7.8
CVE-2025-48903 -
Permission bypass vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect availability.
6.6
CVE-2025-48902 -
Vulnerability of uncontrolled system resource applications in the setting module Impact: Successful exploitation of this vulnerability may affect availability.
4.8
CVE-2025-5727 - SourceCodester Student Result Management System Announcement Page announcement cross site scripting
A vulnerability classified as problematic has been found in SourceCodester Student Result Management System 1.0. This affects an unknown part of the file /script/academic/announcement of the component Announcement Page. The manipulation of the argument Title leads to cross site scripting. It is posβ¦
4.8
CVE-2025-5726 - SourceCodester Student Result Management System Division System Page division-system cross site scrβ¦
A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /script/academic/division-system of the component Division System Page. The manipulation of the argument Division leadβ¦
8.8
CVE-2023-2921 - Short URL <= 1.6.8 - Subscriber+ SQLi
The Short URL WordPress plugin through 1.6.8 does not properly sanitise and escape a parameter before using it in SQL statement, leading to a SQL injection exploitable by users with relatively low privilege on the site, like subscribers.
4.8
CVE-2025-5725 - SourceCodester Student Result Management System Grading System Page grading-system cross site scripβ¦
A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /script/academic/grading-system of the component Grading System Page. The manipulation of the argument Remarkβ¦
4.8
CVE-2025-5724 - SourceCodester Student Result Management System Subjects Page subjects cross site scripting
A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /script/academic/subjects of the component Subjects Page. The manipulation of the argument Subject leads to cross site scripting. It iβ¦
6.4
CVE-2025-1777 - BM Content Builder <= 3.16.2.1 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-β¦
The BM Content Builder plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the 'ux_cb_page_options_save' function in all versions up to, and including, 3.16.2.1. This makes it possible for authenticated attackers, with subscriber-level access andβ¦
4.3
CVE-2025-1778 - Art Theme <= 3.12.2.3 - Missing Authorization to Authenticated (Subscriber+) Theme Option Delete
The Art Theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'arttheme_theme_option_restore' AJAX function in all versions up to, and including, 3.12.2.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to deleβ¦
4.8
CVE-2025-5723 - SourceCodester Student Result Management System Classes Page classes cross site scripting
A vulnerability was found in SourceCodester Student Result Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /script/academic/classes of the component Classes Page. The manipulation of the argument Class Name leads to cross site scripting. Tβ¦