9.8
CVE-2025-13540 - Tiare Membership <= 1.2 - Unauthenticated Privilege Escalation
The Tiare Membership plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2. This is due to the 'tiare_membership_init_rest_api_register' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attac…
8.8
CVE-2025-13680 - Tiger <= 101.2.1 - Authenticated (Subscriber+) Privilege Escalation
The Tiger theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 101.2.1. This is due to the plugin allowing a user to update the user role through the $user->set_role() function. This makes it possible for authenticated attackers, with Subscriber-level acce…
6.4
CVE-2025-12151 - Simple Folio <= 1.1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting
The Simple Folio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'portfolio_name' parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level acc…
9.8
CVE-2025-13675 - Tiger <= 101.2.1 - Unauthenticated Privilege Escalation
The Tiger theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 101.2.1. This is due to the 'paypal-submit.php' file not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'administrator'…
7.5
CVE-2025-7820 - SKT PayPal for WooCommerce <= 1.4 - Unauthenticated Payment Bypass
The SKT PayPal for WooCommerce plugin for WordPress is vulnerable to Payment Bypass in all versions up to, and including, 1.4. This is due to the plugin only enforcing client side controls instead of server-side controls when processing payments. This makes it possible for unauthenticated attackers…
9.8
CVE-2025-13538 - FindAll Listing <= 1.0.5 - Unauthenticated Privilege Escalation
The FindAll Listing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.5. This is due to the 'findall_listing_user_registration_additional_params' function not restricting what user roles a user can register with. This makes it possible for unauthen…
5.5
CVE-2025-3784 - Information Disclosure Vulnerability in GX Works2
Cleartext Storage of Sensitive Information Vulnerability in GX Works2 all versions allows an attacker to disclose credential information stored in plaintext from project files. As a result, the attacker may be able to open project files protected by user authentication using disclosed credential in…
4.8
CVE-2025-13762 - Client-Side Denial of Service Condition in SWS Extension prior to version 2.2.30305
Improper Input Validation vulnerability in CyberArk CyberArk Secure Web Sessions Extension on Chrome, Edge allows Denial of Service when trying to starting new SWS sessions.This issue affects CyberArk Secure Web Sessions Extension: before 2.2.30305.
0.0
CVE-2025-34351 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. At the request of the MITRE TL-Root and following the CVE Program’s Dispute Policy, it has been determined that this assignment did not identify a valid vulnerability based on the vendor's product security model. Additionall…
6.4
CVE-2025-12713 - Soundslides <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via soundslides Sho…
The Soundslides plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the soundslides shortcode in all versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, wit…