7.5
CVE-2024-13490 - LTL Freight Quotes β XPO Edition <= 4.3.7 - Unauthenticated SQL Injection
The LTL Freight Quotes β XPO Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 4.3.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQLβ¦
9.8
CVE-2024-12213 - WP Job Board Pro < 1.2.85 - Unauthenticated Privilege Escalation via process_register
The WP Job Board Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to 2.3.16. This is due to the plugin allowing a user to supply the 'role' field when registering. This makes it possible for unauthenticated attackers to register as an administrator on vulnerable sitβ¦
6.4
CVE-2024-13456 - Easy Quiz Maker <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Easy Quiz Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wqt-question' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated β¦
7.5
CVE-2024-13435 - Ebook Downloader <= 1.0 - Unauthenticated SQL Injection
The Ebook Downloader plugin for WordPress is vulnerable to SQL Injection via the 'download' parameter in all versions up to, and including, 1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unautβ¦
7.5
CVE-2024-13473 - LTL Freight Quotes - Worldwide Express Edition <= 5.0.20 - Unauthenticated SQL Injection
The LTL Freight Quotes β Worldwide Express Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameter in all versions up to, and including, 5.0.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on thβ¦
6.4
CVE-2025-0506 - Rise Blocks β A Complete Gutenberg Page Builder <= 3.6 - Authenticated (Contributor+) Stored Cross-β¦
The Rise Blocks β A Complete Gutenberg Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the titleTag parameter in all versions up to, and including, 3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, β¦
7.5
CVE-2024-13528 - Customer Email Verification for WooCommerce <= 2.9.5 - Authentication Bypass via Shortcode
The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.9.5. This is due to the presence of a shortcode that will generate a confirmation link with a placeholder email. This makes it possible for authenticatβ¦
5.3
CVE-2025-1188 - Codezips Gym Management System updateroutine.php sql injection
A vulnerability, which was classified as critical, has been found in Codezips Gym Management System 1.0. Affected by this issue is some unknown functionality of the file /dashboard/admin/updateroutine.php. The manipulation of the argument tid leads to sql injection. The attack may be launched remotβ¦
4.8
CVE-2025-1187 - code-projects Police FIR Record Management System Delete Record stack-based overflow
A vulnerability classified as critical was found in code-projects Police FIR Record Management System 1.0. Affected by this vulnerability is an unknown functionality of the component Delete Record Handler. The manipulation leads to stack-based buffer overflow. Attacking locally is a requirement. Thβ¦
5.4
CVE-2024-13814 - Global Gallery - WordPress Responsive Gallery <= 9.1.5 - Authenticated (Subscriber+) Arbitrary Shorβ¦
The The Global Gallery - WordPress Responsive Gallery plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 9.1.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode.β¦