7.5
CVE-2025-7442 - WPGYM - Wordpress Gym Management System < 67.8.0 - Unauthenticated SQL Injection
The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to SQL Injection via several parameters in the MJ_gmgt_delete_class_limit_for_member, MJ_gmgt_get_yearly_income_expense, MJ_gmgt_get_monthly_income_expense, MJ_gmgt_add_class_limit, MJ_gmgt_view_meeting_detail, and MJ_gm…
6.4
CVE-2025-6068 - FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel <= 2.4.31 - Auth…
The FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `data-caption-title` & `data-caption-description` HTML attributes in all versions up to, and including, 2.4.31 due to insufficient input s…
6.4
CVE-2025-5530 - WPC Smart Compare for WooCommerce <= 6.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripti…
The WPC Smart Compare for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shortcode_btn' shortcode in all versions up to, and including, 6.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib…
5.3
CVE-2025-6745 - WoodMart <= 8.2.5 - Unauthenticated Post Disclosure
The WoodMart plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 8.2.5 via the woodmart_get_posts_by_query() function due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data fr…
6.5
CVE-2025-4593 - WP Register Profile With Shortcode <= 3.6.2 - Authenticated (Contributor+) Sensitive Information Ex…
The WP Register Profile With Shortcode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.2 via the 'rp_user_data' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive…
2.3
CVE-2025-5992 - Passing values outside of expected range to QColorTransferGenericFunction can cause a denial of ser…
When passing values outside of the expected range to QColorTransferGenericFunction it can cause a denial of service, for example, this can happen when passing a specifically crafted ICC profile to QColorSpace::fromICCProfile.This issue affects Qt from 6.6.0 through 6.8.3, from 6.9.0 through 6.9.1. …
9.8
CVE-2025-5392 - GB Forms DB <= 1.0.2 - Unauthenticated Remote Code Execution
The GB Forms DB plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.2 via the gbfdb_talk_to_front() function. This is due to the function accepting user input and then passing that through call_user_func(). This makes it possible for unauthenticated…
6.4
CVE-2025-6716 - Contest Gallery <= 26.0.8 - Authenticated (Author+) Stored Cross-Site Scripting
The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons, OpenAI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'upload[1][title]' parameter in all versions up to, and including, 26.0…
6.8
CVE-2025-5028 - Arbitrary file deletion vulnerability in ESET product installers
Installation file of ESET security products on Windows allow an attacker to misuse to delete an arbitrary file without having the permissions to do so.
5.3
CVE-2025-30026 -
The AXIS Camera Station Server had a flaw that allowed to bypass authentication that is normally required.