3.5
CVE-2025-3504 - WP Maps < 4.7.2 - Admin+ Stored XSS
The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
4.5
CVE-2025-3503 - WP Maps < 4.7.2 - Admin+ Stored XSS
The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
3.5
CVE-2025-3502 - WP Maps < 4.7.2 - Admin+ Stored XSS
The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
3.5
CVE-2024-13381 - Calculated Fields Form < 5.2.62 - Admin+ Stored XSS
The Calculated Fields Form WordPress plugin before 5.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
6.9
CVE-2025-4151 - PHPGurukul Curfew e-Pass Management System pass-bwdates-reports-details.php sql injection
A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/pass-bwdates-reports-details.php. The manipulation of the argument fromdate leads to sql injection. The attack may be initiated rβ¦
8.7
CVE-2025-4150 - Netgear EX6200 sub_54340 buffer overflow
A vulnerability was found in Netgear EX6200 1.0.3.94. It has been declared as critical. This vulnerability affects the function sub_54340. The manipulation of the argument host leads to buffer overflow. The attack can be initiated remotely. The vendor was contacted early about this disclosure but dβ¦
8.1
CVE-2025-3952 - Projectopia – WordPress Project Management <= 5.1.16 - Missing Authorization to Authenticatedβ¦
The Projectopia β WordPress Project Management plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'pto_remove_logo' function in all versions up to, and including, 5.1.16. This makes it possible for auβ¦
5.5
CVE-2024-13845 - Gravity Forms WebHooks <= 1.6.0 - Authenticated (Admin+) Server-Side Request Forgery via Webhook
The Gravity Forms WebHooks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.0 via the 'process_feed' method of the GF_Webhooks class This makes it possible for authenticated attackers, with Administrator-level access and above, to make web β¦
6.4
CVE-2025-4099 - List Children <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The List Children plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'list_children' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated aβ¦
8.7
CVE-2025-4149 - Netgear EX6200 sub_54014 buffer overflow
A vulnerability was found in Netgear EX6200 1.0.3.94. It has been classified as critical. This affects the function sub_54014. The manipulation of the argument host leads to buffer overflow. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but didβ¦