5.3
CVE-2025-15393 - Kohana KodiCMS Layout API Endpoint file.php save code injection
A security vulnerability has been detected in Kohana KodiCMS up to 13.82.135. This impacts the function Save of the file cms/modules/kodicms/classes/kodicms/model/file.php of the component Layout API Endpoint. The manipulation of the argument content leads to code injection. The attack can be initiβ¦
5.4
CVE-2025-66153 - WordPress Headinger for Elementor plugin <= 1.1.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in merkulove Headinger for Elementor headinger-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Headinger for Elementor: from n/a through <= 1.1.4.
5.3
CVE-2025-15392 - Kohana KodiCMS Search API Endpoint page.php like sql injection
A weakness has been identified in Kohana KodiCMS up to 13.82.135. This affects the function like of the file cms/modules/pages/classes/kodicms/model/page.php of the component Search API Endpoint. Executing manipulation of the argument keyword can lead to sql injection. It is possible to launch the β¦
5.3
CVE-2025-15391 - D-Link DIR-806A SSDP Request ssdpcgi_main command injection
A weakness has been identified in D-Link DIR-806A 100CNb11. Affected is the function ssdpcgi_main of the component SSDP Request Handler. This manipulation causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. This vβ¦
5.9
CVE-2025-49355 - WordPress Accessibility Press plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ikaes Accessibility Press ilogic-accessibility allows Stored XSS.This issue affects Accessibility Press: from n/a through <= 1.0.2.
5.9
CVE-2025-49337 - WordPress Dashboard Beacon plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in janhenckens Dashboard Beacon wp-dashboard-beacon allows Stored XSS.This issue affects Dashboard Beacon: from n/a through <= 1.2.0.
5.9
CVE-2025-59135 - WordPress Behance Portfolio Manager plugin <= 1.7.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eleopard Behance Portfolio Manager portfolio-manager-powered-by-behance allows Stored XSS.This issue affects Behance Portfolio Manager: from n/a through <= 1.7.5.
5.9
CVE-2025-62989 - WordPress Cooked plugin <= 1.11.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gora Tech Cooked cooked allows Stored XSS.This issue affects Cooked: from n/a through <= 1.11.3.
7.1
CVE-2025-23608 - WordPress LIVE TV plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Omar Mohamed Mohamoud LIVE TV live-tv allows Reflected XSS.This issue affects LIVE TV: from n/a through <= 1.2.
5.4
CVE-2025-62088 - WordPress WordPress & WooCommerce Scraper plugin, Import Data from Any Site plugin <= 1.0.7 - Serveβ¦
Server-Side Request Forgery (SSRF) vulnerability in extendons WordPress & WooCommerce Scraper Plugin, Import Data from Any Site wp_scraper allows Server Side Request Forgery.This issue affects WordPress & WooCommerce Scraper Plugin, Import Data from Any Site: from n/a through <= 1.0.7.