4.3
CVE-2025-52719 - WordPress ProfileGrid plugin <= 5.9.5.2 - Full Path Disclosure (FPD) Vulnerability
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Retrieve Embedded Sensitive Data.This issue affects ProfileGrid : from n/a through <= 5.9.5.2.
7.5
CVE-2025-52715 - WordPress Classified Listing plugin <= 4.2.0 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Classified Listing classified-listing allows PHP Local File Inclusion.This issue affects Classified Listing: from n/a through <= 4.2.0.
6.4
CVE-2025-52713 - WordPress Post and Page Builder by BoldGrid β Visual Drag and Drop Editor plugin <= 1.27.8 - Serverβ¦
Server-Side Request Forgery (SSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid post-and-page-builder allows Server Side Request Forgery.This issue affects Post and Page Builder by BoldGrid: from n/a through <= 1.27.8.
4.3
CVE-2025-52711 - WordPress Post and Page Builder by BoldGrid β Visual Drag and Drop Editor plugin <= 1.27.8 - Cross β¦
Cross-Site Request Forgery (CSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid post-and-page-builder allows Cross Site Request Forgery.This issue affects Post and Page Builder by BoldGrid: from n/a through <= 1.27.8.
5.9
CVE-2025-52710 - WordPress File Manager Pro plugin <= 1.8.8 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ninja Team File Manager Pro filester allows Stored XSS.This issue affects File Manager Pro: from n/a through <= 1.8.8.
7.5
CVE-2025-52708 - WordPress HUSKY plugin <= 1.3.7 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RealMag777 HUSKY woocommerce-products-filter allows PHP Local File Inclusion.This issue affects HUSKY: from n/a through <= 1.3.7.
6.5
CVE-2025-52707 - WordPress Firelight Lightbox plugin <= 2.3.16 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Firelight Firelight Lightbox easy-fancybox allows Stored XSS.This issue affects Firelight Lightbox: from n/a through <= 2.3.16.
5.3
CVE-2025-6346 - SourceCodester Advance Charity Management System fundDetails.php sql injection
A vulnerability was found in SourceCodester Advance Charity Management System 1.0. It has been classified as critical. This affects an unknown part of the file /members/fundDetails.php. The manipulation of the argument m06 leads to sql injection. It is possible to initiate the attack remotely. The β¦
8.1
CVE-2025-3319 - IBM Spectrum Protect Server authentication bypass
IBM Spectrum Protect Server 8.1 through 8.1.26 could allow attacker to bypass authentication due to improper session authentication which can result in access to unauthorized resources.
4.3
CVE-2025-3228 - Unauthorized Guest user access to Playbook
Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to properly retrieve requestorInfo from playbooks handler for guest users which allows an attacker access to the playbook run.