4.3
CVE-2025-0748 - Homey <= 2.4.3 - Cross-Site Request Forgery to User Verification
The Homey theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.3. This is due to missing or incorrect nonce validation on the 'homey_verify_user_manually' function. This makes it possible for unauthenticated attackers to update verify an user via a fβ¦
4.3
CVE-2024-13526 - EventPrime β Events Calendar, Bookings and Tickets <= 4.0.7.3 - Missing Authorization to Authenticaβ¦
The EventPrime β Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability checks on the export_submittion_attendees function in all versions up to, and including, 4.0.7.3. This makes it possible for authenticated attackers, β¦
8.1
CVE-2025-0749 - Homey <= 2.4.3 - Limited Authentication Bypass due to Missing Empty Value Check
The Homey theme for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.4.3. This is due to the 'verification_id' value being set to empty, and the not empty check is missing in the dashboard user profile page. This makes it possible for unauthenticated attackers toβ¦
6.9
CVE-2025-2058 - PHPGurukul Emergency Ambulance Hiring Portal search.php sql injection
A vulnerability has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/search.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remβ¦
6.9
CVE-2025-2057 - PHPGurukul Emergency Ambulance Hiring Portal about-us.php sql injection
A vulnerability, which was classified as critical, was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected is an unknown function of the file /admin/about-us.php. The manipulation of the argument pagedes leads to sql injection. It is possible to launch the attack remotely. The exploβ¦
5.1
CVE-2025-2054 - code-projects Blood Bank Management System edit_state.php sql injection
A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/edit_state.php. The manipulation of the argument state_id leads to sql injection. The attack can be launched rβ¦
5.3
CVE-2025-2053 - PHPGurukul Apartment Visitors Management System visitor-detail.php sql injection
A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /visitor-detail.php. The manipulation of the argument editid leads to sql injection. It is possible to launch the attack remotely. The exβ¦
5.3
CVE-2025-2052 - PHPGurukul Apartment Visitors Management System forgot-password.php sql injection
A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /forgot-password.php. The manipulation of the argument contactno leads to sql injection. The attack may be initiated remotely. The explβ¦
5.3
CVE-2025-2051 - PHPGurukul Apartment Visitors Management System search-visitor.php sql injection
A vulnerability has been found in PHPGurukul Apartment Visitors Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /search-visitor.php. The manipulation of the argument searchdata leads to sql injection. The attack can be initiated remotely. The exβ¦
6.4
CVE-2025-27824 -
An XSS issue was discovered in the Link iframe formatter module before 1.x-1.1.1 for Backdrop CMS. It doesn't sufficiently sanitize input before displaying results to the screen. This vulnerability is mitigated by the fact that an attacker must have the ability to create content containing an iFramβ¦