6.5
CVE-2025-68868 - WordPress Wp Text Slider Widget plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codeaffairs Wp Text Slider Widget wp-text-slider-widget allows Stored XSS.This issue affects Wp Text Slider Widget: from n/a through <= 1.0.
7.5
CVE-2025-68870 - WordPress CookieHint WP plugin <= 1.0.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in reDim GmbH CookieHint WP cookiehint-wp allows PHP Local File Inclusion.This issue affects CookieHint WP: from n/a through <= 1.0.0.
7.1
CVE-2025-68876 - WordPress Invelity SPS connect plugin <= 1.0.8 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in INVELITY Invelity SPS connect invelity-sps-connect allows Reflected XSS.This issue affects Invelity SPS connect: from n/a through <= 1.0.8.
7.5
CVE-2025-68877 - WordPress CedCommerce Integration for Good Market plugin <= 1.0.6 - Local File Inclusion vulnerabilβ¦
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in cedcommerce CedCommerce Integration for Good Market ced-good-market-integration allows PHP Local File Inclusion.This issue affects CedCommerce Integration for Good Market: from nβ¦
6.9
CVE-2025-15195 - code-projects Assessment Management add-module.php sql injection
A vulnerability was determined in code-projects Assessment Management 1.0. Affected by this issue is some unknown functionality of the file /admin/add-module.php. This manipulation of the argument linked[] causes sql injection. The attack can be initiated remotely. The exploit has been publicly disβ¦
6.9
CVE-2025-69211 - Nest has a Fastify URL Encoding Middleware Bypass (TOCTOU)
Nest is a framework for building scalable Node.js server-side applications. Versions prior to 11.1.11 have a Fastify URL encoding middleware bypass. A NestJS application is vulnerable if it uses `@nestjs/platform-fastify`; relies on `NestMiddleware` (via `MiddlewareConsumer`) for security checks (aβ¦
7.1
CVE-2025-68878 - WordPress Advanced Custom CSS plugin <= 1.1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in prasadkirpekar Advanced Custom CSS advanced-custom-css allows Reflected XSS.This issue affects Advanced Custom CSS: from n/a through <= 1.1.0.
7.1
CVE-2025-68879 - WordPress Content Grid Slider plugin <= 1.5 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in councilsoft Content Grid Slider content-grid-slider allows Reflected XSS.This issue affects Content Grid Slider: from n/a through <= 1.5.
4.9
CVE-2025-68893 - WordPress WordPress Image shrinker plugin <= 1.1.0 - Server Side Request Forgery (SSRF) vulnerabiliβ¦
Server-Side Request Forgery (SSRF) vulnerability in HETWORKS WordPress Image shrinker wp-image-shrinker allows Server Side Request Forgery.This issue affects WordPress Image shrinker: from n/a through <= 1.1.0.
9.9
CVE-2025-68897 - WordPress IF AS Shortcode plugin <= 1.2 - Remote Code Execution (RCE) vulnerability
Improper Control of Generation of Code ('Code Injection') vulnerability in Mohammad I. Okfie IF AS Shortcode if-as-shortcode allows Code Injection.This issue affects IF AS Shortcode: from n/a through <= 1.2.