6.5
CVE-2025-68040 - WordPress WP Project Manager plugin <= 3.0.1 - Sensitive Data Exposure vulnerability
Insertion of Sensitive Information Into Sent Data vulnerability in weDevs WP Project Manager wedevs-project-manager allows Retrieve Embedded Sensitive Data.This issue affects WP Project Manager: from n/a through <= 3.0.1.
5.4
CVE-2023-41656 - WordPress Better Elementor Addons plugin <= 1.3.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in wpdive Better Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Better Elementor Addons: from n/a through 1.3.7.
5.4
CVE-2023-32238 - WordPress TheGem theme < 5.8.1.1 - Broken Access Control vulnerability
Vulnerability in CodexThemes TheGem (Elementor), CodexThemes TheGem (WPBakery).This issue affects TheGem (Elementor): from n/a before 5.8.1.1; TheGem (WPBakery): from n/a before 5.8.1.1.
6.5
CVE-2025-68498 - WordPress JetTabs plugin <= 2.2.12 - Broken Access Control vulnerability
Missing Authorization vulnerability in Crocoblock JetTabs jet-tabs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetTabs: from n/a through <= 2.2.12.
6.5
CVE-2025-68499 - WordPress JetTabs plugin <= 2.2.12 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetTabs jet-tabs allows DOM-Based XSS.This issue affects JetTabs: from n/a through <= 2.2.12.
5.3
CVE-2025-15209 - code-projects Refugee Food Management System editfood.php sql injection
A weakness has been identified in code-projects Refugee Food Management System 1.0. This affects an unknown part of the file /home/editfood.php. This manipulation of the argument a/b/c/d causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public anโฆ
6.3
CVE-2025-15284 - arrayLimit bypass in bracket notation allows DoS via memory exhaustion
Improper Input Validation vulnerability in qs (parse modules) allows HTTP DoS.This issue affects qs: < 6.14.1. Summary The arrayLimitย option in qs did not enforce limits for bracket notation (a[]=1&a[]=2), only for indexed notation (a[0]=1). This is a consistency bug; arrayLimitย should apply uniโฆ
6.9
CVE-2025-15208 - code-projects Refugee Food Management System editrefugee.php sql injection
A security flaw has been discovered in code-projects Refugee Food Management System 1.0. Affected by this issue is some unknown functionality of the file /home/editrefugee.php. The manipulation of the argument rfid results in sql injection. The attack can be launched remotely. The exploit has been โฆ
6.9
CVE-2025-15207 - Campcodes Supplier Management System view_products.php sql injection
A vulnerability has been found in Campcodes Supplier Management System 1.0. Affected is an unknown function of the file /admin/view_products.php. The manipulation of the argument chkId[] leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the puโฆ
6.9
CVE-2025-15206 - Campcodes Supplier Management System add_area.php sql injection
A flaw has been found in Campcodes Supplier Management System 1.0. This impacts an unknown function of the file /admin/add_area.php. Executing a manipulation of the argument txtAreaCode can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be useโฆ