4.4
CVE-2025-54626 -
Pointer dangling vulnerability in the cjwindow module. Impact: Successful exploitation of this vulnerability may affect function stability.
5.7
CVE-2025-54624 -
Unexpected injection event vulnerability in the multimodalinput module. Impact: Successful exploitation of this vulnerability may affect availability.
6.4
CVE-2025-7502 - WPBakery Page Builder for WordPress <= 8.5 - Authenticated (Contributor+) Stored Cross-Site Scripti…
The WPBakery Page Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several shortcodes in all versions up to, and including, 8.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated…
6.5
CVE-2025-6986 - FileBird – WordPress Media Library Folders & File Manager <= 6.4.8 - Authenticated (Author+) SQL In…
The FileBird – WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to SQL Injection via the 'search' parameter in all versions up to, and including, 6.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL…
6.4
CVE-2025-6256 - Flex Guten <= 1.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via thumbnailHoverEf…
The Flex Guten plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘thumbnailHoverEffect’ parameter in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-leve…
6.4
CVE-2025-6690 - WP Tournament Registration <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via …
The WP Tournament Registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘field’ parameter in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev…
7.5
CVE-2025-7036 - CleverReach WP <= 1.5.20 - Unauthenticated SQL Injection via title Parameter
The CleverReach® WP plugin for WordPress is vulnerable to time-based SQL Injection via the ‘title’ parameter in all versions up to, and including, 1.5.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible…
6.4
CVE-2025-6259 - esri-map-view <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via esri-map-view…
The esri-map-view plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's esri-map-view shortcode in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated a…
6.3
CVE-2025-54623 -
Out-of-bounds read vulnerability in the devicemanager module. Impact: Successful exploitation of this vulnerability may affect availability.
8.3
CVE-2025-54622 -
Binding authentication bypass vulnerability in the devicemanager module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.