7.6
CVE-2025-59129 - WordPress Appointify plugin <= 1.0.8 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in appointify Appointify appointify allows Blind SQL Injection.This issue affects Appointify: from n/a through <= 1.0.8.
4
CVE-2025-68950 - Magick's failure to limit MVG mutual references forming a loop
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, Magick fails to check for circular references between two MVGs, leading to a stack overflow. This is a DoS vulnerability, and any situation that allows reading the mvg file willโฆ
9.6
CVE-2025-52835 - WordPress WING WordPress Migrator plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in ConoHa by GMO WING WordPress Migrator wing-migrator allows Upload a Web Shell to a Web Server.This issue affects WING WordPress Migrator: from n/a through <= 1.2.0.
6.5
CVE-2025-66103 - WordPress WPCal.io plugin <= 0.9.5.9 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in revmakx WPCal.io wpcal allows DOM-Based XSS.This issue affects WPCal.io: from n/a through <= 0.9.5.9.
6.9
CVE-2025-15256 - Edimax BR-6208AC Web-based Configuration formStaDrvSetup command injection
A vulnerability was identified in Edimax BR-6208AC 1.02/1.03. Affected is the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component Web-based Configuration Interface. The manipulation of the argument rootAPmac leads to command injection. Remote exploitation of the attack is โฆ
4.3
CVE-2025-62128 - WordPress SiteLock Security plugin <= 5.0.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in SiteLock SiteLock Security โ WP Hardening, Login Security & Malware Scans sitelock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteLock Security โ WP Hardening, Login Security & Malware Scans: from n/a through <= โฆ
4.3
CVE-2025-62112 - WordPress Import into Easy Property Listings plugin <= 2.2.1 - Cross Site Request Forgery (CSRF) vuโฆ
Cross-Site Request Forgery (CSRF) vulnerability in Merv Barrett Import into Easy Property Listings easy-property-listings-xml-csv-import allows Cross Site Request Forgery.This issue affects Import into Easy Property Listings: from n/a through <= 2.2.1.
6.5
CVE-2025-66094 - WordPress Yada Wiki plugin <= 3.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dmccan Yada Wiki yada-wiki allows Stored XSS.This issue affects Yada Wiki: from n/a through <= 3.5.
5.3
CVE-2025-68618 - Magick's failure to limit the depth of SVG file reads caused a DoS attack.
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, using Magick to read a malicious SVG file resulted in a DoS attack. Version 7.1.2-12 fixes the issue.
6.5
CVE-2025-62746 - WordPress Featured Video for WordPress โ VideographyWP plugin <= 1.0.18 - Cross Site Scripting (XSSโฆ
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeFlavors Featured Video for WordPress โ VideographyWP videographywp allows Stored XSS.This issue affects Featured Video for WordPress โ VideographyWP: from n/a through <= 1.0.18.