CVE Authored by @h3xecute

6.8

CVSS3.1

CVE-2025-49303 - WordPress Frontend Admin by DynamiApps <= 3.28.7 - Arbitrary File Download Vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Shabti Kaplan Frontend Admin by DynamiApps allows Path Traversal. This issue affects Frontend Admin by DynamiApps: from n/a through 3.28.7.

📅 Published: July 4, 2025, 11:18 a.m. 🔄 Last Modified: July 4, 2025, 12:15 p.m.

7.1

CVSS3.1

CVE-2025-49866 - WordPress Beautiful Cookie Consent Banner <= 4.6.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nikel Beautiful Cookie Consent Banner allows Reflected XSS. This issue affects Beautiful Cookie Consent Banner: from n/a through 4.6.1.

📅 Published: July 4, 2025, 11:17 a.m. 🔄 Last Modified: July 4, 2025, 12:15 p.m.

9.8

CVSS3.1

CVE-2025-49867 - WordPress RealHomes <= 4.4.0 - Privilege Escalation Vulnerability

Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes allows Privilege Escalation. This issue affects RealHomes: from n/a through 4.4.0.

📅 Published: July 4, 2025, 11:17 a.m. 🔄 Last Modified: July 4, 2025, 12:15 p.m.

7.5

CVSS3.1

CVE-2025-49870 - WordPress Paid Member Subscriptions <= 2.15.1 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozmoslabs Paid Member Subscriptions allows SQL Injection. This issue affects Paid Member Subscriptions: from n/a through 2.15.1.

📅 Published: July 4, 2025, 11:17 a.m. 🔄 Last Modified: July 4, 2025, 12:15 p.m.

6.5

CVSS3.1

CVE-2025-50032 - WordPress Paytiko for WooCommerce <= 1.3.14 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Paytiko - Payment Orchestration Platform Paytiko for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Paytiko for WooCommerce: from n/a through 1.3.14.

📅 Published: July 4, 2025, 11:17 a.m. 🔄 Last Modified: July 4, 2025, 12:15 p.m.

6.5

CVSS3.1

CVE-2025-50039 - WordPress VG WORT METIS <= 2.0.0 - Broken Access Control Vulnerability

Missing Authorization vulnerability in vgwort VG WORT METIS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects VG WORT METIS: from n/a through 2.0.0.

📅 Published: July 4, 2025, 11:17 a.m. 🔄 Last Modified: July 4, 2025, 12:15 p.m.

7.2

CVSS3.1

CVE-2025-52718 - WordPress Alone <= 7.8.2 - Arbitrary Code Execution Vulnerability

Improper Control of Generation of Code ('Code Injection') vulnerability in Bearsthemes Alone allows Remote Code Inclusion. This issue affects Alone: from n/a through 7.8.2.

📅 Published: July 4, 2025, 11:17 a.m. 🔄 Last Modified: July 4, 2025, 12:15 p.m.

7.1

CVSS3.1

CVE-2025-52776 - WordPress Video List Manager <= 1.7 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thanhtungtnt Video List Manager allows Stored XSS. This issue affects Video List Manager: from n/a through 1.7.

📅 Published: July 4, 2025, 11:17 a.m. 🔄 Last Modified: July 4, 2025, 12:15 p.m.

7.1

CVSS3.1

CVE-2025-52796 - WordPress WP-Recall <= 16.26.14 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tggfref WP-Recall allows Reflected XSS. This issue affects WP-Recall: from n/a through 16.26.14.

📅 Published: July 4, 2025, 11:17 a.m. 🔄 Last Modified: July 4, 2025, 12:15 p.m.

7.1

CVSS3.1

CVE-2025-52798 - WordPress JobSearch <= 2.9.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eyecix JobSearch allows Reflected XSS. This issue affects JobSearch: from n/a through 2.9.0.

📅 Published: July 4, 2025, 11:17 a.m. 🔄 Last Modified: July 4, 2025, 12:15 p.m.

Total resulsts: 300468

Page 10 of 30,047

« previous page » next page

Filters