3.5
CVE-2025-1203 - Slider, Gallery, Carousel by MetaSlider < 3.95.0 - Editor+ Stored XSS
The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.95.0 does not sanitise and escape some of its settings, which could allow high privilege users such as editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for exampleโฆ
3.5
CVE-2025-1062 - Slider, Gallery, Carousel by MetaSlider < 3.95.0 - Editor+ Stored XSS
The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.95.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example โฆ
3.5
CVE-2024-13124 - Photo Gallery by 10Web < 1.8.33 - Admin+ Stored XSS
The Photo Gallery by 10Web WordPress plugin before 1.8.33 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
3.5
CVE-2024-10558 - Form Maker by 10Web < 1.15.30 - Admin+ Stored XSS
The Form Maker by 10Web WordPress plugin before 1.15.30 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
6.9
CVE-2025-2686 - mingyuefusu ๆๆๅค่ tushuguanlixitong ๅพไนฆ็ฎก็็ณป็ป Backend admin doFilter access control
A vulnerability has been found in mingyuefusu ๆๆๅค่ tushuguanlixitong ๅพไนฆ็ฎก็็ณป็ป up to d4836f6b49cd0ac79a4021b15ce99ff7229d4694 and classified as critical. Affected by this vulnerability is the function doFilter of the file /admin/ of the component Backend. The manipulation of the argument Request leadsโฆ
6.9
CVE-2025-2684 - PHPGurukul Bank Locker Management System search-report-details.php sql injection
A vulnerability, which was classified as critical, has been found in PHPGurukul Bank Locker Management System 1.0. This issue affects some unknown processing of the file /search-report-details.php. The manipulation of the argument searchinput leads to sql injection. The attack may be initiated remoโฆ
6.9
CVE-2025-2683 - PHPGurukul Bank Locker Management System profile.php sql injection
A vulnerability classified as critical was found in PHPGurukul Bank Locker Management System 1.0. This vulnerability affects unknown code of the file /profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack can be initiated remotely. The exploit has been discloโฆ
6.9
CVE-2025-2682 - PHPGurukul Bank Locker Management System edit-subadmin.php sql injection
A vulnerability classified as critical has been found in PHPGurukul Bank Locker Management System 1.0. This affects an unknown part of the file /edit-subadmin.php?said=3. The manipulation of the argument mobilenumber leads to sql injection. It is possible to initiate the attack remotely. The exploiโฆ
6.9
CVE-2025-2681 - PHPGurukul Bank Locker Management System edit-locker.php sql injection
A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /edit-locker.php?ltid=6. The manipulation of the argument lockersize leads to sql injection. The attack may be launched remotelyโฆ
6.9
CVE-2025-2680 - PHPGurukul Bank Locker Management System edit-assign-locker.php sql injection
A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /edit-assign-locker.php?ltid=1. The manipulation of the argument mobilenumber leads to sql injection. The attack can beโฆ