CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32654 – WordPress Motors plugin <= 1.4.65 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2025-32654
09 Apr 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Stylemix Motors allows PHP Local File Inclusion. ... This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” fi... • https://patchstack.com/database/wordpress/plugin/motors-car-dealership-classified-listings/vulnerability/wordpress-motors-plugin-1-4-65-local-file-inclusion-vulnerability-2?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32656 – WordPress Testimonial Slider and Showcase Pro plugin <= 2.3.15 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2025-32656
09 Apr 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NotFound Testimonial Slider And Showcase Pro allows PHP Local File Inclusion. ... This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases whe... • https://patchstack.com/database/wordpress/plugin/testimonial-slider-showcase-pro/vulnerability/wordpress-testimonial-slider-and-showcase-pro-plugin-2-3-15-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32663 – WordPress FAT Cooming Soon plugin <= 1.1 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2025-32663
09 Apr 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in roninwp FAT Cooming Soon allows PHP Local File Inclusion. ... This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other ... • https://patchstack.com/database/wordpress/plugin/fat-coming-soon/vulnerability/wordpress-fat-cooming-soon-plugin-1-1-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32672 – WordPress Ultimate Bootstrap Elements for Elementor plugin <= 1.4.9 - Local File Inclusion Vulnerability
https://notcve.org/view.php?id=CVE-2025-32672
09 Apr 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in g5theme Ultimate Bootstrap Elements for Elementor allows PHP Local File Inclusion. ... This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in case... • https://patchstack.com/database/wordpress/plugin/ultimate-bootstrap-elements-for-elementor/vulnerability/wordpress-ultimate-bootstrap-elements-for-elementor-plugin-1-4-9-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32499 – WordPress Logo Showcase Ultimate plugin <= 1.4.4 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2025-32499
09 Apr 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpWax Logo Showcase Ultimate allows PHP Local File Inclusion. ... This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code ex... • https://patchstack.com/database/wordpress/plugin/logo-showcase-ultimate/vulnerability/wordpress-logo-showcase-ultimate-plugin-1-4-4-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32668 – WordPress Real Estate Manager plugin <= 7.3 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2025-32668
09 Apr 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Rameez Iqbal Real Estate Manager allows PHP Local File Inclusion. ... This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images an... • https://patchstack.com/database/wordpress/plugin/real-estate-manager/vulnerability/wordpress-real-estate-manager-plugin-7-3-local-file-inclusion-vulnerability-2?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32692 – WordPress WP Subscription Forms <= 1.2.4 - Local File Inclusion Vulnerability
https://notcve.org/view.php?id=CVE-2025-32692
09 Apr 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Shuffle WP Subscription Forms allows PHP Local File Inclusion. ... This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code <... • https://patchstack.com/database/wordpress/plugin/wp-subscription-forms/vulnerability/wordpress-wp-subscription-forms-1-2-4-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-29394
https://notcve.org/view.php?id=CVE-2025-29394
09 Apr 2025 — An insecure permissions vulnerability in verydows v2.0 allows a remote attacker to execute arbitrary code by uploading a file type. • https://gist.github.com/jaylan545/01e9653c0139638152927fe6f00cd82e •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-32460 – Debian Security Advisory 5905-1
https://notcve.org/view.php?id=CVE-2025-32460
09 Apr 2025 — Two vulnerabilities have been discovered in GraphicsMagick, a set of command-line applications to manipulate image files, which may result in denial of service or the execution of arbitrary code if malformed image files are processed. • https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/8e56520435df50f618a03f2721a39a70a515f1cb • CWE-125: Out-of-bounds Read •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32631 – WordPress Oxygen MyData for WooCommerce plugin <= 1.0.63 - Arbitrary File Deletion vulnerability
https://notcve.org/view.php?id=CVE-2025-32631
09 Apr 2025 — The Oxygen MyData for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in all versions up to, and including, 1.0.64. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://patchstack.com/database/wordpress/plugin/oxygen-mydata/vulnerability/wordpress-oxygen-mydata-for-woocommerce-plugin-1-0-63-arbitrary-file-deletion-vulnerability? • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •