7.3

CVSS3.1

CVE-2025-2809 - azurecurve Shortcodes in Comments <= 2.0.2 - Unauthenticated Arbitrary Shortcode Execution

The azurecurve Shortcodes in Comments plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.2. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it p…

πŸ“… Published: April 10, 2025, 7:02 a.m. πŸ”„ Last Modified: April 22, 2026, 5:45 p.m.

6.4

CVSS3.1

CVE-2024-10894 - Payment Forms for Paystack <= 4.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Payment Forms for Paystack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes like 'datepicker', 'textarea', and 'text' in all versions up to, and including, 4.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. …

πŸ“… Published: April 10, 2025, 7:02 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.5

CVSS3.1

CVE-2024-13896 - WP-GeSHi-Highlight <= 1.4.3 - Author+ ReDoS

The WP-GeSHi-Highlight β€” rock-solid syntax highlighting for 259 languages WordPress plugin through 1.4.3 processes user-supplied input as a regular expression via the wp_geshi_filter_replace_code() function, which could lead to Regular Expression Denial of Service (ReDoS) issue

πŸ“… Published: April 10, 2025, 6 a.m. πŸ”„ Last Modified: Aug. 27, 2025, noon

7.1

CVSS3.1

CVE-2024-13874 - Feedify – Web Push Notifications < 2.4.6 - Reflected XSS

The Feedify WordPress plugin before 2.4.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

πŸ“… Published: April 10, 2025, 6 a.m. πŸ”„ Last Modified: April 30, 2025, 7:12 p.m.

0.0

CVE-2025-3494 -

This CVE ID has been rejected by its CNA as it was not a security issue.

πŸ“… Published: April 10, 2025, 5:22 a.m. πŸ”„ Last Modified: June 17, 2025, 4:15 a.m.

0.0

CVE-2025-3493 -

This CVE ID has been rejected by its CNA as it was not a security issue.

πŸ“… Published: April 10, 2025, 5:22 a.m. πŸ”„ Last Modified: June 17, 2025, 4:15 a.m.

5.9

CVSS4.0

CVE-2025-0539 -

In affected Microsoft Windows versions of Octopus Deploy, the server can be coerced into sending server-side requests that contain authentication material allowing a suitably positioned attacker to compromise the account running Octopus Server and potentially the host infrastructure itself.

πŸ“… Published: April 10, 2025, 5:20 a.m. πŸ”„ Last Modified: July 2, 2025, 5:23 p.m.

8.1

CVSS3.1

CVE-2025-3102 - SureTriggers <= 1.0.78 - Authorization Bypass due to Missing Empty Value Check to Unauthenticated A…

The SureTriggers: All-in-One Automation Platform plugin for WordPress is vulnerable to an authentication bypass leading to administrative account creation due to a missing empty value check on the 'secret_key' value in the 'autheticate_user' function in all versions up to, and including, 1.0.78. Th…

πŸ“… Published: April 10, 2025, 4:22 a.m. πŸ”„ Last Modified: April 21, 2026, 9:30 p.m.

0.0

CVE-2025-27941 -

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused

πŸ“… Published: April 10, 2025, 3 a.m. πŸ”„ Last Modified: Feb. 13, 2026, 6:11 p.m.

5.3

CVSS4.0

CVE-2025-3489 - Nababur Simple-User-Management-System register.php cross site scripting

A vulnerability was found in Nababur Simple-User-Management-System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /register.php. The manipulation of the argument name/username leads to cross site scripting. The attack may be launched remotely…

πŸ“… Published: April 10, 2025, 3 a.m. πŸ”„ Last Modified: April 29, 2025, 8:21 p.m.
Total resulsts: 347815
Page 5788 of 34,782
Β« previous page Β» next page
Filters