5.1
CVE-2025-7816 - PHPGurukul Apartment Visitors Management System HTTP POST Request visitor-detail.php cross site scrβ¦
A vulnerability, which was classified as problematic, was found in PHPGurukul Apartment Visitors Management System 1.0. Affected is an unknown function of the file /visitor-detail.php of the component HTTP POST Request Handler. The manipulation of the argument visname leads to cross site scripting.β¦
4.8
CVE-2025-7815 - PHPGurukul Apartment Visitors Management System HTTP POST Request manage-newvisitors.php cross siteβ¦
A vulnerability, which was classified as problematic, has been found in PHPGurukul Apartment Visitors Management System 1.0. This issue affects some unknown processing of the file /manage-newvisitors.php of the component HTTP POST Request Handler. The manipulation of the argument visname leads to cβ¦
7.2
CVE-2015-10133 - Subscribe to Comments <= 2.1.2 - Local File Includion
The Subscribe to Comments for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.1.2 via the Path to header value. This allows authenticated attackers, with administrative privileges and above, to include and execute arbitrary files on the server, allowing the execuβ¦
9.8
CVE-2012-10019 - Front-end Editor < 2.3 - Arbitrary File Upload
The Front End Editor plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the upload.php file in versions before 2.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote codβ¦
9.8
CVE-2016-15043 - WP Mobile Detector <= 3.5 - Arbitrary File Upload
The WP Mobile Detector plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in resize.php file in versions up to, and including, 3.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may makβ¦
9.8
CVE-2015-10135 - WPshop 2 β E-Commerce < 1.3.9.6 - Arbitrary File Upload
The WPshop 2 β E-Commerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajaxUpload function in versions before 1.3.9.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may makβ¦
7.5
CVE-2015-10136 - GI-Media Library < 3.0 - Directory Traversal
The GI-Media Library plugin for WordPress is vulnerable to Directory Traversal in versions before 3.0 via the 'fileid' parameter. This allows unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
7.5
CVE-2015-10134 - Simple Backup <= 2.7.10 - Arbitrary File Download via Path Traversal
The Simple Backup plugin for WordPress is vulnerable to Arbitrary File Download in versions up to, and including, 2.7.10. via the download_backup_file function. This is due to a lack of capability checks and file type validation. This makes it possible for attackers to download sensitive files suchβ¦
6.4
CVE-2025-6997 - ThemeREX Addons <= 2.35.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via trx_addoβ¦
The ThemeREX Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.35.1.1 due to insufficient input sanitization and output escaping. The pluginβs SVG rendering routine calls the trx_addons_get_svg_from_file() function β¦
5.3
CVE-2025-6720 - Vchasno Kasa <= 1.0.3 - Unauthenticated Log File Clearing
The Vchasno Kasa plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the clear_all_log() function in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers to clear log files.