0.0
CVE-2025-46223 -
Not used
0.0
CVE-2025-46224 -
Not used
0.0
CVE-2025-46216 -
Not used
0.0
CVE-2025-46217 -
Not used
0.0
CVE-2025-46219 -
Not used
7.5
CVE-2025-26413 - Apache Kvrocks: The server was crashed by the negative offset
Improper Input Validation vulnerability in Apache Kvrocks. The SETRANGE command didn't check if the `offset` input is a positive integer and use it as an index of a string. So it will cause the server to crash due to its index isย out of range. This issue affects Apache Kvrocks: through 2.11.1. Uโฆ
8.1
CVE-2025-2594 - User Registration & Membership < 4.1.3 - Authentication Bypass
The User Registration & Membership WordPress plugin before 4.1.3 does not properly validate data in an AJAX action when the Membership Addon is enabled, allowing attackers to authenticate as any user, including administrators, by simply using the target account's user ID.
7.1
CVE-2024-13569 - Front End Users <= 3.2.32 - Reflected XSS
The Front End Users WordPress plugin through 3.2.32 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
6.4
CVE-2025-3814 - Tax Switch for WooCommerce <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via โฆ
The Tax Switch for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the โclass-nameโ parameter in all versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributoโฆ
6.4
CVE-2025-2839 - WP Import Export Lite <= 3.9.27 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting
The WP Import Export Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the โwpiePreviewDataโ function in all versions up to, and including, 3.9.27 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributoโฆ