8.8
CVE-2025-2319 - EZ SQL Reports Shortcode Widget and DB Backup 4.11.13 - 5.25.08 - Cross-Site Request Forgery to Remโฆ
The EZ SQL Reports Shortcode Widget and DB Backup plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 4.11.13 to 5.25.08. This is due to missing or incorrect nonce validation on the 'ELISQLREPORTS_menu' function. This makes it possible for unauthenticated attackers to execuโฆ
7.2
CVE-2024-13690 - WP Church Donation <= 1.7 - Unauthenticated Stored Cross-Site Scripting
The WP Church Donation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several donation form submission parameters in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injeโฆ
6.4
CVE-2024-13731 - Alert Box Block โ Display notice/alerts in the front end <= 1.1.3 - Authenticated (Contributor+) Stโฆ
The Alert Box Block โ Display notice/alerts in the front end. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Alert Box block in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This mโฆ
4.3
CVE-2024-13710 - Estatebud โ Properties & Listings <= 5.5.0 - Cross-Site Request Forgery to Settings Update
The Estatebud โ Properties & Listings plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.5.0. This is due to missing or incorrect nonce validation on the 'estatebud_settings' page. This makes it possible for unauthenticated attackers to update tโฆ
5.5
CVE-2025-2510 - Frndzk Expandable Bottom Bar <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting viโฆ
The Frndzk Expandable Bottom Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'text' parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level โฆ
5.3
CVE-2025-2752 - Open Asset Import Library Assimp CSM File fast_atof.h fast_atoreal_move out-of-bounds
A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This issue affects the function fast_atoreal_move in the library include/assimp/fast_atof.h of the component CSM File Handler. The manipulation leads to out-of-bounds read. The attack may be initiatedโฆ
5.3
CVE-2025-2751 - Open Asset Import Library Assimp CSM File CSMLoader.cpp InternReadFile out-of-bounds
A vulnerability has been found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This vulnerability affects the function Assimp::CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp of the component CSM File Handler. The manipulation of the argument na leadโฆ
5.3
CVE-2025-2750 - Open Asset Import Library Assimp CSM File CSMLoader.cpp InternReadFile out-of-bounds write
A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp of the component CSM File Handler. The manipulation leads to out-of-bounds write. It is pโฆ
6.4
CVE-2024-12623 - DICOM Support <= 0.10.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
The DICOM Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dcm' shortcode in all versions up to, and including, 0.10.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackerโฆ
4.3
CVE-2025-1320 - teachPress <= 9.0.9 - Cross-Site Request Forgery to Import Delete
The teachPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.0.9. This is due to missing or incorrect nonce validation on the import.php page. This makes it possible for unauthenticated attackers to delete imports via a forged request grantโฆ