Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 8.1 CVE-2025-53334

WordPress Jannah Theme <= 7.4.1 - Local File Inclusion Vulnerability_CVE-2025-53334

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in TieLabs Jannah allows PHP ...

TieLabs Jannah n/a CVE
HIGH 7.7 CVE-2025-53588

WordPress UPC/EAN/GTIN Code Generator Plugin <= 2.0.2 - Arbitrary File Deletion Vulnerability_CVE-2025-53588

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Dmitry V. (CEO of "UKR Solution") UPC/EAN/GTIN Code...

Dmitry V. (CEO of "UKR Solution") UPC/EAN/GTIN Code Generator n/a CVE
HIGH 8.1 CVE-2025-53584

WordPress WP Ticket Customer Service Software & Support Ticket System Plugin <= 6.0.2 - PHP Object Injection Vulnerability_CVE-2025-53584

Deserialization of Untrusted Data vulnerability in emarket-design WP Ticket Customer Service Software & Support Ticket System allows Object Injecti...

emarket-design WP Ticket Customer Service Software & Support Ticket System n/a CVE
HIGH 7.1 CVE-2025-53579

WordPress Captcha.eu Plugin < 1.0.61 - Cross Site Scripting (XSS) Vulnerability_CVE-2025-53579

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in captcha.eu Captcha.eu allows Reflected XSS. T...

captcha.eu Captcha.eu n/a CVE
HIGH 8.1 CVE-2025-53583

WordPress Employee Spotlight Plugin <= 5.1.1 - PHP Object Injection Vulnerability_CVE-2025-53583

Deserialization of Untrusted Data vulnerability in emarket-design Employee Spotlight allows Object Injection. This issue affects Employee Spotlight...

emarket-design Employee Spotlight n/a CVE
HIGH 7.7 CVE-2025-54029

WordPress WooCommerce csv import export Plugin <= 2.0.6 - Arbitrary File Deletion Vulnerability_CVE-2025-54029

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in extendons WooCommerce csv import export allows Path...

extendons WooCommerce csv import export n/a CVE
HIGH 7.1 CVE-2025-54710

WordPress Tiktok Feed Plugin <= 1.0.21 - Broken Access Control Vulnerability_CVE-2025-54710

Missing Authorization vulnerability in bPlugins Tiktok Feed allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Tik...

bPlugins Tiktok Feed n/a CVE
HIGH 7.1 CVE-2025-54714

WordPress Zephyr Project Manager Plugin <= 3.3.201 - Broken Access Control Vulnerability_CVE-2025-54714

Missing Authorization vulnerability in Dylan James Zephyr Project Manager allows Exploiting Incorrectly Configured Access Control Security Levels. ...

Dylan James Zephyr Project Manager n/a CVE
HIGH 8.1 CVE-2025-54716

WordPress Ireca Theme <= 1.8.5 - Local File Inclusion Vulnerability_CVE-2025-54716

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme Ireca allows PHP ...

ovatheme Ireca n/a CVE
HIGH 7.1 CVE-2025-54724

WordPress Golo Theme <= 1.7.1 - Cross Site Scripting (XSS) Vulnerability_CVE-2025-54724

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxper Golo allows Reflected XSS. This issue a...

uxper Golo n/a CVE