5.1
CVE-2025-15382 - Client SCP Request Triggers Buffer Overread by 1 Byte
A heap buffer over-read vulnerability exists in the wolfSSH_CleanPath() function in wolfSSH. An authenticated remote attacker can trigger the issue via crafted SCP path input containing '/./' sequences, resulting in a heap over read by 1 byte.
8.1
CVE-2025-32304 - WordPress WPCHURCH plugin <= 2.7.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mojoomla WPCHURCH church-management allows PHP Local File Inclusion.This issue affects WPCHURCH: from n/a through <= 2.7.0.
9.4
CVE-2025-14942 - Authentication Bypass
wolfSSHβs key exchange state machine can be manipulated to leak the clientβs password in the clear, trick the client to send a bogus signature, or trick the client into skipping user authentication. This affects client applications with wolfSSH version 1.4.21 and earlier. Users of wolfSSH must updaβ¦
9.8
CVE-2025-39477 - WordPress InWave Jobs Plugin <= 3.5.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in Sfwebservice InWave Jobs iwjob allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects InWave Jobs: from n/a through <= 3.5.8.
6.5
CVE-2024-31088 - WordPress AdsPlace'r β Ad Manager, Inserter, AdSense Ads plugin <= 1.1.5 - Cross Site Scripting (XSβ¦
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPShop.Ru AdsPlace'r β Ad Manager, Inserter, AdSense Ads allows DOM-Based XSS.This issue affects AdsPlace'r β Ad Manager, Inserter, AdSense Ads: from n/a through 1.1.5.
7.1
CVE-2024-30547 - WordPress Header Image Slider plugin <= 0.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Shazdeh Header Image Slider header-image-slider allows DOM-Based XSS.This issue affects Header Image Slider: from n/a through 0.3.
8.8
CVE-2025-47553 - WordPress DZS Video Gallery plugin <= 12.39 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Digital zoom studio DZS Video Gallery dzs-videogallery allows Object Injection.This issue affects DZS Video Gallery: from n/a through <= 12.39.
8.1
CVE-2025-69083 - WordPress FrappΓ© theme <= 1.8 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes FrappΓ© frappe allows PHP Local File Inclusion.This issue affects FrappΓ©: from n/a through <= 1.8.
5.3
CVE-2025-69364 - WordPress Breeze plugin <= 2.2.21 - Broken Access Control vulnerability
Missing Authorization vulnerability in Cloudways Breeze breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through <= 2.2.21.
6.5
CVE-2025-69363 - WordPress Responsive Addons for Elementor plugin <= 2.0.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in CyberChimps Responsive Addons for Elementor responsive-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Addons for Elementor: from n/a through <= 2.0.8.