7.1
CVE-2018-25165 - Galaxy Forces MMORPG 0.5.8 SQL Injection via ads.php
Galaxy Forces MMORPG 0.5.8 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'type' parameter. Attackers can send POST requests to ads.php with crafted SQL payloads in the type parameter to extract seโฆ
8.7
CVE-2018-25164 - EverSync 0.5 Arbitrary File Download via files Directory
EverSync 0.5 contains an arbitrary file download vulnerability that allows unauthenticated attackers to access sensitive files by requesting them directly from the files directory. Attackers can send GET requests to the files directory to download database files like db.sq3 containing application dโฆ
8.8
CVE-2018-25163 - BitZoom 1.0 SQL Injection via rollno Parameter
BitZoom 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the rollno and username parameters in forgot.php and login.php. Attackers can submit crafted POST requests with SQL UNION statements to extrโฆ
7.1
CVE-2018-25162 - 2-Plan Team 1.0.4 Arbitrary File Upload via managefile.php
2-Plan Team 1.0.4 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload executable PHP files by sending multipart form data to managefile.php. Attackers can upload PHP files through the userfile1 parameter with action=upload, which are stored in the files dirโฆ
8.8
CVE-2018-25161 - Warranty Tracking System 11.06.3 SQL Injection via SearchCustomer.php
Warranty Tracking System 11.06.3 contains an SQL injection vulnerability that allows attackers to execute arbitrary SQL queries by injecting malicious code through the txtCustomerCode, txtCustomerName, and txtPhone POST parameters in SearchCustomer.php. Attackers can submit crafted SQL statements uโฆ
4.3
CVE-2026-28080 - WordPress Rank Math SEO PRO plugin <= 3.0.96 - Broken Access Control vulnerability
Missing Authorization vulnerability in Rank Math Rank Math SEO PRO seo-by-rank-math-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rank Math SEO PRO: from n/a through <= 3.0.96.
4.7
CVE-2026-28106 - WordPress B2BKing Premium plugin < 5.4.20 - Open Redirection vulnerability
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Kings Plugins B2BKing Premium allows Phishing.This issue affects B2BKing Premium: from n/a before 5.4.20.
5.9
CVE-2024-35644 - WordPress Preferred Languages plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pascal Birchler Preferred Languages allows DOM-Based XSS.This issue affects Preferred Languages: from n/a through 2.2.2.
5.1
CVE-2026-1468 - Cross-Site Request Forgery in QuickCMS
QuickCMS is vulnerable to Cross-Site Request Forgery across multiple endpoints. An attacker can craft special website, which when visited by the victim, will automatically send a POST request with victim's privileges. This software does not implement any protection against this type of attack. All โฆ
7.5
CVE-2026-3589 - WooCommerce < 10.5.3 - Arbitrary Admin User Creation via CSRF
The WooCommerce WordPress plugin from versions 5.4.0 to 10.5.2 does not properly handle batch requests, which could allow unauthenticated users to make a logged in admin call non store/WC REST endpoints, and create arbitrary admin users via a CSRF attack for example.