8.7
CVE-2025-13550 - D-Link DIR-822K/DWR-M920 formVpnConfigSetup buffer overflow
A vulnerability was determined in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. Impacted is an unknown function of the file /boafrm/formVpnConfigSetup. Executing manipulation of the argument submit-url can lead to buffer overflow. The attack can be executed remotely. The exploit has beenโฆ
8.7
CVE-2025-13549 - D-Link DIR-822K formNtp sub_455524 buffer overflow
A vulnerability was found in D-Link DIR-822K 1.00. This issue affects the function sub_455524 of the file /boafrm/formNtp. Performing manipulation of the argument submit-url results in buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used.
8.7
CVE-2025-13548 - D-Link DIR-822K/DWR-M920 formFirewallAdv buffer overflow
A vulnerability has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. This vulnerability affects unknown code of the file /boafrm/formFirewallAdv. Such manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been diโฆ
8.7
CVE-2025-13547 - D-Link DIR-822K/DWR-M920 formDdns memory corruption
A flaw has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. This affects an unknown part of the file /boafrm/formDdns. This manipulation of the argument submit-url causes memory corruption. The attack may be initiated remotely. The exploit has been published and may be used.
5.3
CVE-2025-13546 - ashraf-kabir travel-agency Search results.php sql injection
A vulnerability was detected in ashraf-kabir travel-agency up to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3. Affected by this issue is some unknown functionality of the file /results.php of the component Search. The manipulation of the argument user_query results in sql injection. The attack can be lโฆ
5.1
CVE-2025-13545 - ashraf-kabir travel-agency index.php sql injection
A security vulnerability has been detected in ashraf-kabir travel-agency up to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3. Affected by this vulnerability is an unknown functionality of the file /admin_area/index.php. The manipulation of the argument edit_pack leads to sql injection. The attack can beโฆ
5.3
CVE-2025-13544 - ashraf-kabir travel-agency customer_register.php unrestricted upload
A weakness has been identified in ashraf-kabir travel-agency up to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3. Affected is an unknown function of the file /customer_register.php. Executing manipulation can lead to unrestricted upload. It is possible to launch the attack remotely. The exploit has beenโฆ
7.5
CVE-2025-13526 - OneClick Chat to Order <= 1.0.8 - Insecure Direct Object Reference to Unauthenticated Sensitive Infโฆ
The OneClick Chat to Order plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.0.8 via the 'wa_order_thank_you_override' function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to viโฆ
5.3
CVE-2025-13318 - Booking Calendar Contact Form <= 1.2.60 - Missing Authorization to Unauthenticated Arbitrary Bookinโฆ
The Booking Calendar Contact Form plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.60. This is due to missing authorization checks and payment verification in the `dex_bccf_check_IPN_verification` function. This makes it possible for unauthenticaโฆ
4.3
CVE-2025-13136 - GSheetConnector For Ninja Forms <= 2.0.1 - Missing Authorization to Authenticated (Subscriber+) Sysโฆ
The GSheetConnector For Ninja Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'njform-google-sheet-config ' page in all versions up to, and including, 2.0.1. This makes it possible for authenticated attackers, with Subscriber-level acโฆ