7.1
CVE-2025-39372 - WordPress WordPress Events Calendar Registration & Tickets plugin <= 2.6.0 - Reflected Cross Site Sβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in elbisnero WordPress Events Calendar Registration & Tickets wpeventplus allows Reflected XSS.This issue affects WordPress Events Calendar Registration & Tickets: from n/a through <= 2.6.0.
10
CVE-2025-39380 - WordPress Hospital Management System plugin <= 47.0(20-11-2023) - Arbitrary File Upload vulnerabiliβ¦
Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla Hospital Management System hospital-management allows Upload a Web Shell to a Web Server.This issue affects Hospital Management System: from n/a through <= 47.0(20-11-2023).
9.3
CVE-2025-39386 - WordPress Hospital Management System plugin <= 47.0(20-11-2023) - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla Hospital Management System hospital-management allows SQL Injection.This issue affects Hospital Management System: from n/a through <= 47.0(20-11-2023).
9.3
CVE-2025-39389 - WordPress AnalyticsWP <= 2.1.2 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Solid Plugins AnalyticsWP allows SQL Injection.This issue affects AnalyticsWP: from n/a through 2.1.2.
7.1
CVE-2025-39392 - WordPress WPAMS plugin <= 44.0 (17-08-2023) - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mojoomla WPAMS apartment-management allows Reflected XSS.This issue affects WPAMS: from n/a through <= 44.0 (17-08-2023).
9.9
CVE-2025-47949 - samlify SAML Signature Wrapping attack
samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to version 2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider. Version 2.10.0 fixesβ¦
7.1
CVE-2025-39393 - WordPress Hospital Management System plugin <= 47.0(20-11-2023) - Cross Site Scripting (XSS) vulnerβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mojoomla Hospital Management System hospital-management allows Reflected XSS.This issue affects Hospital Management System: from n/a through <= 47.0(20-11-2023).
9.3
CVE-2025-39395 - WordPress WPAMS plugin <= 44.0 (17-08-2023) - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla WPAMS apartment-management allows SQL Injection.This issue affects WPAMS: from n/a through <= 44.0 (17-08-2023).
10
CVE-2025-39401 - WordPress WPAMS plugin <= 44.0 (17-08-2023) - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla WPAMS apartment-management allows Upload a Web Shell to a Web Server.This issue affects WPAMS: from n/a through <= 44.0 (17-08-2023).
6.1
CVE-2025-47946 - symfony/ux-live-component and symfony/ux-twig-component vulnerable to unsanitized HTML attribute inβ¦
Symfony UX is an initiative and set of libraries to integrate JavaScript tools into applications. Prior to version 2.25.1, rendering `{{ attributes }}` or using any method that returns a `ComponentAttributes` instance (e.g. `only()`, `defaults()`, `without()`) ouputs attribute values directly withoβ¦