CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 2CVE-2025-32579 – WordPress Sync Posts Plugin <= 1.0 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2025-32579
10 Apr 2025 — The Sync Posts plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'scwp_sync_posts_func' and 'scwp_download_posts_content_images' functions in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. WordPress SoftClever Limited Sync Posts plugin version 1.0 s... • https://patchstack.com/database/wordpress/plugin/sync-posts/vulnerability/wordpress-sync-posts-plugin-1-0-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32652 – WordPress Solace Extra plugin <= 1.3.1 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2025-32652
10 Apr 2025 — The Solace Extra plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/wordpress/plugin/solace-extra/vulnerability/wordpress-solace-extra-plugin-1-3-1-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 18%CPEs: 1EXPL: 0CVE-2025-2636 – InstaWP Connect <= 0.1.0.85 - Unauthenticated Local PHP File Inclusion
https://notcve.org/view.php?id=CVE-2025-2636
10 Apr 2025 — The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.1.0.85 via the 'instawp-database-manager' parameter. The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.1.0.85 via the 'instawp-database-manager' parameter. ... • https://plugins.trac.wordpress.org/browser/instawp-connect/trunk/includes/database-manager/loader.php#L77 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26927 – WordPress AI Hub plugin <= 1.3.3 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2025-26927
10 Apr 2025 — The AI Hub plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.3.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/wordpress/theme/aihub/vulnerability/wordpress-ai-hub-plugin-1-3-3-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31411 – WordPress Linet ERP-Woocommerce Integration plugin <= 3.5.12 - Arbitrary File Read/Deletion vulnerability
https://notcve.org/view.php?id=CVE-2025-31411
10 Apr 2025 — The Linet ERP-Woocommerce Integration Plugin plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in a function in all versions up to, and including, 3.5.12. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://patchstack.com/database/wordpress/plugin/linet-erp-woocommerce-integration/vulnerability/wordpress-linet-erp-woocommerce-integration-plugin-3-5-12-arbitrary-file-read-deletion-vulnerability? • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31002 – WordPress Squeeze plugin <= 1.6 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2025-31002
09 Apr 2025 — The Squeeze – Image Optimization & Compression, WebP Conversion plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.6. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/wordpress/plugin/squeeze/vulnerability/wordpress-squeeze-plugin-1-6-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32496 – WordPress Ultra Demo Importer plugin <= 1.0.5 - CSRF to RCE vulnerability
https://notcve.org/view.php?id=CVE-2025-32496
09 Apr 2025 — The Ultra Demo Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.5. ... This makes it possible for unauthenticated attackers to execute arbitrary code on the server via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/wordpress/plugin/ut-demo-importer/vulnerability/wordpress-ultra-demo-importer-plugin-1-0-5-csrf-to-rce-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32629 – WordPress WP-BusinessDirectory Plugin <= 3.1.2 - Arbitrary File Deletion vulnerability
https://notcve.org/view.php?id=CVE-2025-32629
09 Apr 2025 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CMSJunkie - WordPress Business Directory Plugins WP-BusinessDirectory allows Path Traversal. ... The WP-BusinessDirectory – Business directory plugin for WordPress plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in all versions up to, and including, 3.1.2. This makes it possible for unauthenticated attackers to delete arbitrary files on t... • https://patchstack.com/database/wordpress/plugin/wp-businessdirectory/vulnerability/wordpress-wp-businessdirectory-plugin-3-1-2-arbitrary-file-deletion-vulnerability? • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32631 – WordPress Oxygen MyData for WooCommerce plugin <= 1.0.63 - Arbitrary File Deletion vulnerability
https://notcve.org/view.php?id=CVE-2025-32631
09 Apr 2025 — The Oxygen MyData for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in all versions up to, and including, 1.0.64. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://patchstack.com/database/wordpress/plugin/oxygen-mydata/vulnerability/wordpress-oxygen-mydata-for-woocommerce-plugin-1-0-63-arbitrary-file-deletion-vulnerability? • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32633 – WordPress Database Toolset Plugin <= 1.8.4 - Arbitrary File Deletion vulnerability
https://notcve.org/view.php?id=CVE-2025-32633
09 Apr 2025 — The Database Toolset plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in a function in all versions up to, and including, 1.8.4. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://patchstack.com/database/wordpress/plugin/database-toolset/vulnerability/wordpress-database-toolset-plugin-1-8-4-arbitrary-file-deletion-vulnerability? • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •