6.5

CVSS3.1

CVE-2025-62757 - WordPress WebMan Amplifier plugin <= 1.5.12 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebMan Design | Oliver Juhas WebMan Amplifier webman-amplifier allows DOM-Based XSS.This issue affects WebMan Amplifier: from n/a through <= 1.5.12.

πŸ“… Published: Dec. 31, 2025, 11:53 a.m. πŸ”„ Last Modified: April 23, 2026, 3:34 p.m.

6.5

CVSS3.1

CVE-2025-62991 - WordPress Minamaze theme <= 1.10.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thinkupthemes Minamaze minamaze allows Stored XSS.This issue affects Minamaze: from n/a through <= 1.10.1.

πŸ“… Published: Dec. 31, 2025, 11:51 a.m. πŸ”„ Last Modified: April 23, 2026, 3:34 p.m.

6.5

CVSS3.1

CVE-2025-63032 - WordPress Consulting theme <= 1.5.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thinkupthemes Consulting consulting allows Stored XSS.This issue affects Consulting: from n/a through <= 1.5.0.

πŸ“… Published: Dec. 31, 2025, 11:50 a.m. πŸ”„ Last Modified: April 23, 2026, 3:34 p.m.

8.7

CVSS4.0

CVE-2025-15389 - QNO Technology|VPN Firewall - OS Command Injection

VPN Firewall developed by QNO Technology has an OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server.

πŸ“… Published: Dec. 31, 2025, 9:12 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

7.1

CVSS3.1

CVE-2025-49028 - WordPress Zoho ZeptoMail plugin <= 3.3.1 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerab…

Cross-Site Request Forgery (CSRF) vulnerability in Zoho Mail Zoho ZeptoMail transmail allows Stored XSS.This issue affects Zoho ZeptoMail: from n/a through <= 3.3.1.

πŸ“… Published: Dec. 31, 2025, 9:05 a.m. πŸ”„ Last Modified: April 23, 2026, 3:31 p.m.

8.7

CVSS4.0

CVE-2025-15388 - QNO Technology|VPN Firewall - OS Command Injection

VPN Firewall developed by QNO Technology has an OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server.

πŸ“… Published: Dec. 31, 2025, 9:01 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.5

CVSS3.1

CVE-2025-62136 - WordPress Melos theme <= 1.6.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thinkupthemes Melos melos allows Stored XSS.This issue affects Melos: from n/a through <= 1.6.0.

πŸ“… Published: Dec. 31, 2025, 9 a.m. πŸ”„ Last Modified: April 23, 2026, 3:34 p.m.

6.5

CVSS3.1

CVE-2025-62992 - WordPress Everest Backup plugin <= 2.3.11 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in everestthemes Everest Backup everest-backup allows Path Traversal.This issue affects Everest Backup: from n/a through <= 2.3.11.

πŸ“… Published: Dec. 31, 2025, 8:59 a.m. πŸ”„ Last Modified: April 23, 2026, 3:34 p.m.

6.5

CVSS3.1

CVE-2025-62137 - WordPress Shuttle theme <= 1.5.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shuttlethemes Shuttle shuttle allows Stored XSS.This issue affects Shuttle: from n/a through <= 1.5.0.

πŸ“… Published: Dec. 31, 2025, 8:57 a.m. πŸ”„ Last Modified: April 23, 2026, 3:34 p.m.

6.5

CVSS3.1

CVE-2025-62758 - WordPress Funnelforms Free plugin <= 3.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Funnelforms Funnelforms Free funnelforms-free allows DOM-Based XSS.This issue affects Funnelforms Free: from n/a through <= 3.8.

πŸ“… Published: Dec. 31, 2025, 8:55 a.m. πŸ”„ Last Modified: April 23, 2026, 3:34 p.m.
Total resulsts: 349182
Page 2331 of 34,919
Β« previous page Β» next page
Filters