5.1
CVE-2025-15250 - 08CMS Novel System Template mtpls.inc.php code injection
A security vulnerability has been detected in 08CMS Novel System up to 3.4. This issue affects some unknown processing of the file admina/mtpls.inc.php of the component Template Handler. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit has been dβ¦
5.1
CVE-2025-15249 - zhujunliang3 work_platform Content cross site scripting
A weakness has been identified in zhujunliang3 work_platform up to 6bc5a50bb527ce27f7906d11ea6ec139beb79c31. This vulnerability affects unknown code of the component Content Handler. Executing manipulation can lead to cross site scripting. The attack may be performed from remote. This product utiliβ¦
5.1
CVE-2025-15248 - sunhailin12315 product-review εεθ―δ»·η³»η» Write a Review cross site scripting
A security flaw has been discovered in sunhailin12315 product-review εεθ―δ»·η³»η» up to 91ead6890b4065bb45b7602d0d73348e75cb4639. This affects an unknown part of the component Write a Review. Performing manipulation of the argument content results in cross site scripting. The attack is possible to be carβ¦
4.3
CVE-2025-14426 - Strong Testimonials <= 3.2.18 - Missing Authorization to Authenticated (Contributor+) Rating Meta Uβ¦
The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'edit_rating' function in all versions up to, and including, 3.2.18. This makes it possible for authenticated attackers with Contributor-level access and above toβ¦
6.9
CVE-2025-15247 - gmg137 snap7-rs client.rs download heap-based overflow
A vulnerability was identified in gmg137 snap7-rs up to 153d3e8c16decd7271e2a5b2e3da4d6f68589424. Affected by this issue is the function snap7_rs::client::S7Client::download of the file client.rs. Such manipulation leads to heap-based buffer overflow. The attack can be executed remotely. The exploiβ¦
5.3
CVE-2025-15246 - aizuda snail-job API FurySerializer.deserialize deserialization
A vulnerability was determined in aizuda snail-job up to 1.7.0 on macOS. Affected by this vulnerability is the function FurySerializer.deserialize of the component API. This manipulation of the argument argsStr causes deserialization. Remote exploitation of the attack is possible. The exploit has bβ¦
7.2
CVE-2025-14509 - Lucky Wheel for WooCommerce β Spin a Sale <= 1.1.13 - Authenticated (Administrator+) PHP Code Injecβ¦
The Lucky Wheel for WooCommerce β Spin a Sale plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.1.13. This is due to the plugin using eval() to execute user-supplied input from the 'Conditional Tags' setting without proper validation or sanitization. Tβ¦
5.1
CVE-2025-15245 - D-Link DCS-850L Firmware Update Service uploadfirmware path traversal
A vulnerability was found in D-Link DCS-850L 1.02.09. Affected is the function uploadfirmware of the component Firmware Update Service. The manipulation of the argument DownloadFile results in path traversal. The attack must originate from the local network. The exploit has been made public and couβ¦
5.3
CVE-2025-69093 - WordPress ShopMagic plugin <= 4.7.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in wpdesk ShopMagic shopmagic-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShopMagic: from n/a through <= 4.7.2.
6.5
CVE-2025-69092 - WordPress Essential Addons for Elementor plugin <= 6.5.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows DOM-Based XSS.This issue affects Essential Addons for Elementor: from n/a through <= 6.5.3.