6.7
CVE-2025-30027 -
An ACAP configuration file lacked sufficient input validation, which could allow for arbitrary code execution. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a mali…
6.7
CVE-2025-3892 -
ACAP applications can be executed with elevated privileges, potentially leading to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious …
5.1
CVE-2025-7622 -
During an internal security assessment, a Server-Side Request Forgery (SSRF) vulnerability that allowed an authenticated attacker to access internal resources on the server was discovered.
6.4
CVE-2025-8314 - Software Issue Manager <= 5.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via noac…
The Software Issue Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘noaccess_msg parameter in all versions up to, and including, 5.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-l…
9.8
CVE-2025-8059 - B Blocks <= 2.0.6 - Missing Authorization to Unauthenticated Privilege Escalation via rgfr_registra…
The B Blocks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization and improper input validation within the rgfr_registration() function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to create a new account and as…
6.4
CVE-2025-8568 - GMap - Venturit <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'h' Parameter
The GMap Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘h’ parameter in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and abov…
6.4
CVE-2025-8688 - Inline Stock Quotes <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via stock Sho…
The Inline Stock Quotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's stock shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attac…
6.4
CVE-2025-8621 - Mosaic Generator <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'c' Parame…
The Mosaic Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘c’ parameter in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and …
6.4
CVE-2025-8690 - Simple Responsive Slider <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Simple Responsive Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject…
5.3
CVE-2025-4390 - WP Private Content Plus <= 3.6.2 - Unauthenticated Sensitive Information Exposure
The WP Private Content Plus plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.2 via the 'validate_restrictions' function. This makes it possible for unauthenticated attackers to extract sensitive data including the content of resticted po…