6.1
CVE-2024-10566 - Slider by 10Web < 1.2.62 - Contributor+ Stored XSS
The Slider by 10Web WordPress plugin before 1.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
6.1
CVE-2024-10565 - Slider by 10Web < 1.2.62 - Admin+ Stored XSS via Widget
The Slider by 10Web WordPress plugin before 1.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
6.9
CVE-2025-2738 - PHPGurukul Old Age Home Management System manage-scdetails.php sql injection
A vulnerability was found in PHPGurukul Old Age Home Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/manage-scdetails.php. The manipulation of the argument namesc leads to sql injection. The attack can be initiated remotely. The exโฆ
3.5
CVE-2024-10560 - Form Maker by 10Web < 1.15.30 - Admin+ Stored XSS
The Form Maker by 10Web WordPress plugin before 1.15.30 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
3.5
CVE-2024-10554 - WP-Advanced-Search < 3.3.9.3 - Admin+ Stored XSS
The WordPress WP-Advanced-Search WordPress plugin before 3.3.9.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite seโฆ
5.9
CVE-2024-10472 - Stylish Price List < 7.1.12 - Contributor+ Stored XSS
The Stylish Price List WordPress plugin before 7.1.12 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
5.9
CVE-2024-10105 - Jobs for WordPress < 2.7.11 - Contributor+ Stored XSS
The Job Postings WordPress plugin before 2.7.11 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
8.4
CVE-2024-10210 - Path traversal in APROL Web Portal
An External Control of File Name or Path vulnerability in the APROL Web Portal used in B&R APROL <4.4-005P may allow an authenticated network-based attacker to access data from the file system.
6.9
CVE-2025-2737 - PHPGurukul Old Age Home Management System contactus.php sql injection
A vulnerability was found in PHPGurukul Old Age Home Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/contactus.php. The manipulation of the argument pagetitle leads to sql injection. It is possible to initiate the attack remotely. The exploโฆ
5.3
CVE-2025-2224 - Directorist <= 8.2 - Missing Authorization to Unauthenticated Arbitrary Post Publishing
The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'parse_query' function in all versions up to, and including, 8.2. This makes it possible foโฆ