5.1
CVE-2025-3691 - mirweiye Seven Bears Library CMS Add Link server-side request forgery
A vulnerability was found in mirweiye Seven Bears Library CMS 2023. It has been classified as problematic. Affected is an unknown function of the component Add Link Handler. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disβ¦
6.9
CVE-2025-3690 - PHPGurukul Men Salon Management System edit-services.php sql injection
A vulnerability was found in PHPGurukul Men Salon Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/edit-services.php. The manipulation of the argument cost leads to sql injection. The attack may be initiated remotely. The exploit has beβ¦
4.3
CVE-2025-39512 - WordPress Bulk Term Editor plugin <= 1.1.4 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Yuya Hoshino Bulk Term Editor bulk-term-editor allows Cross Site Request Forgery.This issue affects Bulk Term Editor: from n/a through <= 1.1.4.
5.3
CVE-2025-39513 - WordPress ActiveDEMAND plugin <= 0.2.46 - Broken Access Control vulnerability
Missing Authorization vulnerability in ActiveDEMAND Online Agency Marketing Automation ActiveDEMAND activedemand allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects ActiveDEMAND: from n/a through <= 0.2.46.
6.5
CVE-2025-39514 - WordPress Asgaros Forum plugin <= 3.2.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Asgaros Asgaros Forum asgaros-forum allows Stored XSS.This issue affects Asgaros Forum: from n/a through <= 3.2.1.
6.5
CVE-2025-39515 - WordPress Attendance Manager plugin <= 0.6.2 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tnomi Attendance Manager attendance-manager allows Stored XSS.This issue affects Attendance Manager: from n/a through <= 0.6.2.
6.5
CVE-2025-39516 - WordPress Author WIP Progress Bar plugin <= 1.0 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alan Petersen Author WIP Progress Bar author-work-in-progress-bar allows DOM-Based XSS.This issue affects Author WIP Progress Bar: from n/a through <= 1.0.
4.3
CVE-2025-39517 - WordPress Basic Interactive World Map plugin <= 2.7 - Cross Site Request Forgery (CSRF) to Settingsβ¦
Cross-Site Request Forgery (CSRF) vulnerability in WP Map Plugins Basic Interactive World Map basic-interactive-world-map allows Cross Site Request Forgery.This issue affects Basic Interactive World Map: from n/a through <= 2.7.
7.6
CVE-2025-39518 - WordPress BMA Lite plugin <= 1.4.2 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RedefiningTheWeb BMA Lite bma-lite-appointment-booking-and-scheduling allows SQL Injection.This issue affects BMA Lite: from n/a through <= 1.4.2.
6.5
CVE-2025-39520 - WordPress Checkout Files Upload for WooCommerce plugin <= 2.2.0 - Cross Site Scripting (XSS) Vulnerβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Wham Checkout Files Upload for WooCommerce checkout-files-upload-woocommerce allows Stored XSS.This issue affects Checkout Files Upload for WooCommerce: from n/a through <= 2.2.0.