Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.1 CVE-2025-53212

WordPress Revolution Video Player With Bottom Playlist <= 2.9.2 - Cross Site Scripting (XSS) Vulnerability_CVE-2025-53212

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Revolution Video Player With Bot...

LambertGroup Revolution Video Player With Bottom Playlist n/a CVE
HIGH 7.5 CVE-2025-53210

WordPress ZoloBlocks Plugin <= 2.3.2 - Local File Inclusion Vulnerability_CVE-2025-53210

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in bdthemes ZoloBlocks allows...

bdthemes ZoloBlocks n/a CVE
HIGH 7.5 CVE-2025-53208

WordPress Maya Business <= 1.2.0 - Insecure Direct Object References (IDOR) Vulnerability_CVE-2025-53208

Authorization Bypass Through User-Controlled Key vulnerability in paymayapg Maya Business allows Accessing Functionality Not Properly Constrained b...

paymayapg Maya Business n/a CVE
HIGH 8.1 CVE-2025-53207

WordPress WP Travel Gutenberg Blocks plugin <= 3.9.0 - Local File Inclusion Vulnerability_CVE-2025-53207

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Travel WP Travel Gutenb...

WP Travel WP Travel Gutenberg Blocks n/a CVE
HIGH 7.1 CVE-2025-53205

WordPress Radio Player Shoutcast & Icecast <= 4.4.7 - Cross Site Scripting (XSS) Vulnerability_CVE-2025-53205

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Radio Player Shoutcast & Icecast...

LambertGroup Radio Player Shoutcast & Icecast n/a CVE
HIGH 8.1 CVE-2025-53204

WordPress eventlist plugin <= 1.9.2 - Local File Inclusion Vulnerability_CVE-2025-53204

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme eventlist allows ...

ovatheme eventlist n/a CVE
HIGH 7.1 CVE-2025-53201

WordPress Jobmonster <= 4.7.8 - Cross Site Scripting (XSS) Vulnerability_CVE-2025-53201

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NooTheme Jobmonster allows Reflected XSS. Thi...

NooTheme Jobmonster n/a CVE
HIGH 8.1 CVE-2025-53198

WordPress Houzez theme <= 4.0.4 - Local File Inclusion Vulnerability_CVE-2025-53198

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in favethemes Houzez allows P...

favethemes Houzez n/a CVE
HIGH 8.5 CVE-2025-53194

WordPress JetEngine <= 3.7.0 - Remote Code Execution (RCE) Vulnerability_CVE-2025-53194

Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Crocoblock JetEngine allows Code Injection. This issue affec...

Crocoblock JetEngine n/a CVE
HIGH 7.2 CVE-2025-54012

WordPress Welcart e-Commerce Plugin <= 2.11.16 - PHP Object Injection Vulnerability_CVE-2025-54012

Deserialization of Untrusted Data vulnerability in nanbu Welcart e-Commerce allows Object Injection. This issue affects Welcart e-Commerce: from n/...

nanbu Welcart e-Commerce n/a CVE