3.5
CVE-2024-13615 - Social Media Plugin by Social Snap <= 1.3.6 - Admin+ Stored XSS
The Social Share Buttons, Social Sharing Icons, Click to Tweet β Social Media Plugin by Social Snap WordPress plugin through 1.3.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfβ¦
4.3
CVE-2024-13580 - XV Random Quotes <= 1.40 - Settings Reset via CSRF
The XV Random Quotes WordPress plugin through 1.40 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack
7.1
CVE-2024-13574 - XV Random Quotes <= 1.40 - Reflected XSS
The XV Random Quotes WordPress plugin through 1.40 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
6.1
CVE-2024-13413 - ProductDyno <= 1.0.24 - Reflected Cross-Site Scripting via 'res' Parameter
The ProductDyno plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the βresβ parameter in all versions up to, and including, 1.0.24 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts β¦
6.1
CVE-2024-13436 - Appsero Helper <= 1.3.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The Appsero Helper plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.2. This is due to missing or incorrect nonce validation on the 'appsero_helper' page. This makes it possible for unauthenticated attackers to update settings and inject maliβ¦
7.3
CVE-2025-2169 - WPCS β WordPress Currency Switcher Professional <= 1.2.0.4 - Unauthenticated Arbitrary Shortcode Exβ¦
The The WPCS β WordPress Currency Switcher Professional plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.0.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcβ¦
9.8
CVE-2025-1661 - HUSKY β Products Filter Professional for WooCommerce <= 1.3.6.5 - Unauthenticated Local File Inclusβ¦
The HUSKY β Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.6.5 via the 'template' parameter of the woof_text_search AJAX action. This makes it possible for unauthenticated attackers to include and exeβ¦
5.3
CVE-2025-26707 -
Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.05.
0.0
CVE-2025-26471 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
0.0
CVE-2025-20107 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused