6.4
CVE-2025-8690 - Simple Responsive Slider <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Simple Responsive Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to injectβ¦
5.3
CVE-2025-4390 - WP Private Content Plus <= 3.6.2 - Unauthenticated Sensitive Information Exposure
The WP Private Content Plus plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.2 via the 'validate_restrictions' function. This makes it possible for unauthenticated attackers to extract sensitive data including the content of resticted poβ¦
6.4
CVE-2025-8685 - Wp chart generator <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpchart β¦
The Wp chart generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpchart shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated atβ¦
6.4
CVE-2025-8462 - RT Easy Builder <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
The RT Easy Builder β Advanced addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the social URL parameter in all versions up to, and including, 2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackersβ¦
8.1
CVE-2025-5391 - WooCommerce Purchase Orders <= 1.0.2 - Authenticated (Subscriber+) Arbitrary File Deletion
The WooCommerce Purchase Orders plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_file() function in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and abovβ¦
8.1
CVE-2025-42976 - Multiple vulnerabilities in SAP NetWeaver Application Server ABAP (BIC Document)
SAP NetWeaver Application Server ABAP (BIC Document) allows an authenticated attacker to craft a request that, when submitted to a BIC Document application, could cause a memory corruption error. On successful exploitation, this results in the crash of the target component. Multiple submissions canβ¦
6.1
CVE-2025-42975 - Multiple vulnerabilities in SAP NetWeaver Application Server ABAP (BIC Document)
SAP NetWeaver Application Server ABAP (BIC Document) allows an unauthenticated attacker to craft a URL link which, when accessed on the BIC Document application, embeds a malicious script. When a victim clicks on this link, the script executes in the victim's browser, allowing the attacker to accesβ¦
9.9
CVE-2025-42957 - Code Injection vulnerability in SAP S/4HANA (Private Cloud or On-Premise)
SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability effectively functions as a backdoor, creating tβ¦
3.5
CVE-2025-42955 - Missing authorization check in SAP Cloud Connector
Due to a missing authorization check in SAP Cloud Connector, an attacker on an adjacent network with low privileges could send a crafted request to the endpoint responsible for testing LDAP connections. A successful exploit could lead to reduced performance, hence a low-impact on availability of thβ¦
8.8
CVE-2025-42951 - Broken Authorization in SAP Business One (SLD)
Due to broken authorization, SAP Business One (SLD) allows an authenticated attacker to gain administrator privileges of a database by invoking the corresponding API.οΏ½As a result , it has a high impact on the confidentiality, integrity, and availability of the application.