5.3
CVE-2025-2337 - tbeu matio mat.c Mat_VarPrint heap-based overflow
A vulnerability, which was classified as critical, has been found in tbeu matio 1.5.28. This issue affects the function Mat_VarPrint of the file src/mat.c. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and maβ¦
3.5
CVE-2025-1624 - GDPR Cookie Compliance < 4.15.9 - Admin+ Stored XSS
The GDPR Cookie Compliance WordPress plugin before 4.15.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
3.5
CVE-2025-1623 - GDPR Cookie Compliance < 4.15.9 - Admin+ Stored XSS
The GDPR Cookie Compliance WordPress plugin before 4.15.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
3.5
CVE-2025-1622 - GDPR Cookie Compliance < 4.15.7 - Admin+ Stored XSS
The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
4.8
CVE-2025-1621 - GDPR Cookie Compliance < 4.15.7 - Admin+ Stored XSS
The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
4.8
CVE-2025-1620 - GDPR Cookie Compliance < 4.15.7 - Admin+ Stored XSS
The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
4.8
CVE-2025-1619 - GDPR Cookie Compliance < 4.15.7 - Admin+ Stored XSS
The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
4.8
CVE-2024-13602 - Poll Maker < 5.5.4 - Admin+ Stored XSS
The Poll Maker WordPress plugin before 5.5.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
4.6
CVE-2024-13126 - Download Manager < 3.3.07 - Unauthenticated Data Exposure
The Download Manager WordPress plugin before 3.3.07 doesn't prevent directory listing on web servers that don't use htaccess, allowing unauthorized access of files.
5.1
CVE-2025-2335 - Drivin Soluçáes API registerSchool cross site scripting
A vulnerability classified as problematic was found in Drivin Soluçáes up to 20250226. This vulnerability affects unknown code of the file /api/school/registerSchool of the component API Handler. The manipulation of the argument message leads to cross site scripting. The attack can be initiated remβ¦