7.1
CVE-2025-23458 - WordPress Ads24 Lite plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rakessh Ads24 Lite wp-ad-management allows Reflected XSS.This issue affects Ads24 Lite: from n/a through <= 1.0.
5.3
CVE-2025-15210 - code-projects Refugee Food Management System editrefugee.php sql injection
A security vulnerability has been detected in code-projects Refugee Food Management System 1.0. This vulnerability affects unknown code of the file /home/editrefugee.php. Such manipulation of the argument a/b/c/sex/d/e/nationality_nid leads to sql injection. The attack may be launched remotely. Theโฆ
7.5
CVE-2025-68036 - WordPress CubeWP plugin <= 1.1.27 - Broken Access Control vulnerability
Missing Authorization vulnerability in Imran Tauqeer CubeWP cubewp-framework allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CubeWP: from n/a through <= 1.1.27.
6.5
CVE-2025-68040 - WordPress WP Project Manager plugin <= 3.0.1 - Sensitive Data Exposure vulnerability
Insertion of Sensitive Information Into Sent Data vulnerability in weDevs WP Project Manager wedevs-project-manager allows Retrieve Embedded Sensitive Data.This issue affects WP Project Manager: from n/a through <= 3.0.1.
5.4
CVE-2023-41656 - WordPress Better Elementor Addons plugin <= 1.3.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in wpdive Better Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Better Elementor Addons: from n/a through 1.3.7.
5.4
CVE-2023-32238 - WordPress TheGem theme < 5.8.1.1 - Broken Access Control vulnerability
Vulnerability in CodexThemes TheGem (Elementor), CodexThemes TheGem (WPBakery).This issue affects TheGem (Elementor): from n/a before 5.8.1.1; TheGem (WPBakery): from n/a before 5.8.1.1.
6.5
CVE-2025-68498 - WordPress JetTabs plugin <= 2.2.12 - Broken Access Control vulnerability
Missing Authorization vulnerability in Crocoblock JetTabs jet-tabs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetTabs: from n/a through <= 2.2.12.
6.5
CVE-2025-68499 - WordPress JetTabs plugin <= 2.2.12 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetTabs jet-tabs allows DOM-Based XSS.This issue affects JetTabs: from n/a through <= 2.2.12.
5.3
CVE-2025-15209 - code-projects Refugee Food Management System editfood.php sql injection
A weakness has been identified in code-projects Refugee Food Management System 1.0. This affects an unknown part of the file /home/editfood.php. This manipulation of the argument a/b/c/d causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public anโฆ
6.3
CVE-2025-15284 - arrayLimit bypass in bracket notation allows DoS via memory exhaustion
Improper Input Validation vulnerability in qs (parse modules) allows HTTP DoS.This issue affects qs: < 6.14.1. Summary The arrayLimitย option in qs did not enforce limits for bracket notation (a[]=1&a[]=2), only for indexed notation (a[0]=1). This is a consistency bug; arrayLimitย should apply uniโฆ