0.0
CVE-2025-64449 -
Not used
0.0
CVE-2025-64450 -
Not used
0.0
CVE-2025-64452 -
Not used
0.0
CVE-2025-64454 -
Not used
0.0
CVE-2025-64455 -
Not used
0.0
CVE-2025-64453 -
Not used
0.0
CVE-2025-64448 -
Not used
4.4
CVE-2025-12184 - MeetingList <= 0.11 - Authenticated (Admin+) Stored Cross-Site Scripting
The MeetingList plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and abβ¦
9.8
CVE-2025-12682 - Easy Upload Files During Checkout <= 2.9.8 - Unauthenticated Arbitrary JavaScript File Upload
The Easy Upload Files During Checkout plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing file type validation in the 'file_during_checkout' function in all versions up to, and including, 2.9.8. This makes it possible for unauthenticated attackers to upload arbitrβ¦
5.9
CVE-2025-12695 - Insecure configuration in DSPy lead to arbitrary file read when running untrusted code inside the sβ¦
The overly permissive sandbox configuration in DSPy allows attackers to steal sensitive files in cases when users build an AI agent which consumes user input and uses the βPythonInterpreterβ class.