10
CVE-2025-26615 - Path Traversal endpoint 'examples.php' parameter 'src' in WeGIA
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Path Traversal vulnerability was discovered in the WeGIA application, `examples.php` endpoint. This vulnerability could allow an attacker to gain unauthorized access to sensitive information stored in β¦
0.0
CVE-2025-1460 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
10
CVE-2025-26616 - Path Traversal endpoint 'exportar_dump.php' parameter 'file' in WeGIA
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Path Traversal vulnerability was discovered in the WeGIA application, `exportar_dump.php` endpoint. This vulnerability could allow an attacker to gain unauthorized access to sensitive information storeβ¦
10
CVE-2025-26617 - SQL Injection endpoint 'historico_paciente.php' parameter 'id_fichamedica' in WeGIA
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `historico_paciente.php` endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing unauthorizeβ¦
8.6
CVE-2025-22663 - WordPress Paid Videochat Turnkey Site plugin <= 7.2.12 - Arbitrary File Deletion vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in videowhisper Paid Videochat Turnkey Site ppv-live-webcams allows Path Traversal.This issue affects Paid Videochat Turnkey Site: from n/a through <= 7.2.12.
7.5
CVE-2025-22657 - WordPress Atarim plugin <= 4.0.9 - Arbitrary Content Deletion vulnerability
Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Atarim: from n/a through <= 4.0.9.
8.1
CVE-2025-22656 - WordPress Cookie Monster Plugin <= 1.2.2 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Oscar Alvarez Cookie Monster cookie-monster allows PHP Local File Inclusion.This issue affects Cookie Monster: from n/a through <= 1.2.2.
10
CVE-2025-22654 - WordPress Simplified Plugin Plugin <= 1.0.6 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in kodeshpa Simplified simplified allows Using Malicious Files.This issue affects Simplified: from n/a through <= 1.0.6.
0.0
CVE-2025-22650 - WordPress Smartarget.online Integration plugin <= 1.5.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Erez Hadas-Sonnenschein Smartarget smartarget-contact-us allows Stored XSS.This issue affects Smartarget: from n/a through <= 1.5.3.
0.0
CVE-2025-22645 - WordPress Real Estate Manager plugin <= 7.3 - Captcha Bypass Vulnerability vulnerability
Improper Restriction of Excessive Authentication Attempts vulnerability in Rameez Iqbal Real Estate Manager real-estate-manager allows Password Brute Forcing.This issue affects Real Estate Manager: from n/a through <= 7.3.