KiotViet Sync plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the create_media() function in all versions up to, and including, 1.8.5. • https://wordpress.org/plugins/kiotvietsync • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-12158 – Simple User Capabilities <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation
https://notcve.org/view.php?id=CVE-2025-12158
03 Nov 2025 — The Simple User Capabilities plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the suc_submit_capabilities() function in all versions up to, and including, 1.0. • https://wordpress.org/plugins/simple-user-capabilities • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-11008 – CE21 Suite <= 2.3.1 - Unauthenticated Sensitive Information Exposure to Privilege Escalation
https://notcve.org/view.php?id=CVE-2025-11008
03 Nov 2025 — The CE21 Suite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.1 via the log file. • https://wordpress.org/plugins/ce21-suite • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-11007 – CE21 Suite 2.2.1 - 2.3.1 - Missing Authorization to Unauthenticated Privilege Escalation via Plugin Settings Update
https://notcve.org/view.php?id=CVE-2025-11007
03 Nov 2025 — The CE21 Suite plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the wp_ajax_nopriv_ce21_single_sign_on_save_api_settings AJAX action in versions 2.2.1 to 2.3.1. • https://wordpress.org/plugins/ce21-suite • CWE-306: Missing Authentication for Critical Function •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-12493 – ShopLentor <= 3.2.5 - Unauthenticated Local PHP File Inclusion via 'load_template'
https://notcve.org/view.php?id=CVE-2025-12493
03 Nov 2025 — The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.2.5 via the 'load_template' function. • https://plugins.trac.wordpress.org/browser/woolentor-addons/trunk/classes/class.ajax_actions.php#L213 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-12682 – Easy Upload Files During Checkout <= 2.9.8 - Unauthenticated Arbitrary JavaScript File Upload
https://notcve.org/view.php?id=CVE-2025-12682
03 Nov 2025 — The Easy Upload Files During Checkout plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing file type validation in the 'file_during_checkout' function in all versions up to, and including, 2.9.8. • https://plugins.trac.wordpress.org/changeset/3384711 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-8900 – Doccure Core < 1.5.4 - Unauthenticated Privilege Escalation
https://notcve.org/view.php?id=CVE-2025-8900
31 Oct 2025 — The Doccure Core plugin for WordPress is vulnerable to privilege escalation in versions up to, and excluding, 1.5.4. • https://themeforest.net/item/doccure-medical-wordpress-theme/34329202 • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-11833 – Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App <= 3.6.0 - Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure
https://notcve.org/view.php?id=CVE-2025-11833
31 Oct 2025 — The Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the __construct function in all versions up to, and including, 3.6.0. • https://plugins.trac.wordpress.org/browser/post-smtp/tags/3.5.0/Postman/PostmanEmailLogs.php#L51 • CWE-862: Missing Authorization •