9.8

CVSS3.1

CVE-2025-5392 - GB Forms DB <= 1.0.2 - Unauthenticated Remote Code Execution

The GB Forms DB plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.2 via the gbfdb_talk_to_front() function. This is due to the function accepting user input and then passing that through call_user_func(). This makes it possible for unauthenticated…

πŸ“… Published: July 11, 2025, 6:43 a.m. πŸ”„ Last Modified: April 20, 2026, 10:30 p.m.

6.4

CVSS3.1

CVE-2025-6716 - Contest Gallery <= 26.0.8 - Authenticated (Author+) Stored Cross-Site Scripting

The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons, OpenAI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'upload[1][title]' parameter in all versions up to, and including, 26.0…

πŸ“… Published: July 11, 2025, 6:43 a.m. πŸ”„ Last Modified: April 20, 2026, 8:30 p.m.

6.8

CVSS4.0

CVE-2025-5028 - Arbitrary file deletion vulnerability in ESET product installers

Installation file of ESET security products on Windows allow an attacker to misuseΒ to delete an arbitrary file without having the permissions to do so.

πŸ“… Published: July 11, 2025, 6:40 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

5.3

CVSS4.0

CVE-2025-30026 -

The AXIS Camera Station Server had a flaw that allowed to bypass authentication that is normally required.

πŸ“… Published: July 11, 2025, 6:05 a.m. πŸ”„ Last Modified: Jan. 16, 2026, 2:56 p.m.

4.8

CVSS4.0

CVE-2025-30025 -

The communication protocol used between the server process and the service control had a flaw that could lead to a local privilege escalation.

πŸ“… Published: July 11, 2025, 6:04 a.m. πŸ”„ Last Modified: Jan. 23, 2026, 9:49 p.m.

6.8

CVSS3.1

CVE-2025-30024 -

The communication protocol used between client and server had a flaw that could be leveraged to execute a man in the middle attack.

πŸ“… Published: July 11, 2025, 6:03 a.m. πŸ”„ Last Modified: Jan. 23, 2026, 9:15 p.m.

9

CVSS3.1

CVE-2025-30023 -

The communication protocol used between client and server had a flaw that could lead to an authenticated user performing a remote code execution attack.

πŸ“… Published: July 11, 2025, 6:02 a.m. πŸ”„ Last Modified: Jan. 23, 2026, 9:14 p.m.

5.9

CVSS3.1

CVE-2025-6200 - GeoDirectory < 2.8.120 - Contributor+ Stored XSS

The GeoDirectory WordPress plugin before 2.8.120 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

πŸ“… Published: July 11, 2025, 6 a.m. πŸ”„ Last Modified: Jan. 9, 2026, 9:16 p.m.

4.3

CVSS3.1

CVE-2025-2942 - Order Delivery Date Pro for WooCommerce < 12.6.0 - Unauthenticated Arbitrary Post Title Disclosure

The Order Delivery Date WordPress plugin before 12.6.0 discloses arbitrary post title (such as from draft and private posts) via an unauthenticated AJAX action, allowing attackers to retrieve such information

πŸ“… Published: July 11, 2025, 6 a.m. πŸ”„ Last Modified: July 17, 2025, 12:59 a.m.

9.8

CVSS3.1

CVE-2025-7401 - Premium Age Verification / Restriction for WordPress <= 3.0.2 - Unauthenticated Arbitrary File Read…

The Premium Age Verification / Restriction for WordPress plugin for WordPress is vulnerable to arbitrary file read and write due to the existence of an insufficiently protected remote support functionality in remote_tunnel.php in all versions up to, and including, 3.0.2. This makes it possible for …

πŸ“… Published: July 11, 2025, 4:22 a.m. πŸ”„ Last Modified: April 20, 2026, 8:30 p.m.
Total resulsts: 349182
Page 4677 of 34,919
Β« previous page Β» next page
Filters