0.0
CVE-2025-2904 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
5.3
CVE-2025-2074 - Advanced Google reCAPTCHA <= 1.29 - Authenticated (Subscriber+) Limited SQL Injection via 'sSearch'…
The Advanced Google reCAPTCHA plugin for WordPress is vulnerable to generic SQL Injection via the ‘sSearch’ parameter in all versions up to, and including, 1.29 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it p…
5.3
CVE-2025-2578 - Booking for Appointments and Events Calendar – Amelia <= 1.2.19 - Unauthenticated Full Path Disclos…
The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.2.19 via the 'wpAmeliaApiCall' function. This makes it possible for unauthenticated attackers to retrieve the full path of the web appli…
7.5
CVE-2025-2485 - Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.8.7 - Unauthenticated PHP Object Injec…
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8.7 via deserialization of untrusted input from the 'dnd_upload_cf7_upload' function. This makes it possible for attackers to inject a PHP…
8.8
CVE-2025-2328 - Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.8.7 - Unauthenticated Arbitrary File D…
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'dnd_remove_uploaded_files' function in all versions up to, and including, 1.3.8.7. This makes it possible for unauthenticated atta…
4.3
CVE-2025-1762 - Event Tickets with Ticket Scanner < 2.5.4 - Arbitrary Tickets Deletion via CSRF
The Event Tickets with Ticket Scanner WordPress plugin before 2.5.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
5.9
CVE-2025-2027 -
A double free vulnerability has been identified in the ASUS System Analysis service. This vulnerability can be triggered by sending specially crafted local RPC requests, leading to the service crash and potentially memory manipulation in some rare circumstances. Refer to the 'Security Update for My…
6.1
CVE-2025-2804 - tagDiv Composer <= 5.3 - Reflected Cross-Site Scripting via 'account_id' and 'account_username'
The tagDiv Composer plugin for WordPress, used by the Newspaper theme, is vulnerable to Reflected Cross-Site Scripting via the 'account_id' and 'account_username' parameters in all versions up to, and including, 5.3 due to insufficient input sanitization and output escaping. This makes it possible …
9.8
CVE-2025-2294 - Kubio AI Page Builder <= 2.5.1 - Unauthenticated Local File Inclusion
The Kubio AI Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.1 via thekubio_hybrid_theme_load_template function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the …
6.6
CVE-2025-2894 - Unitree Go1 Robot Dog Backdoor Control Channel
The Go1 also known as "The World's First Intelligence Bionic Quadruped Robot Companion of Consumer Level," contains an undocumented backdoor that can enable the manufacturer, and anyone in possession of the correct API key, complete remote control over the affected robotic device using the CloudSai…