5.3
CVE-2025-2750 - Open Asset Import Library Assimp CSM File CSMLoader.cpp InternReadFile out-of-bounds write
A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp of the component CSM File Handler. The manipulation leads to out-of-bounds write. It is pβ¦
6.4
CVE-2024-12623 - DICOM Support <= 0.10.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
The DICOM Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dcm' shortcode in all versions up to, and including, 0.10.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackerβ¦
4.3
CVE-2025-1320 - teachPress <= 9.0.9 - Cross-Site Request Forgery to Import Delete
The teachPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.0.9. This is due to missing or incorrect nonce validation on the import.php page. This makes it possible for unauthenticated attackers to delete imports via a forged request grantβ¦
5.3
CVE-2025-2252 - Easy Digital Downloads β eCommerce Payments and Subscriptions made easy <= 3.3.6.1 - Unauthenticateβ¦
The Easy Digital Downloads β eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.6.1 via the edd_ajax_get_download_title() function. This makes it possible for unauthenticated attackers to extrβ¦
5.3
CVE-2025-2744 - zhijiantianya ruoyi-vue-pro Material Upload Interface upload-news-image path traversal
A vulnerability, which was classified as critical, was found in zhijiantianya ruoyi-vue-pro 2.4.1. Affected is an unknown function of the file /admin-api/mp/material/upload-news-image of the component Material Upload Interface. The manipulation of the argument File leads to path traversal. It is poβ¦
5.3
CVE-2025-2743 - zhijiantianya ruoyi-vue-pro Material Upload Interface upload-temporary path traversal
A vulnerability, which was classified as problematic, has been found in zhijiantianya ruoyi-vue-pro 2.4.1. This issue affects some unknown processing of the file /admin-api/mp/material/upload-temporary of the component Material Upload Interface. The manipulation of the argument File leads to path tβ¦
5.3
CVE-2025-2742 - zhijiantianya ruoyi-vue-pro Material Upload Interface upload-permanent path traversal
A vulnerability classified as critical was found in zhijiantianya ruoyi-vue-pro 2.4.1. This vulnerability affects unknown code of the file /admin-api/mp/material/upload-permanent of the component Material Upload Interface. The manipulation of the argument File leads to path traversal. The attack caβ¦
6.9
CVE-2025-2740 - PHPGurukul Old Age Home Management System eligibility.php sql injection
A vulnerability classified as critical has been found in PHPGurukul Old Age Home Management System 1.0. Affected is an unknown function of the file /admin/eligibility.php. The manipulation of the argument pagetitle leads to sql injection. It is possible to launch the attack remotely. The exploit haβ¦
6.1
CVE-2025-1798 - Design Comuni Italia < 1.1.2 - Unauthenticated Stored XSS
The does not sanitise and escape some parameters when outputting them back in a page, allowing unauthenticated users the ability to perform stored Cross-Site Scripting attacks.
3.5
CVE-2025-1452 - Favorites < 2.3.5 - Admin+ Stored XSS
The Favorites WordPress plugin before 2.3.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).