8.1
CVE-2024-13655 - Flex Mag - Responsive WordPress News Theme <= 3.5.2 - Missing Authorization to Authenticated (Subscβ¦
The Flex Mag - Responsive WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the propanel_of_ajax_callback() function in all versions up to, and including, 3.5.2. This makes it possiblβ¦
6.4
CVE-2024-12809 - Wishlist <= 1.0.43 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Wishlist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wishlist_button' shortcode in all versions up to, and including, 1.0.43 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated aβ¦
9.8
CVE-2025-1475 - WPCOM Member <= 1.7.5 - Authentication Bypass via 'user_phone'
The WPCOM Member plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.7.5. This is due to insufficient verification on the 'user_phone' parameter when logging in. This makes it possible for unauthenticated attackers to log in as any existing user on thβ¦
6.9
CVE-2025-2067 - projectworlds Life Insurance Management System search.php sql injection
A vulnerability was found in projectworlds Life Insurance Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /search.php. The manipulation of the argument key leads to sql injection. The attack may be initiated remotely. The exploit has been disβ¦
6.9
CVE-2025-2066 - projectworlds Life Insurance Management System updateAgent.php sql injection
A vulnerability has been found in projectworlds Life Insurance Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /updateAgent.php. The manipulation of the argument agent_id leads to sql injection. The attack can be initiated remotely. The exploit β¦
6.9
CVE-2025-2065 - projectworlds Life Insurance Management System editAgent.php sql injection
A vulnerability, which was classified as critical, was found in projectworlds Life Insurance Management System 1.0. This affects an unknown part of the file /editAgent.php. The manipulation of the argument agent_id leads to sql injection. It is possible to initiate the attack remotely. The exploit β¦
6.9
CVE-2025-2064 - projectworlds Life Insurance Management System deletePayment.php sql injection
A vulnerability, which was classified as critical, has been found in projectworlds Life Insurance Management System 1.0. Affected by this issue is some unknown functionality of the file /deletePayment.php. The manipulation of the argument recipt_no leads to sql injection. The attack may be launchedβ¦
6.9
CVE-2025-2063 - projectworlds Life Insurance Management System deleteNominee.php sql injection
A vulnerability classified as critical was found in projectworlds Life Insurance Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /deleteNominee.php. The manipulation of the argument nominee_id leads to sql injection. The attack can be launched remotely.β¦
6.9
CVE-2025-2062 - projectworlds Life Insurance Management System clientStatus.php sql injection
A vulnerability classified as critical has been found in projectworlds Life Insurance Management System 1.0. Affected is an unknown function of the file /clientStatus.php. The manipulation of the argument client_id leads to sql injection. It is possible to launch the attack remotely. The exploit haβ¦
5.3
CVE-2025-2061 - code-projects Online Ticket Reservation System passenger.php cross site scripting
A vulnerability was found in code-projects Online Ticket Reservation System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /passenger.php. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The exβ¦