CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31049 – WordPress Dash <= 1.3 - PHP Object Injection Vulnerability
https://notcve.org/view.php?id=CVE-2025-31049
19 May 2025 — The Dash theme for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.3 via deserialization of untrusted input. • https://patchstack.com/database/wordpress/theme/dash/vulnerability/wordpress-dash-1-3-php-object-injection-vulnerability? • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31069 – WordPress HotStar – Multi-Purpose Business Theme <= 1.4 - PHP Object Injection Vulnerability
https://notcve.org/view.php?id=CVE-2025-31069
19 May 2025 — The HotStar – Multi-Purpose Business Theme theme for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.4 via deserialization of untrusted input. • https://patchstack.com/database/wordpress/theme/hotstar/vulnerability/wordpress-hotstar-multi-purpose-business-theme-1-4-php-object-injection-vulnerability? • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31430 – WordPress The Business <= 1.6.1 - PHP Object Injection Vulnerability
https://notcve.org/view.php?id=CVE-2025-31430
19 May 2025 — The The Business theme for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.6.1 via deserialization of untrusted input. • https://patchstack.com/database/wordpress/theme/nrgbusiness/vulnerability/wordpress-the-business-1-6-1-php-object-injection-vulnerability? • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32292 – WordPress Jarvis – Night Club, Concert, Festival WordPress <= 1.8.11 - PHP Object Injection Vulnerability
https://notcve.org/view.php?id=CVE-2025-32292
19 May 2025 — Deserialization of Untrusted Data vulnerability in AncoraThemes Jarvis – Night Club, Concert, Festival WordPress allows Object Injection. This issue affects Jarvis – Night Club, Concert, Festival WordPress: from n/a through 1.8.11. The Jarvis – Night Club, Concert, Festival WordPress theme for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.11 via deserialization of untrusted input. • https://patchstack.com/database/wordpress/theme/jarvis/vulnerability/wordpress-jarvis-night-club-concert-festival-wordpress-1-8-11-php-object-injection-vulnerability? • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-39489 – WordPress CouponXL <= 4.5.0 - Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-39489
19 May 2025 — The couponxl theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 4.5.0. • https://patchstack.com/database/wordpress/theme/couponxl/vulnerability/wordpress-couponxl-4-5-0-privilege-escalation-vulnerability? • CWE-266: Incorrect Privilege Assignment •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-48340 – WordPress User Profile Meta Manager plugin <= 1.02 - CSRF to Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2025-48340
19 May 2025 — The User Profile Meta Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.02. • https://patchstack.com/database/wordpress/plugin/user-profile-meta/vulnerability/wordpress-user-profile-meta-manager-plugin-1-02-csrf-to-privilege-escalation-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-4389 – Crawlomatic Multipage Scraper Post Generator <= 2.6.8.1 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2025-4389
16 May 2025 — The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the crawlomatic_generate_featured_image() function in all versions up to, and including, 2.6.8.1. • https://codecanyon.net/item/crawlomatic-multisite-scraper-post-generator-plugin-for-wordpress/20476010 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-4391 – Echo RSS Feed Post Generator <= 5.4.8.1 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2025-4391
16 May 2025 — The Echo RSS Feed Post Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the echo_generate_featured_image() function in all versions up to, and including, 5.4.8.1. • https://codecanyon.net/item/echo-rss-feed-post-generator-plugin-for-wordpress/19486974 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47637 – WordPress STAGGS <= 2.11.0 - Arbitrary File Upload Vulnerability
https://notcve.org/view.php?id=CVE-2025-47637
16 May 2025 — The STAGGS – Product Configurator Toolkit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.11.0. • https://patchstack.com/database/wordpress/plugin/staggs/vulnerability/wordpress-staggs-2-10-1-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47641 – WordPress Printcart Web to Print Product Designer for WooCommerce <= 2.3.8 - Arbitrary File Upload Vulnerability
https://notcve.org/view.php?id=CVE-2025-47641
16 May 2025 — The Printcart Web to Print Product Designer for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.3.8. • https://patchstack.com/database/wordpress/plugin/printcart-integration/vulnerability/wordpress-printcart-web-to-print-product-designer-for-woocommerce-2-3-6-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •