7.5
CVE-2024-9684 -
FreyrSCADA/IEC-60870-5-104 server v21.06.008 allows remote attackers to cause a denial of service by sending specific message sequences.
7.3
CVE-2025-13183 - Stored XSS in Hotech's Otello
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hotech Software Inc. Otello allows Stored XSS.This issue affects Otello: from 2.4.0 before 2.4.4.
7.5
CVE-2024-24844 - WordPress PowerPack Pro for Elementor plugin <= 2.10.6 - Unauthenticated Plugin Settings Reset vulnโฆ
Missing Authorization vulnerability in IdeaBox Creations PowerPack Pro for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PowerPack Pro for Elementor: from n/a through 2.10.6.
5.3
CVE-2023-52210 - WordPress Product Delivery Date for WooCommerce โ Lite plugin <= 2.7.0 - Broken Access Control vulnโฆ
Vulnerability in Tyche softwares Product Delivery Date for WooCommerce โ Lite.This issue affects Product Delivery Date for WooCommerce โ Lite: from n/a through 2.7.0.
7.5
CVE-2025-68546 - WordPress Nika theme <= 1.2.14 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Nika nika allows PHP Local File Inclusion.This issue affects Nika: from n/a through <= 1.2.14.
7.5
CVE-2025-68544 - WordPress Diza theme <= 1.3.15 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Diza diza allows PHP Local File Inclusion.This issue affects Diza: from n/a through <= 1.3.15.
6.5
CVE-2025-68548 - WordPress Responsive Posts Carousel Pro plugin <= 15.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebCodingPlace Responsive Posts Carousel Pro responsive-posts-carousel-pro allows Stored XSS.This issue affects Responsive Posts Carousel Pro: from n/a through <= 15.2.
7.6
CVE-2025-68550 - WordPress WPBulky plugin <= 1.1.13 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VillaTheme WPBulky wpbulky-wp-bulk-edit-post-types allows Blind SQL Injection.This issue affects WPBulky: from n/a through <= 1.1.13.
6.5
CVE-2025-68551 - WordPress VPSUForm plugin <= 3.2.24 - Sensitive Data Exposure vulnerability
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vikas Ratudi VPSUForm v-form allows Retrieve Embedded Sensitive Data.This issue affects VPSUForm: from n/a through <= 3.2.24.
5.3
CVE-2025-68556 - WordPress HAPPY plugin <= 1.0.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in VillaTheme HAPPY happy-helpdesk-support-ticket-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HAPPY: from n/a through <= 1.0.9.