6.5
CVE-2024-12607 - School Management System for Wordpress <= 92.0.0 - Authenticated (Subscriber+) SQL Injection via 'm…
The School Management System for Wordpress plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'mj_smgt_show_event_task' AJAX action in all versions up to, and including, 92.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparat…
7.8
CVE-2025-26331 -
Dell ThinOS 2411 and prior, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution.
7.8
CVE-2024-12837 - GPU DDK - Exploitable kernel double free on apsFenceSyncCheckpoints allocated with arbitrary size
Software installed and run as a non-privileged user may conduct improper GPU system calls to corrupt kernel heap memory.
5.5
CVE-2024-12576 - GPU DDK - Untrusted app can crash firmware by forcing MCU access to non-aligned address
Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger a crash of the FW running on the GPU freezing graphics output.
7.2
CVE-2024-13906 - Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress <= 4.7.3 - Authentica…
The Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.7.3 via deserialization of untrusted input in the 'import_gallery_from_csv' function. This makes it possible for authe…
8.8
CVE-2025-1309 - UiPress lite | Effortless custom dashboards, admin themes and pages <= 3.5.04 - Missing Authorizati…
The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the uip_save_form_as_option() function in all versions up to, and including, 3.5…
6.4
CVE-2025-0863 - Flexmls® IDX <= 3.14.27 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Flexmls® IDX Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'idx_frame' shortcode in all versions up to, and including, 3.14.27 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authentic…
7.5
CVE-2024-13320 - CURCY - WooCommerce Multi Currency - Currency Switcher <= 2.3.6 - Unauthenticated SQL Injection
The CURCY - WooCommerce Multi Currency - Currency Switcher plugin for WordPress is vulnerable to SQL Injection via the 'wc_filter_price_meta[where]' parameter in all versions up to, and including, 2.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation o…
8.1
CVE-2024-13655 - Flex Mag - Responsive WordPress News Theme <= 3.5.2 - Missing Authorization to Authenticated (Subsc…
The Flex Mag - Responsive WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the propanel_of_ajax_callback() function in all versions up to, and including, 3.5.2. This makes it possibl…
6.4
CVE-2024-12809 - Wishlist <= 1.0.43 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Wishlist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wishlist_button' shortcode in all versions up to, and including, 1.0.43 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated a…