June 24, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Multiple GitHUB Products Vulnerabilities
April 7, 2025Multiple Apple Products Vulnerabilities
April 7, 2025Multiple GitHUB Products Vulnerabilities
April 7, 2025Multiple Apple Products Vulnerabilities
April 7, 2025
Severity
High
Analysis Summary
CVE-2025-32204 CVSS:7.6
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in rocketelements Split Test For Elementor allows SQL Injection. This issue affects Split Test For Elementor: from n/a through 1.8.2.
CVE-2025-32203 CVSS:7.6
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in manu225 Falling things allows SQL Injection. This issue affects Falling things: from n/a through 1.08.
CVE-2025-32159 CVSS:7.5
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Radius Blocks allows PHP Local File Inclusion. This issue affects Radius Blocks: from n/a through 2.2.1.
CVE-2025-32157 CVSS:7.5
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Jakub Glos Sparkle Elementor Kit allows PHP Local File Inclusion. This issue affects Sparkle Elementor Kit: from n/a through 2.0.9.
CVE-2025-32156 CVSS:7.5
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Alex Prokopenko / JustCoded Just Post Preview Widget allows PHP Local File Inclusion. This issue affects Just Post Preview Widget: from n/a through 1.1.1.
CVE-2025-32155 CVSS:7.5
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in markkinchin Beds24 Online Booking allows PHP Local File Inclusion. This issue affects Beds24 Online Booking: from n/a through 2.0.26.
CVE-2025-32153 CVSS:7.5
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in vinagecko VG WooCarousel allows PHP Local File Inclusion. This issue affects VG WooCarousel: from n/a through 1.3.
Impact
- Data Manipulation
- Gain Access
Indicators of Compromise
CVE
CVE-2025-32204
CVE-2025-32203
CVE-2025-32159
CVE-2025-32157
CVE-2025-32156
CVE-2025-32155
CVE-2025-32153
Affected Vendors
- WordPress
Affected Products
- rocketelements Split Test For Elementor - n/a
- manu225 Falling things - n/a
- RadiusTheme Radius Blocks - n/a
- Jakub Glos Sparkle Elementor Kit - n/a
- Alex Prokopenko / JustCoded Just Post Preview Widget - n/a
- markkinchin Beds24 Online Booking - n/a
- vinagecko VG WooCarousel - n/a
Remediation
Update the WordPress plugin to the latest available version.