5.3
CVE-2025-1805 - Crypt::Salt for Perl uses insecure rand() function when generating salts for cryptographic purposes
Crypt::Salt for Perl version 0.01 uses insecure rand() function when generating salts for cryptographic purposes.
6.1
CVE-2025-3097 - wp Time Machine <= 3.4.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The wp Time Machine plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.0. This is due to missing or incorrect nonce validation on the 'wpTimeMachineCore.php' page. This makes it possible for unauthenticated attackers to update settings and inj…
8.8
CVE-2025-3063 - Shopper Approved Reviews 2.0 - 2.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary…
The Shopper Approved Reviews plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajax_callback_update_sa_option() function in versions 2.0 to 2.1. This makes it possible for authenticated attackers, w…
6.1
CVE-2025-2483 - Gift Certificate Creator <= 1.1.0 - Reflected Cross-Site Scripting via receip_address Parameter
The Gift Certificate Creator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘receip_address’ parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject…
6.5
CVE-2024-13637 - Demo Awesome <= 1.0.3 - Missing Authorization to Authenticated (Subscriber+) Plugin Activation
The Demo Awesome plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the install_plugin function in all versions up to, and including, 1.0.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to insta…
4.9
CVE-2024-12410 - Front End Users <= 3.2.32 - Authenticated (Admin+) SQL injection
The Front End Users plugin for WordPress is vulnerable to SQL Injection via the 'UserSearchField' parameter in all versions up to, and including, 3.2.32 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible …
6.4
CVE-2025-2513 - Smart Icons For WordPress <= 1.0.4 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Fi…
The Smart Icons For WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Editor-level access a…
6.1
CVE-2025-3098 - Video Url <= 1.0.0.3 - Reflected Cross-Site Scripting
The Video Url plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 1.0.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in…
6.1
CVE-2025-3099 - Advanced Search by My Solr Server <= 2.0.5 - Cross-Site Request Forgery to Stored Cross-Site Script…
The Advanced Search by My Solr Server plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.5. This is due to missing or incorrect nonce validation on the 'MySolrServerSettings' page. This makes it possible for unauthenticated attackers to update…
9.8
CVE-2025-2005 - Front-End-Only-Users <= 3.2.32 - Unauthenticated Arbitrary File Upload
The Front End Users plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the file uploads field of the registration form in all versions up to, and including, 3.2.32. This makes it possible for unauthenticated attackers to upload arbitrary files on the…