Latest CVE Feed
-
8.1
HIGHCVE-2025-68587
Missing Authorization vulnerability in Bob Watu Quiz watu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Watu Quiz: from n/a through <= 3.4.5.... Read more
Affected Products : watu_quiz- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Authorization
-
8.1
HIGHCVE-2025-68594
Missing Authorization vulnerability in Assaf Parag Poll, Survey & Quiz Maker Plugin by Opinion Stage social-polls-by-opinionstage allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll, Survey & Quiz Maker Plugin b... Read more
Affected Products : poll\,_survey_\&_quiz_maker- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Authorization
-
8.1
HIGHCVE-2025-58925
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Neptunus neptunus allows PHP Local File Inclusion.This issue affects Neptunus: from n/a through <= 1.0.11.... Read more
Affected Products : neptunus- Published: Dec. 18, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Path Traversal
-
8.1
HIGHCVE-2025-60064
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Renewal renewal allows PHP Local File Inclusion.This issue affects Renewal: from n/a through <= 1.2.2.... Read more
Affected Products : renewal- Published: Dec. 18, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Path Traversal
-
8.1
HIGHCVE-2025-58923
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Critique critique allows PHP Local File Inclusion.This issue affects Critique: from n/a through <= 1.17.... Read more
Affected Products : critique- Published: Dec. 18, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Path Traversal
-
8.1
HIGHCVE-2025-58948
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Aromatica aromatica allows PHP Local File Inclusion.This issue affects Aromatica: from n/a through <= 1.8.... Read more
Affected Products : aromatica- Published: Dec. 18, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Path Traversal
-
8.1
HIGHCVE-2025-14800
The Redirection for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'move_file_to_upload' function in all versions up to, and including, 3.2.7. This makes it possible for unauthenticat... Read more
Affected Products : redirection_for_contact_form_7- Published: Dec. 21, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Misconfiguration
-
8.1
HIGHCVE-2025-69087
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jwsthemes FreeAgent allows PHP Local File Inclusion.This issue affects FreeAgent: from n/a through 2.1.2.... Read more
Affected Products :- Published: Jan. 05, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Path Traversal
-
8.1
HIGHCVE-2025-58949
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Spock spock allows PHP Local File Inclusion.This issue affects Spock: from n/a through <= 1.17.... Read more
Affected Products : spock- Published: Dec. 18, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Path Traversal
-
8.1
HIGHCVE-2025-58950
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Lione lione allows PHP Local File Inclusion.This issue affects Lione: from n/a through <= 1.16.... Read more
Affected Products : lione- Published: Dec. 18, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Path Traversal
-
8.1
HIGHCVE-2025-60059
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes smart SEO smartSEO allows PHP Local File Inclusion.This issue affects smart SEO: from n/a through <= 2.12.... Read more
Affected Products : smartseo- Published: Dec. 18, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Injection
-
8.1
HIGHCVE-2025-60060
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Pubzinne pubzinne allows PHP Local File Inclusion.This issue affects Pubzinne: from n/a through <= 1.0.12.... Read more
Affected Products : pubzinne- Published: Dec. 18, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Path Traversal
-
8.1
HIGHCVE-2025-58709
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Legacy legacy allows PHP Local File Inclusion.This issue affects Legacy: from n/a through <= 1.9.... Read more
Affected Products : legacy- Published: Dec. 18, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Path Traversal
-
8.1
HIGHCVE-2025-60061
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Kicker kicker allows PHP Local File Inclusion.This issue affects Kicker: from n/a through <= 2.2.0.... Read more
Affected Products : kicker- Published: Dec. 18, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Path Traversal
-
8.1
HIGHCVE-2025-69081
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Group Hope charity-is-hope allows PHP Local File Inclusion.This issue affects Hope: from n/a through 3.0.0.... Read more
Affected Products :- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Path Traversal
-
8.1
HIGHCVE-2025-67089
A command injection vulnerability exists in the GL-iNet GL-AXT1800 router firmware v4.6.8. The vulnerability is present in the `plugins.install_package` RPC method, which fails to properly sanitize user input in package names. Authenticated attackers can ... Read more
Affected Products :- Published: Jan. 08, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Injection
-
8.1
HIGHCVE-2025-68517
Missing Authorization vulnerability in Essekia Tablesome tablesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tablesome: from n/a through <= 1.1.35.1.... Read more
Affected Products : tablesome- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Authorization
-
8.1
HIGHCVE-2025-60069
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove MinimogWP minimog allows PHP Local File Inclusion.This issue affects MinimogWP: from n/a through <= 3.9.6.... Read more
Affected Products :- Published: Dec. 18, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Path Traversal
-
8.1
HIGHCVE-2025-68588
Missing Authorization vulnerability in totalsoft TS Poll poll-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TS Poll: from n/a through <= 2.5.3.... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Authorization
-
8.1
HIGHCVE-2025-69034
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Lekker lekker allows PHP Local File Inclusion.This issue affects Lekker: from n/a through <= 1.8.... Read more
Affected Products :- Published: Dec. 30, 2025
- Modified: Jan. 05, 2026
- Vuln Type: Path Traversal