7.5
CVE-2024-12905 - tar-fs: link following and path traversal via maliciously crafted tar file
An Improper Link Resolution Before File Access ("Link Following") and Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal"). This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the inteβ¦
6.4
CVE-2025-30362 - WeGIA vulnerable to Stored XSS in documentos_funcionario.php parameter id
WeGIA is a Web manager for charitable institutions. A stored Cross-Site Scripting (XSS) vulnerability was identified in versions prior to 3.2.8. This vulnerability allows unauthorized scripts to be executed within the user's browser context. Stored XSS is particularly critical, as the malicious codβ¦
9.3
CVE-2025-30361 - WeGIA Vulnerable to Broken Authentication - Old Password Validation
WeGIA is a Web manager for charitable institutions. A security vulnerability was identified in versions prior to 3.2.6, where it is possible to change a user's password without verifying the old password. This issue exists in the control.php endpoint and allows unauthorized attackers to bypass authβ¦
8.5
CVE-2025-22783 - WordPress SEO Plugin by Squirrly SEO plugin <= 12.4.03 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SEO Squirrly SEO Plugin by Squirrly SEO squirrly-seo allows SQL Injection.This issue affects SEO Plugin by Squirrly SEO: from n/a through <= 12.4.03.
5.9
CVE-2025-26762 - WordPress WooCommerce plugin <= 9.7.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooCommerce woocommerce allows Stored XSS.This issue affects WooCommerce: from n/a through <= 9.7.0.
9.6
CVE-2025-26909 - WordPress Hide My WP Ghost plugin <= 5.4.01 - Local File Inclusion to RCE vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in John Darrel Hide My WP Ghost hide-my-wp allows PHP Local File Inclusion.This issue affects Hide My WP Ghost: from n/a through <= 5.4.01.
6.5
CVE-2025-22278 - WordPress Whitish Lite theme <= 2.1.13 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yudleethemes Whitish Lite allows Stored XSS.This issue affects Whitish Lite: from n/a through 2.1.13.
5.9
CVE-2025-22496 - WordPress Notif Bell Plugin <= 0.9.8 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MarMar8x Notif Bell notif-bell allows Stored XSS.This issue affects Notif Bell: from n/a through <= 0.9.8.
6.5
CVE-2025-22497 - WordPress Simple Google Calendar Outlook Events Block Widget plugin <= 2.5.0 - Cross Site Scriptingβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bramwaas Simple Google Calendar Outlook Events Block Widget simple-google-icalendar-widget allows Stored XSS.This issue affects Simple Google Calendar Outlook Events Block Widget: from n/a through β¦
5.1
CVE-2025-2855 - elunez eladmin upload checkFile deserialization
A vulnerability, which was classified as problematic, has been found in elunez eladmin up to 2.7. Affected by this issue is the function checkFile of the file /api/deploy/upload. The manipulation of the argument servers leads to deserialization. The attack may be launched remotely.