7.1
CVE-2024-13885 - WP E Customers <= 0.0.1 - Reflected XSS
The WP e-Customers Beta WordPress plugin through 0.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
7.1
CVE-2024-13884 - Limit Bio <= 1.0 - Reflected XSS
The Limit Bio WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
3.7
CVE-2024-8402 - Improper Neutralization of Special Elements used in a Command ('Command Injection') in GitLab
An issue was discovered in GitLab EE affecting all versions starting from 17.2 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2. An input validation issue in the Google Cloud IAM integration feature could have enabled a Maintainer to introdβ¦
4.4
CVE-2024-12380 - Generation of Error Message Containing Sensitive Information in GitLab
An issue was discovered in GitLab EE/CE affecting all versions starting from 11.5 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2. Certain user inputs in repository mirroring settings could potentially expose sensitive authentication inforβ¦
6.5
CVE-2024-13054 - Allocation of Resources Without Limits or Throttling in GitLab
An issue was discovered in GitLab CE/EE affecting all versions before 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2. where a denial of service vulnerability could allow an attacker to cause a system reboot under certain conditions.
4.3
CVE-2025-0652 - Incorrect Authorization in GitLab
An issue has been discovered in GitLab EE/CE affecting all versions starting from 16.9 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2 could allow unauthorized users to access confidential information intended for internal use only.
6.4
CVE-2025-1503 - WP Recipe Maker <= 9.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Roundup Recipe Name field in all versions up to, and including, 9.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level β¦
7.2
CVE-2025-1561 - AppPresser β Mobile App Framework <= 4.4.10 - Unauthenticated Stored Cross-Site Scripting
The AppPresser β Mobile App Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter in all versions up to, and including, 4.4.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject aβ¦
4.3
CVE-2025-2104 - Page Builder: Pagelayer β Drag and Drop website builder <= 1.9.9 - Missing Authorization to Authentβ¦
The Page Builder: Pagelayer β Drag and Drop website builder plugin for WordPress is vulnerable to unauthorized post publication due to insufficient validation on the pagelayer_save_content() function in all versions up to, and including, 1.9.8. This makes it possible for authenticated attackers, wiβ¦
4.9
CVE-2025-2250 - WordPress Report Brute Force Attacks and Login Protection ReportAttacks Plugins <= 2.32 - Authenticβ¦
The WordPress Report Brute Force Attacks and Login Protection ReportAttacks Plugins plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.32 due to insufficient escaping on the user supplied parameter and lack of sufficient preparatiβ¦