5.3
CVE-2025-2252 - Easy Digital Downloads β eCommerce Payments and Subscriptions made easy <= 3.3.6.1 - Unauthenticateβ¦
The Easy Digital Downloads β eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.6.1 via the edd_ajax_get_download_title() function. This makes it possible for unauthenticated attackers to extrβ¦
5.3
CVE-2025-2744 - zhijiantianya ruoyi-vue-pro Material Upload Interface upload-news-image path traversal
A vulnerability, which was classified as critical, was found in zhijiantianya ruoyi-vue-pro 2.4.1. Affected is an unknown function of the file /admin-api/mp/material/upload-news-image of the component Material Upload Interface. The manipulation of the argument File leads to path traversal. It is poβ¦
5.3
CVE-2025-2743 - zhijiantianya ruoyi-vue-pro Material Upload Interface upload-temporary path traversal
A vulnerability, which was classified as problematic, has been found in zhijiantianya ruoyi-vue-pro 2.4.1. This issue affects some unknown processing of the file /admin-api/mp/material/upload-temporary of the component Material Upload Interface. The manipulation of the argument File leads to path tβ¦
5.3
CVE-2025-2742 - zhijiantianya ruoyi-vue-pro Material Upload Interface upload-permanent path traversal
A vulnerability classified as critical was found in zhijiantianya ruoyi-vue-pro 2.4.1. This vulnerability affects unknown code of the file /admin-api/mp/material/upload-permanent of the component Material Upload Interface. The manipulation of the argument File leads to path traversal. The attack caβ¦
6.9
CVE-2025-2740 - PHPGurukul Old Age Home Management System eligibility.php sql injection
A vulnerability classified as critical has been found in PHPGurukul Old Age Home Management System 1.0. Affected is an unknown function of the file /admin/eligibility.php. The manipulation of the argument pagetitle leads to sql injection. It is possible to launch the attack remotely. The exploit haβ¦
6.1
CVE-2025-1798 - Design Comuni Italia < 1.1.2 - Unauthenticated Stored XSS
The does not sanitise and escape some parameters when outputting them back in a page, allowing unauthenticated users the ability to perform stored Cross-Site Scripting attacks.
3.5
CVE-2025-1452 - Favorites < 2.3.5 - Admin+ Stored XSS
The Favorites WordPress plugin before 2.3.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
3.5
CVE-2025-0717 - Social Slider Feed < 2.2.9 - Admin+ Stored XSS
To exploit the vulnerability, it is necessary:
4.7
CVE-2024-9770 - WP-Recall < 16.26.12 - Admin+ SQL Injection
The WP-Recall WordPress plugin before 16.26.12 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks
7.1
CVE-2024-13863 - Stylish Google Sheet Reader < 4.1 - Reflected XSS
The Stylish Google Sheet Reader 4.0 WordPress plugin before 4.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin