8.6
CVE-2024-13726 - Themes Coder <= 1.3.4 - Unauthenticated SQLi
The Coder WordPress plugin through 1.3.4 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection
4.8
CVE-2025-1378 - radare2 rasm2 rasm2.c memory corruption
A vulnerability, which was classified as problematic, was found in radare2 5.9.9 33286. Affected is an unknown function in the library /libr/main/rasm2.c of the component rasm2. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to thβ¦
4.7
CVE-2024-13627 - WP Touch Slider <= 2.2 - Reflected XSS
The OWL Carousel Slider WordPress plugin through 2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
7.1
CVE-2024-13626 - VR Frases <= 3.0.1 - Reflected XSS
The VR-Frases (collect & share quotes) WordPress plugin through 3.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
7.1
CVE-2024-13625 - Tube Video Ads Lite <= 1.5.7 - Reflected XSS
The Tube Video Ads Lite WordPress plugin through 1.5.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
4.7
CVE-2024-13608 - Track Logins <= 1.0 - Admin+ SQL Injection
The Track Logins WordPress plugin through 1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks
6.1
CVE-2024-13603 - Wise Forms <= 1.2.0 - Unauthenticated Stored XSS
The Wise Forms WordPress plugin through 1.2.0 does not sanitise and escape some of its settings, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks via malicious form submissions.
4.8
CVE-2025-1377 - GNU elfutils eu-strip strip.c gelf_getsymshndx denial of service
A vulnerability, which was classified as problematic, has been found in GNU elfutils 0.192. This issue affects the function gelf_getsymshndx of the file strip.c of the component eu-strip. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been diβ¦
2
CVE-2025-1376 - GNU elfutils eu-strip elf_strptr.c elf_strptr denial of service
A vulnerability classified as problematic was found in GNU elfutils 0.192. This vulnerability affects the function elf_strptr in the library /libelf/elf_strptr.c of the component eu-strip. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The compleβ¦
7.2
CVE-2025-0924 - WP Activity Log <= 5.2.2 - Unauthenticated Stored Cross-Site Scripting
The WP Activity Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βmessageβ parameter in all versions up to, and including, 5.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scriβ¦