6.1
CVE-2025-3598 - Coupon Affiliates β Affiliate Plugin for WooCommerce <= 6.3.0 - Reflected Cross-Site Scripting via β¦
The Coupon Affiliates β Affiliate Plugin for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the commission_summary parameter in all versions up to, and including, .6.3.0 due to insufficient input sanitization and output escaping. This makes it possible for unauβ¦
0.0
CVE-2025-39469 - WordPress Modal Survey plugin <= 2.0.2.0.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pantherius Modal Survey modal-survey.This issue affects Modal Survey: from n/a through <= 2.0.2.0.1.
0.0
CVE-2025-39470 - WordPress Ivy School theme <= 1.6.0 - Local File Inclusion Vulnerability
Path Traversal: '.../...//' vulnerability in ThimPress Ivy School ivy-school allows PHP Local File Inclusion.This issue affects Ivy School: from n/a through <= 1.6.0.
0.0
CVE-2025-39471 - WordPress Modal Survey plugin <= 2.0.2.0.1 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in pantherius Modal Survey modal-survey.This issue affects Modal Survey: from n/a through <= 2.0.2.0.1.
9.8
CVE-2025-42599 -
Active! mail 6 BuildInfo: 6.60.05008561 and earlier contains a stack-based buffer overflow vulnerability. Receiving a specially crafted request created and sent by a remote unauthenticated attacker may lead to arbitrary code execution and/or a denial-of-service (DoS) condition.
4.4
CVE-2025-2613 - Login Manager β Design Login Page, View Login Activity, Limit Login Attempts <= 2.0.5 - Authenticatβ¦
The Login Manager β Design Login Page, View Login Activity, Limit Login Attempts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Custom logo and background URLs in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes iβ¦
6.4
CVE-2024-13650 - Piotnet Addons For Elementor <= 2.4.36 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'PAFE Before After Image Comparison Slider' widget in all versions up to, and including, 2.4.36 due to insufficient input sanitization and output escaping. This makes it possible for authenticβ¦
8.1
CVE-2025-3520 - Avatar <= 0.1.4 - Authenticated (Subscriber+) Arbitrary File Deletion
The Avatar plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in a function in all versions up to, and including, 0.1.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the sβ¦
8.2
CVE-2025-0467 - GPU DDK - rgxfw_hwperf_get_packet_buffer OOB write
Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory.
8.6
CVE-2025-25427 - XSS in TP-Link TL-WR841N v14/v14.6/v14.8 Upnp page
A stored cross-site scripting (XSS) vulnerability in the upnp.htm page of the web Interface in TP-Link WR841N v14/v14.6/v14.8 <= Build 241230 Rel. 50788n allows remote attackers to inject arbitrary JavaScript code via the port mapping description. This leads to an execution of the JavaScript payloaβ¦