5.1
CVE-2025-2086 - StarSea99 starsea-mall update cross site scripting
A vulnerability classified as problematic was found in StarSea99 starsea-mall 1.0. This vulnerability affects unknown code of the file /admin/indexConfigs/update. The manipulation of the argument redirectUrl leads to cross site scripting. The attack can be initiated remotely. The exploit has been dβ¦
5.1
CVE-2025-2085 - StarSea99 starsea-mall save cross site scripting
A vulnerability classified as problematic has been found in StarSea99 starsea-mall 1.0. This affects an unknown part of the file /admin/carousels/save. The manipulation of the argument redirectUrl leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been diβ¦
5.1
CVE-2025-2084 - PHPGurukul Human Metapneumovirus Testing Management System Search Report Page search-report.php croβ¦
A vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /search-report.php of the component Search Report Page. The manipulation leads to cross site scripting. It is possible to lβ¦
6.1
CVE-2024-12634 - Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins <= 2.β¦
The Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including 2.0.59. This is due to missing nonce validation on a function. This makes it possible for unauthentβ¦
6.5
CVE-2025-1768 - SEO Plugin by Squirrly SEO <= 12.4.05 - Authenticated (Subscriber+) SQL Injection via search Parameβ¦
The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to blind SQL Injection via the 'search' parameter in all versions up to, and including, 12.4.05 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it β¦
7.1
CVE-2025-1887 - SMB forced authentication vulnerability in Sage 200 Spain
SMB forced authentication vulnerability in versions prior to 2025.35.000 of Sage 200 Spain. This vulnerability allows an authenticated attacker with administrator privileges to obtain NTLMv2-SSP Hash by changing any of the paths to a UNC path pointing to a server controlled by the attacker.
7.1
CVE-2025-1886 - Pass-Back vulnerability in Sage 200 Spain
Pass-Back vulnerability in versions prior to 2025.35.000 of Sage 200 Spain. This vulnerability allows an authenticated attacker with administrator privileges to discover stored SMTP credentials.
7.1
CVE-2024-13668 - WordPress Activity O Meter <= 1 - Reflected XSS
The WordPress Activity O Meter WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admins.
4.8
CVE-2024-9458 - Reservit Hotel < 3.0 - Admin+ Stored XSS
The Reservit Hotel WordPress plugin before 3.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
5.5
CVE-2024-13857 - WPGet API <= 2.2.10 - Authenticated (Administrator+) Server-Side Request Forgery
The WPGet API β Connect to any external REST API plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.10. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locationsβ¦