9.3
CVE-2025-2776 - SysAid On-Prem <= 23.3.40 serverurl Proceessing XML External Entity Injection
SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives.
9.3
CVE-2025-2775 - SysAid On-Prem <= 23.3.40 Checkin Proceessing XML External Entity Injection
SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives.
0.0
CVE-2025-47692 - WordPress ContentStudio plugin <= 1.3.5 - Broken Access Control Vulnerability
Missing Authorization vulnerability in contentstudio Contentstudio contentstudio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contentstudio: from n/a through <= 1.3.5.
0.0
CVE-2025-47691 - WordPress Ultimate Member plugin <= 2.10.3 - Arbitrary Function Call vulnerability
Improper Control of Generation of Code ('Code Injection') vulnerability in Ultimate Member Ultimate Member ultimate-member allows Code Injection.This issue affects Ultimate Member: from n/a through <= 2.10.3.
9.8
CVE-2025-47688 - WordPress Advanced File Manager plugin <= 5.3.1 - Broken Access Control to Notice Dismissal vulneraβ¦
Missing Authorization vulnerability in Saad Iqbal Advanced File Manager file-manager-advanced allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced File Manager: from n/a through <= 5.3.1.
0.0
CVE-2025-47686 - WordPress DELUCKS SEO plugin <= 2.5.9 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DELUCKS DELUCKS SEO delucks-seo allows Stored XSS.This issue affects DELUCKS SEO: from n/a through <= 2.5.9.
0.0
CVE-2025-47685 - WordPress Contribuinte Checkout plugin <= 2.0.03 - Cross Site Request Forgery (CSRF) to Stored XSS β¦
Cross-Site Request Forgery (CSRF) vulnerability in Moloni Contribuinte Checkout contribuinte-checkout allows Stored XSS.This issue affects Contribuinte Checkout: from n/a through <= 2.0.03.
0.0
CVE-2025-47684 - WordPress Smaily for WP plugin <= 3.1.7 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Smaily Smaily for WP smaily-for-wp allows Cross Site Request Forgery.This issue affects Smaily for WP: from n/a through <= 3.1.7.
0.0
CVE-2025-47683 - WordPress WP Maintenance plugin <= 6.1.9.7 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in Florent Maillefaud WP Maintenance wp-maintenance allows Object Injection.This issue affects WP Maintenance: from n/a through <= 6.1.9.7.
0.0
CVE-2025-47681 - WordPress Web Accessibility with Max Access plugin <= 2.0.9 - Cross Site Request Forgery (CSRF) Vulβ¦
Cross-Site Request Forgery (CSRF) vulnerability in Ability, Inc Web Accessibility with Max Access accessibility-toolbar allows Cross Site Request Forgery.This issue affects Web Accessibility with Max Access: from n/a through <= 2.0.9.