CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6459 – Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Cross-Site Request Forgery to PHP Code Injection in bsaCreateAdTemplate
https://notcve.org/view.php?id=CVE-2025-6459
01 Jul 2025 — The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.89. ... El complemento Ads Pro Plugin - Multi-Purpose WordPress Advertising Manage de WordPress, es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 4.89 (incluida). • https://codecanyon.net/item/ads-pro-plugin-multipurpose-wordpress-advertising-manager/10275010 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-4689 – Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Unauthenticated Local File Inclusion to Remote Code Execution
https://notcve.org/view.php?id=CVE-2025-4689
01 Jul 2025 — The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Local File Inclusion which leads to Remote Code Execution in all versions up to, and including, 4.89. ... El complemento Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager de WordPress, es vulnerable a la Inclusión de Archivos Locales, lo que provoca la ejecución remota de código en todas las versiones hasta la 4.89 incluida. • https://codecanyon.net/item/ads-pro-plugin-multipurpose-wordpress-advertising-manager/10275010 • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-5746 – Drag and Drop Multiple File Upload (Pro) - WooCommerce <= 1.7.1 and 5.0 - 5.0.5 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2025-5746
01 Jul 2025 — The Drag and Drop Multiple File Upload (Pro) - WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the dnd_upload_cf7_upload_chunks() function in version 5.0 - 5.0.5 (when bundled with the PrintSpace theme) and all versions up to, and including, 1.7.1 (in the standalone version). ... El complemento Drag and Drop Multiple File Upload (Pro) - WooCommerce para WordPress es vulnerable a la carga de archivos arbitrarios debido a la falta d... • https://www.codedropz.com/woocommerce-drag-drop-multiple-file-upload • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-49417 – WordPress WooCommerce Product Multi-Action <= 1.3 - Deserialization of untrusted data Vulnerability
https://notcve.org/view.php?id=CVE-2025-49417
01 Jul 2025 — The WooCommerce Product Multi-Action plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3 via deserialization of untrusted input. • https://patchstack.com/database/wordpress/plugin/woo-product-multiaction/vulnerability/wordpress-woocommerce-product-multi-action-1-3-deserialization-of-untrusted-data-vulnerability? • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-28983 – WordPress Click & Pledge Connect plugin <= 25.04010101-WP6.8 - Privilege Escalation via SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2025-28983
01 Jul 2025 — The Click & Pledge Connect plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 25.04010101-WP6.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. • https://patchstack.com/database/wordpress/plugin/click-pledge-connect/vulnerability/wordpress-click-pledge-connect-plugin-25-04010101-wp6-8-privilege-escalation-via-sql-injection-vulnerability? • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 3CVE-2025-6934 – Opal Estate Pro <= 1.7.5 - Unauthenticated Privilege Escalation via 'on_regiser_user'
https://notcve.org/view.php?id=CVE-2025-6934
30 Jun 2025 — The Opal Estate Pro – Property Management and Submission plugin for WordPress, used by the FullHouse - Real Estate Responsive WordPress Theme, is vulnerable to privilege escalation via in all versions up to, and including, 1.7.5. ... WordPress Opal Estate Pro plugin versions 1.7.5 and below suffers from a privilege escalation vulnerability. • https://themeforest.net/item/fullhouse-real-estate-responsive-wordpress-theme/16179481 • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30933 – WordPress LogisticsHub <= 1.1.6 - Arbitrary File Upload Vulnerability
https://notcve.org/view.php?id=CVE-2025-30933
30 Jun 2025 — The LogisticsHub theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.1.6. • https://patchstack.com/database/wordpress/theme/logistics-hub/vulnerability/wordpress-logisticshub-1-1-6-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-49414 – WordPress FW Gallery <= 8.0.0 - Arbitrary File Upload Vulnerability
https://notcve.org/view.php?id=CVE-2025-49414
30 Jun 2025 — The FW Gallery – Photo, video, audio media presentation and management system with players and slideshow plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 8.0.0. • https://patchstack.com/database/wordpress/plugin/fw-gallery/vulnerability/wordpress-fw-gallery-8-0-0-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-5304 – PT Project Notebooks 1.0.0 - 1.1.3 - Missing Authorization to Unauthenticated Privilege Escalation via wpnb_pto_new_users_add Function
https://notcve.org/view.php?id=CVE-2025-5304
27 Jun 2025 — The PT Project Notebooks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization in the wpnb_pto_new_users_add() function in versions 1.0.0 through 1.1.3. • https://wordpress.org/plugins/project-notebooks/#developers • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-49885 – WordPress Drag and Drop Multiple File Upload (Pro) - WooCommerce plugin <= 5.0.6 - Arbitrary File Upload Vulnerability
https://notcve.org/view.php?id=CVE-2025-49885
27 Jun 2025 — Unrestricted Upload of File with Dangerous Type vulnerability in HaruTheme Drag and Drop Multiple File Upload (Pro) - WooCommerce allows Upload a Web Shell to a Web Server. This issue affects Drag and Drop Multiple File Upload (Pro) - WooCommerce: from n/a through 5.0.6. • https://patchstack.com/database/wordpress/plugin/drag-and-drop-file-upload-wc-pro/vulnerability/wordpress-drag-and-drop-multiple-file-upload-pro-woocommerce-5-0-6-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •