7.5
CVE-2025-1385 - Fail input validation in clickhouse-library-bridge API could lead to RCE under specific configuratiβ¦
When the library bridge feature is enabled, the clickhouse-library-bridge exposes an HTTP API on localhost. This allows clickhouse-server to dynamically load a library from a specified path and execute it in an isolated process. Combined with the ClickHouse table engine functionality that permits fβ¦
6.4
CVE-2025-2108 - 140+ Widgets | Xpro Addons For Elementor β FREE <= 1.4.7.1 - Authenticated (Contributor+) Stored Crβ¦
The 140+ Widgets | Xpro Addons For Elementor β FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βSite Titleβ widget's 'title_tag' and 'html_tag' parameters in all versions up to, and including, 1.4.6.8 due to insufficient input sanitization and output escaping. This maβ¦
0.0
CVE-2024-13881 - LinkMyPosts <= 1.0 - Reflected XSS
The Link My Posts WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
0.0
CVE-2024-13880 - My Quota <= 1.0.8 - Reflected XSS
The My Quota WordPress plugin through 1.0.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
0.0
CVE-2024-13878 - SpotBot <= 0.1.8 - Reflected XSS
The SpotBot WordPress plugin through 0.1.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
0.0
CVE-2024-13877 - Passbeemedia Web Push Notifications <= 1.0.0 - Reflected XSS
The Passbeemedia Web Push Notification WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
0.0
CVE-2024-13876 - Meintopf <= 0.2.1 - Reflected XSS
The mEintopf WordPress plugin through 0.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
0.0
CVE-2024-13875 - WP Programmmanager <= 1.2 - Reflected XSS
The WP-PManager WordPress plugin through 1.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
7.4
CVE-2025-22228 - CVE-2025-22228: Spring Security BCryptPasswordEncoder does not enforce maximum password length
BCryptPasswordEncoder.matches(CharSequence,String)Β will incorrectly return trueΒ for passwords larger than 72 characters as long as the first 72 characters are the same.
5.3
CVE-2025-1766 - Event Manager, Events Calendar, Tickets, Registrations β Eventin <= 4.0.24 - Missing Authorization β¦
The Event Manager, Events Calendar, Tickets, Registrations β Eventin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'payment_complete' function in all versions up to, and including, 4.0.24. This makes it possible for unauthenticated β¦