4.3
CVE-2024-13217 - Jeg Elementor Kit <= 2.6.11 - Authenticated (Contributor+) Sensitive Information Exposure via Count…
The Jeg Elementor Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.11 via the 'expired_data' and 'build_content' functions. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensi…
6.4
CVE-2025-1450 - Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call B…
The Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button, WhatsApp – Chaty plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-hover’ parameter in all versions up to, and including, 3.3.5 due to insufficient input sanit…
6.4
CVE-2024-13734 - Card Elements for Elementor <= 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via…
The Card Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Profile Card widget in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authe…
8.8
CVE-2025-1282 - Car Dealer Automotive WordPress Theme – Responsive <= 1.6.3 - Authenticated (Subscriber+) Arbitrary…
The Car Dealer Automotive WordPress Theme – Responsive theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_post_photo() and add_car() functions in all versions up to, and including, 1.6.3. This makes it possible for authenticated attac…
6.4
CVE-2025-1690 - ThemeMakers Stripe Checkout <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via…
The ThemeMakers Stripe Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'stripe' shortcode in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attac…
8.1
CVE-2025-1717 - Login Me Now <= 1.7.2 - Authentication Bypass
The Login Me Now plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.7.2. This is due to insecure authentication based on an arbitrary transient name in the 'AutoLogin::listen()' function. This makes it possible for unauthenticated attackers to log in an …
6.1
CVE-2024-5848 - Reflected Cross-Site Scripting (XSS) in Multiple WSO2 Products Due to Improper Input Validation
A reflected cross-site scripting (XSS) vulnerability exists in multiple WSO2 products due to improper input validation. User-supplied data is directly included in server responses from vulnerable service endpoints without proper sanitization or encoding, allowing an attacker to inject malicious Jav…
5.4
CVE-2024-0392 - Cross-Site Request Forgery (CSRF) in WSO2 Enterprise Integrator 6.6.0 Management Console Due to Mis…
A Cross-Site Request Forgery (CSRF) vulnerability exists in the management console of WSO2 Enterprise Integrator 6.6.0 due to the absence of CSRF token validation. This flaw allows attackers to craft malicious requests that can trigger state-changing operations on behalf of an authenticated user, p…
0.0
CVE-2025-1737 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
6.4
CVE-2025-1689 - ThemeMakers PayPal Express Checkout <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scrip…
The ThemeMakers PayPal Express Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'paypal' shortcode in versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat…