6.4
CVE-2025-5116 - WP Plugin Info Card <= 5.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via containโฆ
The WP Plugin Info Card plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the โcontaineridโ parameter in all versions up to, and including, 5.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-leveโฆ
6.4
CVE-2025-4420 - Vayu Blocks <= 1.3.1 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripโฆ
The Vayu Blocks โ Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the โcontainerWidthโ parameter in all versions up to, and including, 1.3.1 due to a missing capability check on the vayu_blocks_option_panel_callback() function and iโฆ
6.4
CVE-2025-1725 - Bit File Manager โ 100% Free & Open Source File Manager and Code Editor for WordPress <= 6.7 - Authโฆ
The Bit File Manager โ 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 6.7 due to insufficient input sanitization and output escaping. This makes it possibโฆ
7
CVE-2025-46355 -
Incorrect default permissions issue in PC Time Tracer prior to 5.2. If exploited, arbitrary code may be executed with SYSTEM privilege on Windows system where the product is running by a local authenticated attacker.
6.9
CVE-2025-41428 -
Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in TimeWorks 10.0 to 10.3. If exploited, arbitrary JSON files on the server may be viewed by a remote unauthenticated attacker.
0.0
CVE-2025-49208 -
Not used
0.0
CVE-2025-49209 -
Not used
0.0
CVE-2025-49210 -
Not used
0.0
CVE-2025-49202 -
Not used
0.0
CVE-2025-49203 -
Not used