CVE-2025-48290

by | Nov 12, 2025

Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in bslthemes Kinsley kinsley allows PHP Local File Inclusion.This issue affects Kinsley: from n/a through <= 3.4.4.

CVE-2025-48090

by | Nov 12, 2025

Path Traversal: ‘…/…//’ vulnerability in CocoBasic Blanka – One Page WordPress Theme blanka-wp allows PHP Local File Inclusion.This issue affects Blanka – One Page WordPress Theme: from n/a through < 1.5.

CVE-2025-48089

by | Nov 12, 2025

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Rainbow-Themes Education WordPress Theme | HiStudy histudy allows SQL Injection.This issue affects Education WordPress Theme | HiStudy: from n/a through...

CVE-2025-48086

by | Nov 12, 2025

Deserialization of Untrusted Data vulnerability in wpdreams Ajax Search Lite ajax-search-lite allows Object Injection.This issue affects Ajax Search Lite: from n/a through <= 4.13.3.

CVE-2025-48085

by | Nov 12, 2025

Cross-Site Request Forgery (CSRF) vulnerability in ZIPANG Simple Stripe simple-stripe allows Stored XSS.This issue affects Simple Stripe: from n/a through <= 0.9.17.