CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3812 – WPBot Pro Wordpress Chatbot <= 13.6.2 - Authenticated (Subscriber+) Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2025-3812
16 May 2025 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://www.wordfence.com/threat-intel/vulnerabilities/id/8fe1609d-17d6-4afe-90b2-5473dc9b6c3b?source=cve • CWE-73: External Control of File Name or Path •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-4389 – Crawlomatic Multipage Scraper Post Generator <= 2.6.8.1 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2025-4389
16 May 2025 — This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://codecanyon.net/item/crawlomatic-multisite-scraper-post-generator-plugin-for-wordpress/20476010 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-4391 – Echo RSS Feed Post Generator <= 5.4.8.1 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2025-4391
16 May 2025 — This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://codecanyon.net/item/echo-rss-feed-post-generator-plugin-for-wordpress/19486974 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47641 – Printcart Web to Print Product Designer for WooCommerce <= 2.3.8 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2025-47641
16 May 2025 — This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47637 – STAGGS <= 2.11.0 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2025-47637
16 May 2025 — This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47512 – Tainacan <= 0.21.14 - Unauthenticated Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2025-47512
16 May 2025 — This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47577 – WordPress TI WooCommerce Wishlist <= 2.9.2 - Arbitrary File Upload Vulnerability
https://notcve.org/view.php?id=CVE-2025-47577
16 May 2025 — This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/wordpress/plugin/ti-woocommerce-wishlist/vulnerability/wordpress-ti-woocommerce-wishlist-2-9-2-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6486 – ImageMagick Engine < 1.7.11 - Administrator+ OS Command Injection
https://notcve.org/view.php?id=CVE-2024-6486
15 May 2025 — This allows authenticated attackers, with administrator-level permission to execute arbitrary OS commands on the server leading to remote code execution. • https://wpscan.com/vulnerability/a57c0c59-8b5c-4221-a9db-19f141650d9b •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47785 – EMLOG SQL Injection Vulnerability
https://notcve.org/view.php?id=CVE-2025-47785
15 May 2025 — In versions up to and including 2.5.9, SQL injection occurs because the $origContent parameter in admin/article_save.php is not strictly filtered. Since admin/article_save.php can be accessed by ordinary registered users, this will cause SQL injection to occur when the registered site is enabled, resulting in the injection of the admin account and password, which is then exploited by the backend remote code execution. • https://github.com/emlog/emlog/security/advisories/GHSA-939m-47f7-m559 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47787 – Emlog Pro Contains a File Upload Vulnerability
https://notcve.org/view.php?id=CVE-2025-47787
15 May 2025 — This insufficient validation allows attackers to execute arbitrary code on the vulnerable system. • https://github.com/emlog/emlog/commit/691c13e90df2fb35e120f4e0735078bad018eed7 • CWE-434: Unrestricted Upload of File with Dangerous Type •