4.8
CVE-2025-2524 - Ninja Forms < 3.10.1 - Admin+ Stored XSS
The Ninja Forms WordPress plugin before 3.10.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
5.4
CVE-2025-1627 - Qi Blocks < 1.4 - Contributor+ Stored XSS via ToC Block
The Qi Blocks WordPress plugin before 1.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
5.4
CVE-2025-1626 - Qi Blocks < 1.4 - Contributor+ Stored XSS vi Countdown Block
The Qi Blocks WordPress plugin before 1.4 does not validate and escape some of its Countdown block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
5.4
CVE-2025-1625 - Qi Blocks < 1.4 - Contributor+ Stored XSS via Counter Block
The Qi Blocks WordPress plugin before 1.4 does not validate and escape some of its Counter block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
8.6
CVE-2025-4477 - TeamT5 ThreatSonar Anti-Ransomware - Privilege Escalation
The ThreatSonar Anti-Ransomware from TeamT5 has a Privilege Escalation vulnerability, allowing remote attackers with intermediate privileges to escalate their privileges to highest administrator level through a specific API.
0.0
CVE-2003-5004 -
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
6.9
CVE-2025-4913 - PHPGurukul Auto Taxi Stand Management System index.php sql injection
A vulnerability was found in PHPGurukul Auto Taxi Stand Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/index.php. The manipulation of the argument Username leads to sql injection. The attack may be launched remotely. The expβ¦
5.3
CVE-2025-4912 - SourceCodester Student Result Management System Image File update_student.php path traversal
A vulnerability has been found in SourceCodester Student Result Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/core/update_student.php of the component Image File Handler. The manipulation of the argument old_photo leaβ¦
6.9
CVE-2025-4911 - PHPGurukul Zoo Management System view-foreigner-ticket.php sql injection
A vulnerability, which was classified as critical, was found in PHPGurukul Zoo Management System 2.1. Affected is an unknown function of the file /admin/view-foreigner-ticket.php. The manipulation of the argument viewid leads to sql injection. It is possible to launch the attack remotely. The exploβ¦
6.4
CVE-2025-2892 - All in One SEO Pack <= 4.8.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post β¦
The All in One SEO β Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post Meta Description and Canonical URL parameters in all versions up to, and including, 4.8.1.1 due to insufficient input sanitization and outβ¦