9.8
CVE-2025-0181 - WP Foodbakery <= 4.8 - Authentication Bypass in foodbakery_parse_request
The WP Foodbakery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.8. This is due to the plugin not properly validating a user's identity prior to setting the current user and their authentication cookie. This makes it possible β¦
9.8
CVE-2025-0180 - WP Foodbakery <= 4.7 - Unauthenticated Privilege Escalation in foodbakery_registration_validation
The WP Foodbakery plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 4.7. This is due to the plugin not properly restricting what user meta can be updated during profile registration. This makes it possible for unauthenticated attackers to register on tβ¦
6.3
CVE-2025-1178 - GNU Binutils ld libbfd.c bfd_putl64 memory corruption
A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. Affected by this vulnerability is the function bfd_putl64 of the file libbfd.c of the component ld. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rβ¦
5.3
CVE-2025-1177 - dayrui XunRuiCMS Linkage.php import_add deserialization
A vulnerability was found in dayrui XunRuiCMS 4.6.3. It has been classified as critical. Affected is the function import_add of the file dayrui/Fcms/Control/Admin/Linkage.php. The manipulation leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to β¦
6.1
CVE-2024-13570 - Stray Random Quotes <= 1.9.9 - Reflected XSS
The Stray Random Quotes WordPress plugin through 1.9.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
4.8
CVE-2024-13544 - Zarinpal Paid Downloads <= 2.3 - Admin+ Arbitrary File Upload
The Zarinpal Paid Download WordPress plugin through 2.3 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)
6.1
CVE-2024-13543 - Zarinpal Paid Downloads <= 2.3 - Reflected XSS
The Zarinpal Paid Download WordPress plugin through 2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
2.3
CVE-2025-1176 - GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec heap-based overflow
A vulnerability was found in GNU Binutils 2.43 and classified as critical. This issue affects the function _bfd_elf_gc_mark_rsec of the file elflink.c of the component ld. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The complexity of an attack is rathβ¦
4.8
CVE-2025-1174 - 1000 Projects Bookstore Management System Add Book Page process_book_add.php cross site scripting
A vulnerability has been found in 1000 Projects Bookstore Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file process_book_add.php of the component Add Book Page. The manipulation of the argument Book Name leads to cross site scripting. The attacβ¦
6.3
CVE-2025-1211 -
Versions of the package hackney before 1.21.0 are vulnerable to Server-side Request Forgery (SSRF) due to improper parsing of URLs by URI built-in module and hackey. Given the URL http://[email protected]/, the URI function will parse and see the host as 127.0.0.1 (which is correct), and hackneyβ¦