7.1

CVSS3.1

CVE-2025-26554 - WordPress WP Discord Post Plugin <= 2.1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WP Discord Post allows Reflected XSS. This issue affects WP Discord Post: from n/a through 2.1.0.

πŸ“… Published: March 15, 2025, 9:57 p.m. πŸ”„ Last Modified: March 17, 2025, 4:13 p.m.

7.1

CVSS3.1

CVE-2025-26553 - WordPress Pre Order Addon for WooCommerce plugin<= 1.0.7 - Reflected Cross-Site Scripting

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spring Devs Pre Order Addon for WooCommerce – Advance Order/Backorder Plugin allows Reflected XSS. This issue affects Pre Order Addon for WooCommerce – Advance Order/Backorder Plugin: from n/a thro…

πŸ“… Published: March 15, 2025, 9:57 p.m. πŸ”„ Last Modified: March 17, 2025, 4:50 p.m.

7.1

CVSS3.1

CVE-2025-26548 - WordPress Random Image Selector plugin <= 1.5.6 - Reflected Cross-Site Scripting vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Random Image Selector allows Reflected XSS. This issue affects Random Image Selector: from n/a through 2.4.

πŸ“… Published: March 15, 2025, 9:57 p.m. πŸ”„ Last Modified: March 17, 2025, 4:50 p.m.

7.1

CVSS3.1

CVE-2025-23744 - WordPress Random Posts, Mp3 Player + ShareButton plugin <= 1.4.1 - Reflected Cross Site Scripting (…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dvs11 Random Posts, Mp3 Player + ShareButton allows Reflected XSS. This issue affects Random Posts, Mp3 Player + ShareButton: from n/a through 1.4.1.

πŸ“… Published: March 15, 2025, 9:57 p.m. πŸ”„ Last Modified: March 17, 2025, 4:51 p.m.

6.5

CVSS3.1

CVE-2025-25225 - Extension - hikashop.com - Privilege escalation vulnerability Hikashop component version 1.0.0 - 5.…

A privilege escalation vulnerability in the Hikashop component versions 1.0.0-5.1.3 for Joomla allows authenticated attackers (administrator) to escalate their privileges to Super Admin Permissions.

πŸ“… Published: March 15, 2025, 6:06 p.m. πŸ”„ Last Modified: March 18, 2025, 5:15 p.m.

5.3

CVSS4.0

CVE-2025-2323 - 274056675 springboot-openai-chatgpt Number of Question questionCou updateQuestionCou behavioral wor…

A vulnerability was found in 274056675 springboot-openai-chatgpt e84f6f5. It has been declared as problematic. This vulnerability affects the function updateQuestionCou of the file /api/mjkj-chat/chat/mng/update/questionCou of the component Number of Question Handler. The manipulation leads to enfo…

πŸ“… Published: March 15, 2025, 5 p.m. πŸ”„ Last Modified: March 17, 2025, 4:53 p.m.

6.9

CVSS4.0

CVE-2025-2322 - 274056675 springboot-openai-chatgpt OpenController.java hard-coded credentials

A vulnerability was found in 274056675 springboot-openai-chatgpt e84f6f5. It has been classified as critical. This affects an unknown part of the file /chatgpt-boot/src/main/java/org/springblade/modules/mjkj/controller/OpenController.java. The manipulation leads to hard-coded credentials. It is pos…

πŸ“… Published: March 15, 2025, 1:31 p.m. πŸ”„ Last Modified: March 18, 2025, 4:18 p.m.

5.3

CVSS4.0

CVE-2025-2321 - 274056675 springboot-openai-chatgpt addData logic error

A vulnerability was found in 274056675 springboot-openai-chatgpt e84f6f5 and classified as critical. Affected by this issue is some unknown functionality of the file /api/mjkj-chat/cgform-api/addData/. The manipulation of the argument chatUserID leads to business logic errors. The attack may be lau…

πŸ“… Published: March 15, 2025, noon πŸ”„ Last Modified: March 18, 2025, 4:19 p.m.

4.3

CVSS3.1

CVE-2025-1530 - Tripetto <= 8.0.9 - Cross-Site Request Forgery to Arbitrary Results Deletion

The Tripetto plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.0.9. This is due to missing nonce validation. This makes it possible for unauthenticated attackers to delete arbitrary results via a forged request granted they can trick a site adm…

πŸ“… Published: March 15, 2025, 11:13 a.m. πŸ”„ Last Modified: March 17, 2025, 9:27 p.m.

6.5

CVSS3.1

CVE-2025-2025 - Give <= 3.22.0 - Missing Authorization to Unauthenticated Arbitrary Earning Reports Disclosure via …

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the give_reports_earnings() function in all versions up to, and including, 3.22.0. This makes it possible for unauthenticated attackers to dis…

πŸ“… Published: March 15, 2025, 11:13 a.m. πŸ”„ Last Modified: March 17, 2025, 9:27 p.m.
Total resulsts: 285658
Page 26 of 28,566
Β« previous page Β» next page
Filters