6.5
CVE-2025-31734 - WordPress Simple Post Expiration plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syed Balkhi Simple Post Expiration simple-post-expiration allows DOM-Based XSS.This issue affects Simple Post Expiration: from n/a through <= 1.0.1.
6.5
CVE-2025-31733 - WordPress WP Sitemap Plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Boot Div WP Sitemap wpsitemap allows Stored XSS.This issue affects WP Sitemap: from n/a through <= 1.0.0.
4.3
CVE-2025-31732 - WordPress GB Gallery Slideshow plugin <= 1.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in gb-plugins GB Gallery Slideshow gb-gallery-slideshow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GB Gallery Slideshow: from n/a through <= 1.3.
6.5
CVE-2025-31731 - WordPress Author Bio Shortcode Plugin <= 2.5.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Philip John Author Bio Shortcode author-bio-shortcode allows Stored XSS.This issue affects Author Bio Shortcode: from n/a through <= 2.5.3.
6.5
CVE-2025-31730 - WordPress Marketer Addons Plugin <= 1.0.1 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DigitalCourt Marketer Addons marketer-addons allows Stored XSS.This issue affects Marketer Addons: from n/a through <= 1.0.1.
6.1
CVE-2025-30676 - Apache OFBiz: Stored XSS Vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.19. Users are recommended to upgrade to version 18.12.19, which fixes the issue.
5.1
CVE-2025-30224 - MyDumper arbitrary file read issue
MyDumper is a MySQL Logical Backup Tool. The MySQL C client library (libmysqlclient) allows authenticated remote actors to read arbitrary files from client systems via a crafted server response to LOAD LOCAL INFILE query, leading to sensitive information disclosure when clients connect to untrustedβ¦
8.7
CVE-2025-30354 - Bruno ignores Safe-Mode in Asserts expressions
Bruno is an open source IDE for exploring and testing APIs. A bug in the assertion runtime caused assert expressions to run in Developer Mode, even if Safe Mode was selected. The bug resulted in the sandbox settings to be ignored for the particular case where a single request is run/sent. This vulnβ¦
8.7
CVE-2025-30210 - Bruno XSS On Environment Name
Bruno is an open source IDE for exploring and testing APIs. Prior to 1.39.1, the custom tool-tip components which internally use react-tooltip were setting the content (in this case the Environment name) as raw HTML which then gets injected into DOM on hover. This, combined with loose Content Securβ¦
0.0
CVE-2025-3094 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.