CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-52709 – WordPress Everest Forms plugin <= 3.2.2 - PHP Object Injection Vulnerability
https://notcve.org/view.php?id=CVE-2025-52709
27 Jun 2025 — The Everest Forms plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.2.2 via deserialization of untrusted input. • https://patchstack.com/database/wordpress/plugin/everest-forms/vulnerability/wordpress-everest-forms-3-2-2-php-object-injection-vulnerability? • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-52724 – WordPress Amwerk theme <= 1.2.0 - PHP Object Injection Vulnerability
https://notcve.org/view.php?id=CVE-2025-52724
27 Jun 2025 — The Amwerk theme for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.2.0 via deserialization of untrusted input. • https://patchstack.com/database/wordpress/theme/amwerk/vulnerability/wordpress-amwerk-1-2-0-php-object-injection-vulnerability? • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-52725 – WordPress CouponXxL theme <= 3.0.0 - PHP Object Injection Vulnerability
https://notcve.org/view.php?id=CVE-2025-52725
27 Jun 2025 — The CouponXxL theme for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.0.0 via deserialization of untrusted input. • https://patchstack.com/database/wordpress/theme/couponxxl/vulnerability/wordpress-couponxxl-3-0-0-php-object-injection-vulnerability? • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53277 – WordPress IS-theme-companion plugin <= 1.57 - Cross Site Request Forgery (CSRF) Vulnerability
https://notcve.org/view.php?id=CVE-2025-53277
27 Jun 2025 — The IS-theme-companion plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.57. • https://patchstack.com/database/wordpress/plugin/weblizar-companion/vulnerability/wordpress-is-theme-companion-plugin-1-57-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12827 – DWT - Directory & Listing WordPress Theme <= 3.3.6 - Unauthenticated Arbitrary User Password Reset
https://notcve.org/view.php?id=CVE-2024-12827
26 Jun 2025 — The DWT - Directory & Listing WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.3.6. • https://themeforest.net/item/dwt-listing-directory-listing-wordpress-theme/21976132 • CWE-620: Unverified Password Change •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6688 – Simple Payment 1.3.6 - 2.3.8 - Authentication Bypass to Admin
https://notcve.org/view.php?id=CVE-2025-6688
26 Jun 2025 — The Simple Payment plugin for WordPress is vulnerable to Authentication Bypass in versions 1.3.6 to 2.3.8. • https://plugins.trac.wordpress.org/changeset/3318371/simple-payment/tags/2.3.9/simple-payment-plugin.php • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2025-4334 – Simple User Registration <= 6.3 - Unauthenticated Privilege Escalation
https://notcve.org/view.php?id=CVE-2025-4334
25 Jun 2025 — The Simple User Registration plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.3. ... WordPress Simple User Registration plugin versions 6.3 and below suffer from an unauthenticated privilege escalation vulnerability. • https://packetstorm.news/files/id/202897 • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-28970 – WordPress WP Optimize By xTraffic plugin <= 5.1.6 - PHP Object Injection Vulnerability
https://notcve.org/view.php?id=CVE-2025-28970
23 Jun 2025 — The WP Optimize By xTraffic plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 5.1.6 via deserialization of untrusted input. • https://patchstack.com/database/wordpress/plugin/wp-optimize-by-xtraffic/vulnerability/wordpress-wp-optimize-by-xtraffic-5-1-6-php-object-injection-vulnerability? • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32281 – WordPress WPKit For Elementor plugin <= 1.1.0 - Arbitrary Option Update to Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2025-32281
23 Jun 2025 — The WPKit For Elementor plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. • https://patchstack.com/database/wordpress/plugin/wpkit-elementor/vulnerability/wordpress-wpkit-for-elementor-plugin-1-1-0-arbitrary-option-update-to-privilege-escalation-vulnerability? • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-52825 – WordPress Real Estate Manager plugin <= 7.3 - Cross Site Request Forgery (CSRF) Vulnerability
https://notcve.org/view.php?id=CVE-2025-52825
19 Jun 2025 — The Real Estate Manager – Property Listing and Agent Management plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.3. • https://patchstack.com/database/wordpress/plugin/real-estate-manager/vulnerability/wordpress-real-estate-manager-plugin-7-3-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •