6.4
CVE-2025-5539 - Simplify Contact Management: WP Easy Contact <= 4.0.0 - Authenticated (Contributor+) Stored Cross-Sβ¦
The Simple Contact Form Plugin for WordPress β WP Easy Contact plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'emd_mb_meta' shortcode in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping on user supplied attributeβ¦
6.9
CVE-2025-5560 - PHPGurukul Curfew e-Pass Management System index.php sql injection
A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /index.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has β¦
5.3
CVE-2025-5558 - PHPGurukul Teacher Subject Allocation Management System changeimage.php sql injection
A vulnerability was found in PHPGurukul Teacher Subject Allocation Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/changeimage.php. The manipulation of the argument editid leads to sql injection. The attack may be initiated remotely. Tβ¦
6.4
CVE-2025-5532 - Faculty Staff and Student Directory Plugin β Campus Directory <= 1.9.0 - Authenticated (Contributorβ¦
The Campus Directory β Faculty, Staff & Student Directory Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'emd_mb_meta' shortcode in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping on user suβ¦
6.4
CVE-2025-5531 - Staff Directory β Employee Directory for WordPress <= 4.5.0 - Authenticated (Contributor+) Stored Cβ¦
The Employee Directory β Staff Listing & Team Directory Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'emd_mb_meta' shortcode in all versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping on user suppβ¦
5.3
CVE-2025-5557 - PHPGurukul Teacher Subject Allocation Management System edit-course.php sql injection
A vulnerability has been found in PHPGurukul Teacher Subject Allocation Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/edit-course.php. The manipulation of the argument editid leads to sql injection. The attack can be initiated remotely.β¦
5.3
CVE-2025-5556 - PHPGurukul Teacher Subject Allocation Management System edit-teacher-info.php sql injection
A vulnerability, which was classified as critical, was found in PHPGurukul Teacher Subject Allocation Management System 1.0. This affects an unknown part of the file /admin/edit-teacher-info.php. The manipulation of the argument editid leads to sql injection. It is possible to initiate the attack rβ¦
5.3
CVE-2025-5554 - PHPGurukul Rail Pass Management System pass-bwdates-reports-details.php sql injection
A vulnerability, which was classified as critical, has been found in PHPGurukul Rail Pass Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/pass-bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. The attβ¦
6.9
CVE-2025-5553 - PHPGurukul Rail Pass Management System download-pass.php sql injection
A vulnerability classified as critical was found in PHPGurukul Rail Pass Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /download-pass.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The expβ¦
5.3
CVE-2025-5552 - ChestnutCMS API Endpoint exec deserialization
A vulnerability was found in ChestnutCMS up to 15.1. It has been declared as critical. This vulnerability affects unknown code of the file /dev-api/groovy/exec of the component API Endpoint. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been discloβ¦