7.5
CVE-2025-46255 - WordPress LoginWP - Pro Plugin <= 4.0.8.5 - Settings Change vulnerability
Missing Authorization vulnerability in Marketing Fire LLC LoginWP - Pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LoginWP - Pro: from n/a through 4.0.8.5.
0.0
CVE-2026-21867 -
Reason: This candidate was issued in error.
4.3
CVE-2025-53344 - WordPress Thim Core Plugin <= 2.3.3 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in ThimPress Thim Core allows Cross Site Request Forgery.This issue affects Thim Core: from n/a through 2.3.3.
0.0
CVE-2024-53735 - WordPress iPhone Webclip Manager plugin <= 0.5 - CSRF to Stored XSS vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in corourke iPhone Webclip Manager iphone-webclip-manager allows Stored XSS.This issue affects iPhone Webclip Manager: from n/a through <= 0.5.
7.5
CVE-2024-30516 - WordPress Booking Package plugin <= 1.6.27 - Price Manipulation vulnerability
Improper Validation of Specified Quantity in Input vulnerability in SaasProject Booking Package allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booking Package: from n/a through 1.6.27.
7.1
CVE-2024-30461 - WordPress Tumult Hype Animations plugin <= 1.9.11 - CSRF to XSS vulnerability
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tumult Inc Tumult Hype Animations allows DOM-Based XSS.This issue affects Tumult Hype Animations: from n/a through 1.9.11.
9.3
CVE-2025-14346 -
WHILL Model C2 Electric Wheelchairs and Model F Power Chairs do not enforce authentication for Bluetooth connections. An attacker within range can pair with the device and issue movement commands, override speed restrictions, and manipulate configuration profiles without any credentials or user intβ¦
9.8
CVE-2025-15029 - An unauthenticated user is able to introduce SQL Injection using the Awie export module
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon Infra Monitoring (Awie export modules) allows SQL Injection to unauthenticated user. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.3, from 24β¦
5.3
CVE-2026-0597 - Campcodes Supplier Management System edit_profile.php sql injection
A flaw has been found in Campcodes Supplier Management System 1.0. Affected by this issue is some unknown functionality of the file /retailer/edit_profile.php. This manipulation of the argument txtRetailerAddress causes sql injection. Remote exploitation of the attack is possible. The exploit has bβ¦
9.8
CVE-2025-15026 - Unauthenticated configuration import allows administrative account creation using AWIE component
Missing Authentication for Critical Function vulnerability in Centreon Infra Monitoring centreon-awie (Awie import module) allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.3, from 24.04.0 beβ¦