8.8
CVE-2025-23176 - Tecnick โ CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injectiโฆ
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
6.1
CVE-2025-23175 - Tecnick - Multiple XSS (CWE-79)
Multiple XSS (CWE-79)
7.1
CVE-2025-2092 - Remote site authentication secrets written to web log
Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p29, <2.2.0p41 and <=2.1.0p49 (EOL) causes remote site authentication secrets to be written to log files accessible to administrators.
5.3
CVE-2024-11299 - Memberpress <= 1.11.37 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposuโฆ
The Memberpress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.11.37 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-levโฆ
6.4
CVE-2025-3458 - Ocean Extra <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ocean_gallery_โฆ
The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ocean_gallery_idโ parameter in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level aโฆ
6.5
CVE-2025-3472 - Ocean Extra <= 2.4.6 - Unauthenticated Arbitrary Shortcode Execution
The Ocean Extra plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.4.6. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthentiโฆ
6.4
CVE-2025-3457 - Ocean Extra <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'oceanwp_icon' shortcode in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated atโฆ
6.5
CVE-2025-46254 - WordPress Visual Composer Website Builder plugin <= 45.10.0 - Cross Site Scripting (XSS) vulnerabilโฆ
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visual Composer Visual Composer Website Builder visualcomposer allows Stored XSS.This issue affects Visual Composer Website Builder: from n/a through <= 45.10.0.
6.5
CVE-2025-46253 - WordPress GutenKit plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ataur R GutenKit gutenkit-blocks-addon allows Stored XSS.This issue affects GutenKit: from n/a through <= 2.2.2.
7.6
CVE-2025-46252 - WordPress Message Filter for Contact Form 7 plugin <= 1.6.3.2 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kofi Mokome Message Filter for Contact Form 7 cf7-message-filter allows SQL Injection.This issue affects Message Filter for Contact Form 7: from n/a through <= 1.6.3.2.