7.2
CVE-2025-11204 - RegistrationMagic β Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.6.β¦
The RegistrationMagic β Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 6.0.6.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existβ¦
5.3
CVE-2025-11431 - code-projects Web-Based Inventory and POS System transaction.php sql injection
A vulnerability was determined in code-projects Web-Based Inventory and POS System 1.0. The impacted element is an unknown function of the file /transaction.php. This manipulation of the argument shopid causes sql injection. The attack is possible to be carried out remotely. The exploit has been puβ¦
6.9
CVE-2025-11430 - SourceCodester Simple E-Commerce Bookstore cart.php sql injection
A vulnerability was found in SourceCodester Simple E-Commerce Bookstore 1.0. The affected element is an unknown function of the file /cart.php. The manipulation of the argument remove results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.
9.8
CVE-2025-10587 - Community Events <= 1.5.1 - Unauthenticated SQL Injection
The Community Events plugin for WordPress is vulnerable to SQL Injection via the event_category parameter in all versions up to, and including, 1.5.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible forβ¦
8.1
CVE-2025-10494 - Motors β Car Dealership & Classified Listings Plugin <= 1.4.89 - Authenticated (Subscriber+) Arbitrβ¦
The Motors β Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation when deleting profile pictures in all versions up to, and including, 1.4.89. This makes it possible for authenticated attackers, with Subscβ¦
5.3
CVE-2025-11426 - projectworlds Advanced Library Management System edit_book.php unrestricted upload
A security flaw has been discovered in projectworlds Advanced Library Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit_book.php. The manipulation of the argument image results in unrestricted upload. It is possible to launch the attack remotely. Thβ¦
4.8
CVE-2025-11425 - projectworlds Advanced Library Management System edit_admin.php cross site scripting
A vulnerability was identified in projectworlds Advanced Library Management System 1.0. Affected is an unknown function of the file /edit_admin.php. The manipulation of the argument firstname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly avaiβ¦
6.9
CVE-2025-11424 - code-projects Web-Based Inventory and POS System login.php sql injection
A vulnerability was determined in code-projects Web-Based Inventory and POS System 1.0. This impacts an unknown function of the file /login.php. Executing manipulation of the argument emailid can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosedβ¦
9.3
CVE-2025-11423 - Tenda CH22 SafeEmailFilter formSafeEmailFilter memory corruption
A vulnerability was found in Tenda CH22 1.0.0.1. This affects the function formSafeEmailFilter of the file /goform/SafeEmailFilter. Performing a manipulation of the argument page results in memory corruption. The attack is possible to be carried out remotely. The exploit has been made public and coβ¦
6.9
CVE-2025-11422 - Campcodes Advanced Online Voting Management System login.php sql injection
A vulnerability has been found in Campcodes Advanced Online Voting Management System 1.0. The impacted element is an unknown function of the file /admin/login.php. Such manipulation of the argument Username leads to sql injection. The attack can be executed remotely. The exploit has been disclosed β¦