High - CVE-2025-5014 - The Home Villas | Real Estate WordPress Theme...
The Home Villas | Real Estate WordPress Theme theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'wp_rem_cs_widget_file_delete'...
High - CVE-2025-5339 - The Ads Pro Plugin - Multi-Purpose WordPress...
The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘bsa_pro_id’ parameter in all versions up to, and including,...
Critical - CVE-2025-5746 - The Drag and Drop Multiple File Upload (Pro) -...
The Drag and Drop Multiple File Upload (Pro) - WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the dnd_upload_cf7_upload_chunks()...
High - CVE-2025-5817 - The Amazon Products to WooCommerce plugin for...
The Amazon Products to WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2.7 via the wcta2w_get_urls(). This makes it possible...
High - CVE-2025-6437 - The Ads Pro Plugin - Multi-Purpose WordPress...
The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to SQL Injection via the ‘oid’ parameter in all versions up to, and including, 4.89 due to...
High - CVE-2025-6459 - The Ads Pro Plugin - Multi-Purpose WordPress...
The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.89. This is due to missing...
Medium - CVE-2025-6686 - The Magic Buttons for Elementor plugin for...
The Magic Buttons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's magic-button shortcode in all versions up to, and including, 1.0 due to...
Medium - CVE-2025-6687 - The Magic Buttons for Elementor plugin for...
The Magic Buttons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's magic-button shortcode in all versions up to, and including, 1.0 due to...
NA - CVE-2025-52462 - Cross-site scripting vulnerability exists in...
Cross-site scripting vulnerability exists in Active! mail 6 BuildInfo: 6.30.01004145 to 6.60.06008562. If this vulnerability is exploited, an arbitrary script may be executed on the logged-in...
NA - CVE-2025-52463 - Cross-site request forgery vulnerability exists...
Cross-site request forgery vulnerability exists in Active! mail 6 BuildInfo: 6.60.06008562 and earlier. If this vulnerability is exploited, unintended E-mail may be sent when a user accesses a...