0.0
CVE-2025-22363 - WordPress Allada T-shirt Designer for Woocommerce plugin <= 1.1 - Broken Access Control vulnerabiliโฆ
Missing Authorization vulnerability in Hermann LAHAMI Allada T-shirt Designer for Woocommerce allada-tshirt-designer-for-woocommerce.This issue affects Allada T-shirt Designer for Woocommerce: from n/a through <= 1.1.
0.0
CVE-2025-22296 - WordPress Hash Elements plugin <= 1.5.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hashthemes Hash Elements hash-elements.This issue affects Hash Elements: from n/a through <= 1.5.0.
4.3
CVE-2025-22319 - WordPress MashShare plugin <= 4.0.47 - Broken Access Control vulnerability
Missing Authorization vulnerability in DearHive Social Media Share Buttons | MashShare.This issue affects Social Media Share Buttons | MashShare: from n/a through 4.0.47.
6.5
CVE-2025-22334 - WordPress Education LMS theme <= 0.0.7 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FilaThemes Education LMS allows Stored XSS.This issue affects Education LMS: from n/a through 0.0.7.
5.1
CVE-2024-12429 -
An attacker who successfully exploited these vulnerabilities could grant read access to files.ย A vulnerability exists in the AC500 V3 version mentioned. Aย successfully authenticated attacker can use this vulnerability to read system wide files and configuration All AC500 V3 products (PM5xxx) witโฆ
6.5
CVE-2025-22354 - WordPress Digi Store theme <= 1.1.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Code Themes Digi Store allows DOM-Based XSS.This issue affects Digi Store: from n/a through 1.1.4.
6.5
CVE-2025-22365 - WordPress EMC2 Alert Boxes Plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eric McNiece EMC2 Alert Boxes allows Stored XSS.This issue affects EMC2 Alert Boxes: from n/a through 1.3.
0.0
CVE-2025-22500 - WordPress Alpha Price Table For Elementor plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ali Ali Alpha Price Table For Elementor alpha-price-table-for-elementor allows DOM-Based XSS.This issue affects Alpha Price Table For Elementor: from n/a through <= 1.2.0.
7.6
CVE-2025-22350 - WordPress Indeed Ultimate Learning Pro plugin <= 3.9 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WpIndeed Ultimate Learning Pro allows SQL Injection.This issue affects Ultimate Learning Pro: from n/a through 3.9.
6.4
CVE-2025-22621 - Privilege escalation for users who hold the โsplunk_app_soarโ role in the Splunk App for SOAR
In versions 1.0.67 and lower of the Splunk App for SOAR, the Splunk documentation for that app recommended adding the `admin_all_objects` capability to the `splunk_app_soar` role. This addition could lead to improper access control for a low-privileged user that does not hold the "admin" Splunk roโฆ