5.1
CVE-2025-2084 - PHPGurukul Human Metapneumovirus Testing Management System Search Report Page search-report.php croβ¦
A vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /search-report.php of the component Search Report Page. The manipulation leads to cross site scripting. It is possible to lβ¦
6.1
CVE-2024-12634 - Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins <= 2.β¦
The Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including 2.0.59. This is due to missing nonce validation on a function. This makes it possible for unauthentβ¦
6.5
CVE-2025-1768 - SEO Plugin by Squirrly SEO <= 12.4.05 - Authenticated (Subscriber+) SQL Injection via search Parameβ¦
The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to blind SQL Injection via the 'search' parameter in all versions up to, and including, 12.4.05 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it β¦
7.1
CVE-2025-1887 - SMB forced authentication vulnerability in Sage 200 Spain
SMB forced authentication vulnerability in versions prior to 2025.35.000 of Sage 200 Spain. This vulnerability allows an authenticated attacker with administrator privileges to obtain NTLMv2-SSP Hash by changing any of the paths to a UNC path pointing to a server controlled by the attacker.
7.1
CVE-2025-1886 - Pass-Back vulnerability in Sage 200 Spain
Pass-Back vulnerability in versions prior to 2025.35.000 of Sage 200 Spain. This vulnerability allows an authenticated attacker with administrator privileges to discover stored SMTP credentials.
7.1
CVE-2024-13668 - WordPress Activity O Meter <= 1 - Reflected XSS
The WordPress Activity O Meter WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admins.
4.8
CVE-2024-9458 - Reservit Hotel < 3.0 - Admin+ Stored XSS
The Reservit Hotel WordPress plugin before 3.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
5.5
CVE-2024-13857 - WPGet API <= 2.2.10 - Authenticated (Administrator+) Server-Side Request Forgery
The WPGet API β Connect to any external REST API plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.10. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locationsβ¦
4.3
CVE-2024-13635 - VK Blocks <= 1.94.2.2 - Missing Authorization to Sensitive Information Exposure
The VK Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.94.2.2 via the page content block. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including the content β¦
4.3
CVE-2024-13552 - SupportCandy β Helpdesk & Customer Support Ticket System <= 3.3.0 - Insecure Direct Object Reference
The SupportCandy β Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.3.0 via file upload due to missing validation on a user controlled key. This makes it possible for authenticated attackers to dβ¦