4.2
CVE-2025-58412 -
A improper neutralization of script-related html tags in a web page (basic xss) vulnerability in Fortinet FortiADC 8.0.0, FortiADC 7.6.0 through 7.6.3, FortiADC 7.4 all versions, FortiADC 7.2 all versions may allow attacker to execute unauthorized code or commands via crafted URL.
7.3
CVE-2025-11446 -
Insertion of Sensitive Information into Log File vulnerability in upKeeper Solutions upKeeper Manager allows Use of Known Domain Credentials.This issue affects upKeeper Manager: from 5.2.0 before 5.2.12.
8
CVE-2025-13035 - Code Snippets <= 3.9.1 - Authenticated (Contributor+) PHP Code Injection via extract() and PHP Filtβ¦
The Code Snippets plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 3.9.1. This is due to the plugin's use of extract() on attacker-controlled shortcode attributes within the `evaluate_shortcode_from_flat_file` method, which can be used to overwrite the β¦
7.2
CVE-2025-13206 - GiveWP - Donation Plugin and Fundraising Platform <= 4.13.0 - Unauthenticated Stored Cross-Site Scrβ¦
The GiveWP β Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βnameβ parameter in all versions up to, and including, 4.13.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackβ¦
7.2
CVE-2025-12484 - Giveaways and Contests by RafflePress β Get More Website Traffic, Email Subscribers, and Social Folβ¦
The Giveaways and Contests by RafflePress β Get More Website Traffic, Email Subscribers, and Social Followers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple social media username parameters in all versions up to, and including, 1.12.19 due to insufficient input sanitβ¦
8.3
CVE-2025-11243 - Allocation of Resources Without Limits or Throttling in Shelly Pro 4PM
Allocation of Resources Without Limits or Throttling vulnerability in Shelly Pro 4PM (before v1.6) allows Excessive Allocation via network.
8.3
CVE-2025-12056 - Out-of-bounds Read in Shelly Pro 3EM
Out-of-bounds Read in Shelly Pro 3EMΒ (before v1.4.4) allows Overread Buffers.
5.3
CVE-2025-12535 - SureForms <= 1.13.1 - Cross-Site Request Forgery Protection Bypass via Improper Nonce Distribution
The SureForms plugin for WordPress is vulnerable to Cross-Site Request Forgery Bypass in all versions up to, and including, 1.13.1. This is due to the plugin distributing generic WordPress REST API nonces (wp_rest) to unauthenticated users via the 'wp_ajax_nopriv_rest-nonce' action. While the plugiβ¦
4.3
CVE-2025-13085 - SiteSEO β SEO Simplified <= 1.3.2 - Insecure Direct Object Reference to Sensitive Post Meta Disclosβ¦
The SiteSEO β SEO Simplified plugin for WordPress is vulnerable to Improper Authorization leading to Sensitive Post Meta Disclosure in versions up to and including 1.3.2. This is due to missing object-level authorization checks in the resolve_variables() AJAX handler. This makes it possible for autβ¦
9.8
CVE-2025-12057 - WavePlayer < 3.8.0 - Unauthenticated Arbitrary File Upload
The WavePlayer WordPress plugin before 3.8.0 does not have authorization in an AJAX action as well as does not validate the file to be copied locally, allowing unauthenticated users to upload arbitrary file on the server and lead to RCE