6.5
CVE-2025-69334 - WordPress Wishlist for WooCommerce plugin <= 3.3.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Wishlist for WooCommerce wish-list-for-woocommerce allows Stored XSS.This issue affects Wishlist for WooCommerce: from n/a through <= 3.3.0.
4.3
CVE-2025-69331 - WordPress Theater for WordPress plugin <= 0.19 - Broken Access Control vulnerability
Missing Authorization vulnerability in Jeroen Schmit Theater for WordPress theatre allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Theater for WordPress: from n/a through <= 0.19.
4.3
CVE-2025-69327 - WordPress Car Rental Manager plugin <= 1.0.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in magepeopleteam Car Rental Manager car-rental-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Car Rental Manager: from n/a through <= 1.0.9.
7.1
CVE-2025-69084 - WordPress Photo Gallery plugin <= 2.7.7.26 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gt3themes Photo Gallery gt3-photo-video-gallery allows Reflected XSS.This issue affects Photo Gallery: from n/a through <= 2.7.7.26.
7.1
CVE-2025-69085 - WordPress JobBank plugin <= 1.2.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e-plugins JobBank jobbank allows Reflected XSS.This issue affects JobBank: from n/a through <= 1.2.2.
8.1
CVE-2025-69086 - WordPress Issabella theme <= 1.1.2 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jwsthemes Issabella issabella allows PHP Local File Inclusion.This issue affects Issabella: from n/a through <= 1.1.2.
7.6
CVE-2025-36589 -
Dell Unisphere for PowerMax, version(s) 9.2.4.x, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access to data and resources outside of the intendedβ¦
5.9
CVE-2025-63082 - Joomla! Core - [20260101] - Inadequate content filtering for data URLs
Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in img tags.
5.9
CVE-2025-63083 - Joomla! Core - [20260102] - XSS vector in the pagebreak plugin
Lack of output escaping leads to a XSS vector in the pagebreak plugin.
8.6
CVE-2020-36917 - iDS6 DSSPro Digital Signage System 6.2 Cleartext Password Disclosure via Cookie
iDS6 DSSPro Digital Signage System 6.2 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept authentication credentials through cleartext cookie transmission. Attackers can exploit the autoSave feature to capture user passwords during man-in-the-middle β¦