6.9
CVE-2025-6056 -
Timing difference in password reset in Ergon Informatik AG's Airlock IAM 7.7.9, 8.0.8, 8.1.7, 8.2.4 and 8.3.1 allows unauthenticated attackers to enumerate usernames.
6.1
CVE-2025-6740 - Contact Form 7 Database Addon <= 1.3.1 - Unauthenticated Stored Cross-Site Scripting via tmpD Paramβ¦
The Contact Form 7 Database Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βtmpDβ parameter in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitraβ¦
0.0
CVE-2025-23970 - WordPress Service Finder Booking plugin <= 6.1 - Privilege Escalation Vulnerability
Incorrect Privilege Assignment vulnerability in aonetheme Service Finder Booking sf-booking allows Privilege Escalation.This issue affects Service Finder Booking: from n/a through <= 6.1.
0.0
CVE-2025-24771 - WordPress Content Manager Light plugin <= 3.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes Content Manager Light content-manager-light allows Reflected XSS.This issue affects Content Manager Light: from n/a through <= 3.2.
0.0
CVE-2025-24780 - WordPress Printcart Web to Print Product Designer for WooCommerce plugin <= 2.4.0 - SQL Injection Vβ¦
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in printcart Printcart Web to Print Product Designer for WooCommerce printcart-integration allows SQL Injection.This issue affects Printcart Web to Print Product Designer for WooCommerce: from n/a thrβ¦
0.0
CVE-2025-28968 - WordPress WP Wall plugin <= 1.7.3 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vladimir Prelovac WP Wall wp-wall allows Reflected XSS.This issue affects WP Wall: from n/a through <= 1.7.3.
0.0
CVE-2025-28976 - WordPress Email Address Security by WebEmailProtector plugin <= 3.3.6 - Cross Site Scripting (XSS) β¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dsrodzin Email Address Security by WebEmailProtector webemailprotector allows Stored XSS.This issue affects Email Address Security by WebEmailProtector: from n/a through <= 3.3.6.
0.0
CVE-2025-28978 - WordPress SB Breadcrumbs plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hung Trang Si SB Breadcrumbs sb-breadcrumbs allows Reflected XSS.This issue affects SB Breadcrumbs: from n/a through <= 1.0.
0.0
CVE-2025-28980 - WordPress Aviation Weather from NOAA plugin <= 0.7.2 - Arbitrary File Deletion Vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in machouinard Aviation Weather from NOAA aviation-weather-from-noaa allows Path Traversal.This issue affects Aviation Weather from NOAA: from n/a through <= 0.7.2.
9.8
CVE-2025-28983 - WordPress Click & Pledge Connect plugin <= 25.04010101-WP6.8 - Privilege Escalation via SQL Injectiβ¦
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ClickandPledge Click & Pledge Connect allows Privilege Escalation. This issue affects Click & Pledge Connect: from 25.04010101 through WP6.8.