7.5
CVE-2024-12315 - Export All Posts, Products, Orders, Refunds & Users <= 2.9.3 - Information Disclosure Through Unproโฆ
The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.3 via the exports directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in theโฆ
5.3
CVE-2025-1186 - dayrui XunRuiCMS Api.php deserialization
A vulnerability was found in dayrui XunRuiCMS up to 4.6.4. It has been declared as critical. This vulnerability affects unknown code of the file /Control/Api/Api.php. The manipulation of the argument thumb leads to deserialization. The attack can be initiated remotely. The exploit has been discloseโฆ
6.1
CVE-2023-49780 -
Cross-site scripting vulnerability exists in acmailer CGI ver.4.0.5 and earlier. An arbitrary script may be executed on the web browser of the user who accessed the management page of the affected product.
5.3
CVE-2024-13794 - Hide My WP Ghost โ Security & Firewall <= 5.3.02 - Unauthenticated Login Page Disclosure
The WP Ghost (Hide My WP Ghost) โ Security & Firewall plugin for WordPress is vulnerable to Login Page Dislcosure in all versions up to, and including, 5.3.02. This is due to the plugin not properly restricting the /wp-register.php path. This makes it possible for unauthenticated attackers to discoโฆ
5.3
CVE-2024-13821 - WP Booking Calendar <= 10.10 - Unauthenticated Post-Confirmation Booking Manipulation
The WP Booking Calendar plugin for WordPress is vulnerable to Unauthenticated Post-Confirmation Booking Manipulation in all versions up to, and including, 10.10. This is due to the plugin not properly requiring re-verification after a booking has been made and a change is being attempted. This makeโฆ
5.3
CVE-2025-1185 - pihome-shc PiHome ajax.php sql injection
A vulnerability was found in pihome-shc PiHome 2.0. It has been classified as critical. This affects an unknown part of the file /ajax.php?Ajax=GetModal_Sensor_Graph. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the publiโฆ
5.3
CVE-2025-1184 - pihome-shc PiHome ajax.php sql injection
A vulnerability was found in pihome-shc PiHome 1.77 and classified as critical. Affected by this issue is some unknown functionality of the file /ajax.php?Ajax=GetModal_MQTTEdit. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been diโฆ
5.3
CVE-2025-1183 - CodeZips Gym Management System more-userprofile.php sql injection
A vulnerability has been found in CodeZips Gym Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /dashboard/admin/more-userprofile.php. The manipulation of the argument login_id leads to sql injection. The attack can be launchedโฆ
4.3
CVE-2024-13601 - Majestic Support โ The Leading-Edge Help Desk & Customer Support Plugin <= 1.0.5 - Authenticated (Sโฆ
The Majestic Support โ The Leading-Edge Help Desk & Customer Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.0.5 via the 'exportusereraserequest' function due to missing validation on a user controlled key. This makes it โฆ
7.5
CVE-2024-13600 - Majestic Support โ The Leading-Edge Help Desk & Customer Support Plugin <= 1.0.5 - Unauthenticated โฆ
The Majestic Support โ The Leading-Edge Help Desk & Customer Support Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.5 via the 'majesticsupportdata' directory. This makes it possible for unauthenticated attackers to extract sensiโฆ