4.8
CVE-2024-11847 - WP SVG Upload <= 1.0.0 - Author+ Stored XSS via SVG
The wp-svg-upload WordPress plugin through 1.0.0 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks.
6.4
CVE-2025-1784 - Spectra β WordPress Gutenberg Blocks <= 2.19.0 - Authenticated (Contributor+) Stored Cross-Site Scrβ¦
The Spectra β WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the uagb block in all versions up to, and including, 2.19.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributorβ¦
6.1
CVE-2025-1490 - Smart Maintenance Mode <= 1.5.2 - Reflected Cross-Site Scripting via setstatus Parameter
The Smart Maintenance Mode plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the βsetstatusβ parameter in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrβ¦
6.1
CVE-2025-2165 - SH Email Alert <= 1.0 - Reflected Cross-Site Scripting
The SH Email Alert plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'mid' parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts β¦
6.4
CVE-2025-2573 - Amazing service box Addons For WPBakery Page Builder <= 2.0.0 - Authenticated (Author+) Stored Crosβ¦
The Amazing service box Addons For WPBakery Page Builder (formerly Visual Composer) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible fβ¦
6.4
CVE-2025-2576 - Ayyash Studio <= 1.0.3 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
The Ayyash Studio β The kick-start kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-levelβ¦
6.5
CVE-2024-55965 -
An issue was discovered in Appsmith before 1.51. Users invited as "App Viewer" incorrectly have access to development information of a workspace (specifically, a list of datasources in a workspace they're a member of). This information disclosure does not expose sensitive data in the datasources, sβ¦
9.8
CVE-2025-26004 -
Telesquare TLR-2005KSH 1.1.4 is vulnerable to unauthorized stack buffer overflow vulnerability when requesting admin.cgi parameter with setDdns.
7.5
CVE-2025-26009 -
Telesquare TLR-2005KSH 1.1.4 has an Information Disclosure vulnerability when requesting systemutilit.cgi.
9.8
CVE-2024-55964 -
An issue was discovered in Appsmith before 1.52. An incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith Docker container. The attacker must be able to access Appsmith, login to it, create a datasource, create a query against that daβ¦