8.2

CVSS3.1

CVE-2025-7038 - LatePoint <= 5.1.94 - Unauthenticated Authentication Bypass via load_step Function

The LatePoint plugin for WordPress is vulnerable to Authentication Bypass due to insufficient identity verification within the steps__load_step route of the latepoint_route_call AJAX endpoint in all versions up to, and including, 5.1.94. The endpoint reads the client-supplied customer email and rel…

📅 Published: Sept. 30, 2025, 4:27 a.m. 🔄 Last Modified: April 20, 2026, 9:45 p.m.

6.4

CVSS3.1

CVE-2025-6941 - LatePoint <= 5.1.94 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the 'latepoint_resources' shortcode in all versions up to, and including, 5.1.94 due to insufficient input sanitization and output escaping…

📅 Published: Sept. 30, 2025, 4:27 a.m. 🔄 Last Modified: April 20, 2026, 7:30 p.m.

5.5

CVSS3.1

CVE-2025-6815 - LatePoint <= 5.1.94 - Authenticated (Administrator+) Stored Cross-Site Scripting

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘service[name]’ parameter in all versions up to, and including, 5.1.94 due to insufficient input sanitization and output escaping. This makes it possible for…

📅 Published: Sept. 30, 2025, 4:27 a.m. 🔄 Last Modified: April 22, 2026, 2:30 p.m.

8.7

CVSS4.0

CVE-2025-59668 -

Multiple versions of Central Monitor CNS-6201 contain a NULL pointer dereference vulnerability. When processing a crafted certain UDP packet, the affected device may abnormally terminate.

📅 Published: Sept. 30, 2025, 4:06 a.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

6.4

CVSS3.1

CVE-2025-8777 - planetcalc <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via language Parameter

The planetcalc plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘language’ parameter in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and a…

📅 Published: Sept. 30, 2025, 3:35 a.m. 🔄 Last Modified: April 21, 2026, 2:45 a.m.

6.4

CVSS3.1

CVE-2025-10196 - SurveyAnyplace Plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Survey Anyplace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'surveyanyplace_embed' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for auth…

📅 Published: Sept. 30, 2025, 3:35 a.m. 🔄 Last Modified: April 21, 2026, 2:45 a.m.

6.1

CVSS3.1

CVE-2025-9946 - LockerPress – WordPress Security Plugin <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Sc…

The LockerPress – WordPress Security Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inj…

📅 Published: Sept. 30, 2025, 3:35 a.m. 🔄 Last Modified: April 20, 2026, 9:45 p.m.

6.4

CVSS3.1

CVE-2025-8214 - The Pack Elementor addon <= 2.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Ty…

The The Pack Elementor addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Typing Letter widget in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authent…

📅 Published: Sept. 30, 2025, 3:35 a.m. 🔄 Last Modified: April 20, 2026, 9:45 p.m.

6.4

CVSS3.1

CVE-2025-10128 - Eulerpool Research Systems <= 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Eulerpool Research Systems plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'aaq' shortcode in all versions up to, and including, 4.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authentica…

📅 Published: Sept. 30, 2025, 3:35 a.m. 🔄 Last Modified: April 21, 2026, 2:45 a.m.

6.4

CVSS3.1

CVE-2025-8608 - Mihdan: Elementor Yandex Maps <= 1.6.11 - Authenticated (Contributor+) Stored Cross-Site Scripting …

The Mihdan: Elementor Yandex Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block attributes in all versions up to, and including, 1.6.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authe…

📅 Published: Sept. 30, 2025, 3:35 a.m. 🔄 Last Modified: April 20, 2026, 9:45 p.m.
Total resulsts: 349182
Page 3632 of 34,919
« previous page » next page
Filters