Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-39500
WordPress Goodlayers Hostel Plugin <= 3.1.2 - PHP Object Injection vulnerability
Description: Deserialization of Untrusted Data vulnerability in GoodLayers Goodlayers Hostel allows Object Injection. This issue affects Goodlayers Hostel: from n/a through 3.1.2.

CVSS: CRITICAL (9.8)

EPSS Score: 0.05%

Source: CVE
May 23rd, 2025 (16 days ago)

CVE-2025-39499
WordPress Medicare Theme <= 2.1.0 - PHP Object Injection vulnerability
Description: Deserialization of Untrusted Data vulnerability in BoldThemes Medicare allows Object Injection. This issue affects Medicare: from n/a through 2.1.0.

CVSS: CRITICAL (9.8)

EPSS Score: 0.05%

Source: CVE
May 23rd, 2025 (16 days ago)

CVE-2025-39495
WordPress Avantage Theme <= 2.4.6 - PHP Object Injection vulnerability
Description: Deserialization of Untrusted Data vulnerability in BoldThemes Avantage allows Object Injection. This issue affects Avantage: from n/a through 2.4.6.

CVSS: CRITICAL (9.8)

EPSS Score: 0.05%

Source: CVE
May 23rd, 2025 (16 days ago)

CVE-2025-39494
WordPress Wilmër theme < 3.4.2 - Local File Inclusion Vulnerability
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Wilmër allows PHP Local File Inclusion. This issue affects Wilmër: from n/a through n/a.

CVSS: HIGH (8.1)

EPSS Score: 0.15%

Source: CVE
May 23rd, 2025 (16 days ago)

CVE-2025-39490
WordPress Backpack Traveler <= 2.7 - Local File Inclusion Vulnerability
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Backpack Traveler allows PHP Local File Inclusion. This issue affects Backpack Traveler: from n/a through 2.7.

CVSS: HIGH (8.1)

EPSS Score: 0.15%

Source: CVE
May 23rd, 2025 (16 days ago)

CVE-2025-39489
WordPress CouponXL <= 4.5.0 - Privilege Escalation Vulnerability
Description: Incorrect Privilege Assignment vulnerability in pebas CouponXL allows Privilege Escalation. This issue affects CouponXL: from n/a through 4.5.0.

CVSS: CRITICAL (9.8)

EPSS Score: 0.05%

Source: CVE
May 23rd, 2025 (16 days ago)

CVE-2025-39485
WordPress GrandTour Theme <= 5.5.1 - PHP Object Injection vulnerability
Description: Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Tour | Travel Agency WordPress allows Object Injection. This issue affects Grand Tour | Travel Agency WordPress: from n/a through 5.5.1.

CVSS: CRITICAL (9.8)

EPSS Score: 0.05%

Source: CVE
May 23rd, 2025 (16 days ago)

CVE-2025-39480
WordPress Car Dealer <= 1.6.6 - PHP Object Injection Vulnerability
Description: Deserialization of Untrusted Data vulnerability in ThemeMakers Car Dealer allows Object Injection. This issue affects Car Dealer: from n/a through 1.6.6.

CVSS: CRITICAL (9.8)

EPSS Score: 0.05%

Source: CVE
May 23rd, 2025 (16 days ago)

CVE-2025-32309
WordPress Healsoul <= 2.0.2 - Local File Inclusion Vulnerability
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Healsoul allows PHP Local File Inclusion. This issue affects Healsoul: from n/a through 2.0.2.

CVSS: HIGH (8.1)

EPSS Score: 0.15%

Source: CVE
May 23rd, 2025 (16 days ago)

CVE-2025-32302
WordPress Winnex <= 1.3.2 - Local File Inclusion Vulnerability
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Winnex allows PHP Local File Inclusion. This issue affects Winnex: from n/a through 1.3.2.

CVSS: HIGH (8.1)

EPSS Score: 0.15%

Source: CVE
May 23rd, 2025 (16 days ago)