0.0
CVE-2025-1486 - WoWPth <= 2.0 - Reflected XSS
The WoWPth WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
0.0
CVE-2025-1436 - Limit Bio <= 1.0 - Stored XSS via CSRF
The Limit Bio WordPress plugin through 1.0 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
0.0
CVE-2025-1401 - WP Click Info <= 2.7.4 - Reflected XSS
The WP Click Info WordPress plugin through 2.7.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
0.0
CVE-2024-13891 - Schedule <= 1.0.0 - Reflected XSS
The Schedule WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
0.0
CVE-2024-13885 - WP E Customers <= 0.0.1 - Reflected XSS
The WP e-Customers Beta WordPress plugin through 0.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
0.0
CVE-2024-13884 - Limit Bio <= 1.0 - Reflected XSS
The Limit Bio WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
3.7
CVE-2024-8402 - Improper Neutralization of Special Elements used in a Command ('Command Injection') in GitLab
An issue was discovered in GitLab EE affecting all versions starting from 17.2 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2. An input validation issue in the Google Cloud IAM integration feature could have enabled a Maintainer to introdβ¦
4.4
CVE-2024-12380 - Generation of Error Message Containing Sensitive Information in GitLab
An issue was discovered in GitLab EE/CE affecting all versions starting from 11.5 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2. Certain user inputs in repository mirroring settings could potentially expose sensitive authentication inforβ¦
6.5
CVE-2024-13054 - Allocation of Resources Without Limits or Throttling in GitLab
An issue was discovered in GitLab CE/EE affecting all versions before 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2. where a denial of service vulnerability could allow an attacker to cause a system reboot under certain conditions.
4.3
CVE-2025-0652 - Incorrect Authorization in GitLab
An issue has been discovered in GitLab EE/CE affecting all versions starting from 16.9 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2 could allow unauthorized users to access confidential information intended for internal use only.