8.6
CVE-2025-31131 - Path Traversal allowing arbitrary read of files in Yeswiki
YesWiki is a wiki system written in PHP. The squelette parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. This vulnerability is fixed in 4.5.2.
7
CVE-2025-31121 - OpenEMR allows XSS in Patient Image feature
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 7.0.3.1, the Patient Image feature in OpenEMR is vulnerable to cross-site scripting attacks via the EXIF title in an image. This vulnerability is fixed in 7.0.3.1.
7.6
CVE-2025-31910 - WordPress BookingPress plugin <= 1.1.28 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in reputeinfosystems BookingPress bookingpress-appointment-booking allows SQL Injection.This issue affects BookingPress: from n/a through <= 1.1.28.
7.1
CVE-2025-31908 - WordPress JSON Structuring Markup plugin <= 0.1 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Sami Ahmed Siddiqui JSON Structuring Markup json-structuring-markup allows Stored XSS.This issue affects JSON Structuring Markup: from n/a through <= 0.1.
7.1
CVE-2025-31906 - WordPress WP Profitshare Plugin <= 1.4.9 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in ProfitShare.ro WP Profitshare wp-profitshare allows Stored XSS.This issue affects WP Profitshare: from n/a through <= 1.4.9.
7.1
CVE-2025-31904 - WordPress Ebook Downloader plugin <= 1.0 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Infoway LLC Ebook Downloader ebook-downloader allows Cross Site Request Forgery.This issue affects Ebook Downloader: from n/a through <= 1.0.
6.5
CVE-2025-31897 - WordPress Arrow Custom Feed for Twitter plugin <= 1.5.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arrow Plugins Arrow Custom Feed for Twitter arrow-twitter-feed allows Stored XSS.This issue affects Arrow Custom Feed for Twitter: from n/a through <= 1.5.3.
6.5
CVE-2025-31895 - WordPress ABC Notation Plugin <= 6.1.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in paulrosen ABC Notation abc-notation allows Stored XSS.This issue affects ABC Notation: from n/a through <= 6.1.3.
6.5
CVE-2025-31894 - WordPress Ebook Downloader plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Infoway LLC Ebook Downloader ebook-downloader allows Stored XSS.This issue affects Ebook Downloader: from n/a through <= 1.0.
6.5
CVE-2025-31892 - WordPress WP Crowdfunding plugin <= 2.1.15 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum WP Crowdfunding wp-crowdfunding allows Stored XSS.This issue affects WP Crowdfunding: from n/a through <= 2.1.15.