8.7
CVE-2025-4150 - Netgear EX6200 sub_54340 buffer overflow
A vulnerability was found in Netgear EX6200 1.0.3.94. It has been declared as critical. This vulnerability affects the function sub_54340. The manipulation of the argument host leads to buffer overflow. The attack can be initiated remotely. The vendor was contacted early about this disclosure but d…
8.1
CVE-2025-3952 - Projectopia – WordPress Project Management <= 5.1.16 - Missing Authorization to Authenticated…
The Projectopia – WordPress Project Management plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'pto_remove_logo' function in all versions up to, and including, 5.1.16. This makes it possible for au…
5.5
CVE-2024-13845 - Gravity Forms WebHooks <= 1.6.0 - Authenticated (Admin+) Server-Side Request Forgery via Webhook
The Gravity Forms WebHooks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.0 via the 'process_feed' method of the GF_Webhooks class This makes it possible for authenticated attackers, with Administrator-level access and above, to make web …
6.4
CVE-2025-4099 - List Children <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The List Children plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'list_children' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated a…
8.7
CVE-2025-4149 - Netgear EX6200 sub_54014 buffer overflow
A vulnerability was found in Netgear EX6200 1.0.3.94. It has been classified as critical. This affects the function sub_54014. The manipulation of the argument host leads to buffer overflow. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did…
4.3
CVE-2025-2168 - Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Pro…
The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.1. This is due to missing or incorrect nonce…
8.8
CVE-2025-1304 - NewsBlogger <= 0.2.5.1 - Authenticated (Subscriber+) Arbitrary File Upload
The NewsBlogger theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the newsblogger_install_and_activate_plugin() function in all versions up to, and including, 0.2.5.1. This makes it possible for authenticated attackers, with subscriber-level access and…
8.8
CVE-2025-1305 - NewsBlogger <= 0.2.5.4 - Cross-Site Request Forgery to Arbitrary Plugin Installation
The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2.5.4. This is due to missing or incorrect nonce validation on the newsblogger_install_and_activate_plugin() function. This makes it possible for unauthenticated attackers to uplo…
8.7
CVE-2025-4148 - Netgear EX6200 sub_503FC buffer overflow
A vulnerability was found in Netgear EX6200 1.0.3.94 and classified as critical. Affected by this issue is the function sub_503FC. The manipulation of the argument host leads to buffer overflow. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not re…
8.1
CVE-2025-2816 - Page View Count 2.8.0 - 2.8.4 - Missing Authorization to Authenticated (Subscriber+) Limited Option…
The Page View Count plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the yellow_message_dontshow() function in versions 2.8.0 to 2.8.4. This makes it possible for authenticated attackers, with Subscribe…