Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.3 CVE-2025-52801

WordPress TheBooking Plugin <= 1.4.4 - Broken Access Control Vulnerability_CVE-2025-52801

Missing Authorization vulnerability in VonStroheim TheBooking allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects T...

VonStroheim TheBooking n/a CVE
HIGH 7.3 CVE-2025-52800

WordPress The E-Commerce ERP <= 2.1.1.3 - Broken Access Control Vulnerability_CVE-2025-52800

Missing Authorization vulnerability in Unity Business Technology Pty Ltd The E-Commerce ERP allows Accessing Functionality Not Properly Constrained...

Unity Business Technology Pty Ltd The E-Commerce ERP n/a CVE
HIGH 7.1 CVE-2025-52788

WordPress CaptionPix <= 1.8 - Cross Site Scripting (XSS) Vulnerability_CVE-2025-52788

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Russell Jamieson CaptionPix allows Reflected ...

Russell Jamieson CaptionPix n/a CVE
HIGH 7.1 CVE-2025-52785

WordPress SMM API Plugin <= 6.0.30 - Broken Access Control Vulnerability_CVE-2025-52785

Missing Authorization vulnerability in softnwords SMM API allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affec...

softnwords SMM API n/a CVE
HIGH 7.1 CVE-2025-52775

WordPress Project Cost Calculator Plugin <= 1.0.0 - Broken Access Control Vulnerability_CVE-2025-52775

Missing Authorization vulnerability in Ronik@UnlimitedWP Project Cost Calculator allows Exploiting Incorrectly Configured Access Control Security L...

Ronik@UnlimitedWP Project Cost Calculator n/a CVE
HIGH 8.8 CVE-2025-52732

WordPress Google Map Targeting Plugin <= 1.1.6 - Local File Inclusion Vulnerability_CVE-2025-52732

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RealMag777 Google Map Targ...

RealMag777 Google Map Targeting n/a CVE
HIGH 7.5 CVE-2025-52731

WordPress WordPress Event Manager, Event Calendar and Booking Plugin Plugin <= 4.0.24 - Arbitrary Content Deletion Vulnerability_CVE-2025-52731

Missing Authorization vulnerability in themefunction WordPress Event Manager, Event Calendar and Booking Plugin allows Exploiting Incorrectly Confi...

themefunction WordPress Event Manager, Event Calendar and Booking Plugin n/a CVE
HIGH 7.5 CVE-2025-52728

WordPress Responsive Posts Carousel WordPress Plugin Plugin <= 15.0 - Local File Inclusion Vulnerability_CVE-2025-52728

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WebCodingPlace Responsive ...

WebCodingPlace Responsive Posts Carousel WordPress Plugin n/a CVE
HIGH 7.5 CVE-2025-52716

WordPress WP REST Cache <= 2025.1.0 - Local File Inclusion Vulnerability_CVE-2025-52716

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Acato WP REST Cache allows...

Acato WP REST Cache n/a CVE
HIGH 8.8 CVE-2025-49869

WordPress Eventin Plugin <= 4.0.31 - PHP Object Injection Vulnerability_CVE-2025-49869

Deserialization of Untrusted Data vulnerability in Arraytics Eventin allows Object Injection. This issue affects Eventin: from n/a through 4.0.31.

Arraytics Eventin n/a CVE