6.4
CVE-2025-0506 - Rise Blocks โ A Complete Gutenberg Page Builder <= 3.6 - Authenticated (Contributor+) Stored Cross-โฆ
The Rise Blocks โ A Complete Gutenberg Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the titleTag parameter in all versions up to, and including, 3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, โฆ
7.5
CVE-2024-13528 - Customer Email Verification for WooCommerce <= 2.9.5 - Authentication Bypass via Shortcode
The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.9.5. This is due to the presence of a shortcode that will generate a confirmation link with a placeholder email. This makes it possible for authenticatโฆ
5.3
CVE-2025-1188 - Codezips Gym Management System updateroutine.php sql injection
A vulnerability, which was classified as critical, has been found in Codezips Gym Management System 1.0. Affected by this issue is some unknown functionality of the file /dashboard/admin/updateroutine.php. The manipulation of the argument tid leads to sql injection. The attack may be launched remotโฆ
4.8
CVE-2025-1187 - code-projects Police FIR Record Management System Delete Record stack-based overflow
A vulnerability classified as critical was found in code-projects Police FIR Record Management System 1.0. Affected by this vulnerability is an unknown functionality of the component Delete Record Handler. The manipulation leads to stack-based buffer overflow. Attacking locally is a requirement. Thโฆ
5.4
CVE-2024-13814 - Global Gallery - WordPress Responsive Gallery <= 9.1.5 - Authenticated (Subscriber+) Arbitrary Shorโฆ
The The Global Gallery - WordPress Responsive Gallery plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 9.1.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode.โฆ
7.5
CVE-2024-12315 - Export All Posts, Products, Orders, Refunds & Users <= 2.9.3 - Information Disclosure Through Unproโฆ
The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.3 via the exports directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in theโฆ
5.3
CVE-2025-1186 - dayrui XunRuiCMS Api.php deserialization
A vulnerability was found in dayrui XunRuiCMS up to 4.6.4. It has been declared as critical. This vulnerability affects unknown code of the file /Control/Api/Api.php. The manipulation of the argument thumb leads to deserialization. The attack can be initiated remotely. The exploit has been discloseโฆ
6.1
CVE-2023-49780 -
Cross-site scripting vulnerability exists in acmailer CGI ver.4.0.5 and earlier. An arbitrary script may be executed on the web browser of the user who accessed the management page of the affected product.
5.3
CVE-2024-13794 - Hide My WP Ghost โ Security & Firewall <= 5.3.02 - Unauthenticated Login Page Disclosure
The WP Ghost (Hide My WP Ghost) โ Security & Firewall plugin for WordPress is vulnerable to Login Page Dislcosure in all versions up to, and including, 5.3.02. This is due to the plugin not properly restricting the /wp-register.php path. This makes it possible for unauthenticated attackers to discoโฆ
5.3
CVE-2024-13821 - WP Booking Calendar <= 10.10 - Unauthenticated Post-Confirmation Booking Manipulation
The WP Booking Calendar plugin for WordPress is vulnerable to Unauthenticated Post-Confirmation Booking Manipulation in all versions up to, and including, 10.10. This is due to the plugin not properly requiring re-verification after a booking has been made and a change is being attempted. This makeโฆ