6.5
CVE-2025-68978 - WordPress DesignThemes Core plugin <= 1.6 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes DesignThemes Core designthemes-core allows DOM-Based XSS.This issue affects DesignThemes Core: from n/a through <= 1.6.
6.5
CVE-2025-68977 - WordPress DesignThemes Portfolio Addon plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes DesignThemes Portfolio Addon designthemes-portfolio-addon allows DOM-Based XSS.This issue affects DesignThemes Portfolio Addon: from n/a through <= 1.5.
5.4
CVE-2025-68976 - WordPress Eagle Booking plugin <= 1.3.4.3 - Settings Change vulnerability
Missing Authorization vulnerability in Eagle-Themes Eagle Booking eagle-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eagle Booking: from n/a through <= 1.3.4.3.
4.3
CVE-2025-68975 - WordPress Eagle Booking plugin <= 1.3.4.3 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Eagle-Themes Eagle Booking eagle-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eagle Booking: from n/a through <= 1.3.4.3.
6.6
CVE-2025-68974 - WordPress WordPress Social Login and Register plugin <= 7.7.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in miniOrange WordPress Social Login and Register miniorange-login-openid allows PHP Local File Inclusion.This issue affects WordPress Social Login and Register: from n/a through <=โฆ
6.3
CVE-2025-15244 - PHPEMS Purchase Request race condition
A vulnerability has been found in PHPEMS up to 11.0. This impacts an unknown function of the component Purchase Request Handler. The manipulation leads to race condition. The attack may be initiated remotely. A high degree of complexity is needed for the attack. The exploitability is said to be difโฆ
6.9
CVE-2025-15243 - code-projects Simple Stock System login.php sql injection
A flaw has been found in code-projects Simple Stock System 1.0. This affects an unknown function of the file /market/login.php. Executing a manipulation of the argument Username can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used.
2.3
CVE-2025-15242 - PHPEMS Coupon race condition
A vulnerability was detected in PHPEMS up to 11.0. The impacted element is an unknown function of the component Coupon Handler. Performing a manipulation results in race condition. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is regarded as diโฆ
9.1
CVE-2025-15359 - DVP-12SE11T - Out-of-bound memory write Vulnerability
DVP-12SE11T - Out-of-bound memory write Vulnerability
7.5
CVE-2025-15358 - DVP-12SE11T - Denial of Service Vulnerability
DVP-12SE11T - Denial of Service Vulnerability