9.3
CVE-2025-22523 - WordPress Schedule Plugin <= 1.0.0 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in scheduler Schedule schedule allows Blind SQL Injection.This issue affects Schedule: from n/a through <= 1.0.0.
7.1
CVE-2025-22501 - WordPress Improve My City plugin <= 1.6 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Improve My City Improve My City improve-my-city allows Reflected XSS.This issue affects Improve My City: from n/a through <= 1.6.
7.1
CVE-2025-22360 - WordPress WP Azure offload plugin <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in promact WP Azure offload wp-azure-offload allows Reflected XSS.This issue affects WP Azure offload: from n/a through <= 2.0.
7.1
CVE-2025-22356 - WordPress Stencies plugin <= 0.58 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stencies Stencies stencies allows Reflected XSS.This issue affects Stencies: from n/a through <= 0.58.
8.1
CVE-2024-54362 - WordPress GetShop ecommerce plugin <= 1.3 - Path Traversal vulnerability
Path Traversal: '.../...//' vulnerability in boggibill GetShop ecommerce getshop-ecommerce allows Path Traversal.This issue affects GetShop ecommerce: from n/a through <= 1.3.
8.6
CVE-2024-54291 - WordPress PluginPass plugin <= 0.9.10 - Arbitrary File Download/Delete vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in labs64 PluginPass pluginpass-pro-plugintheme-licensing allows Manipulating Web Input to File System Calls.This issue affects PluginPass: from n/a through <= 0.9.10.
7.1
CVE-2024-51624 - WordPress JΓ‘-JΓ‘ Pagamentos for WooCommerce plugin <= 1.3.0 - Reflected Cross Site Scripting (XSS) vβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jajapagamentos JΓ‘-JΓ‘ Pagamentos for WooCommerce wc-ja-ja-pagamentos-multicaixa-express allows Reflected XSS.This issue affects JΓ‘-JΓ‘ Pagamentos for WooCommerce: from n/a through <= 1.3.0.
7.5
CVE-2025-30211 - KEX init error results with excessive memory usage
Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.1, 26.2.5.10, and 25.3.2.19, a maliciously formed KEX init message can result with high memory usage. Implementation does not verify RFC specified limits on algorithm names (64 characters) provided in Kβ¦
7.7
CVE-2025-30372 - Emlog Pro contains an SQL injection vulnerability.
Emlog is an open source website building system. Emlog Pro versions pro-2.5.7 and pro-2.5.8 contain an SQL injection vulnerability. `search_controller.php` does not use addslashes after urldecode, allowing the preceeding addslashes to be bypassed by URL double encoding. This could result in potentiβ¦
2.1
CVE-2025-30371 - Metabase vulnerable to circumvention of local link access protection in GeoJson endpoint
Metabase is a business intelligence and embedded analytics tool. Versions prior to v0.52.16.4, v1.52.16.4, v0.53.8, and v1.53.8 are vulnerable to circumvention of local link access protection in GeoJson endpoint. Self hosted Metabase instances that are using the GeoJson feature could be potentiallyβ¦