7.5
CVE-2025-21623 - ClipBucket V5 Unauthenticated Template Directory Update to Denial-of-Service
ClipBucket V5 provides open source video hosting with PHP. Prior to 5.5.1 - 238, ClipBucket V5 allows unauthenticated attackers to change the template directory via a directory traversal, which results in a denial of service.
7.5
CVE-2025-21622 - ClipBucket V5 Avatar URL Path Traversal to Arbitrary File Delete
ClipBucket V5 provides open source video hosting with PHP. During the user avatar upload workflow, a user can choose to upload and change their avatar at any time. During deletion, ClipBucket checks for the avatar_url as a filepath within the avatars subdirectory. If the URL path exists within the β¦
4.3
CVE-2024-52813 - matrix-sdk-crypto missing facility to signal rotation of a verified cryptographic identity
matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. Versions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated mechanism to notify that a user's cryptographic identity has changed from a verified to an unverified one, which could cause client applicationsβ¦
5.3
CVE-2025-0297 - code-projects Online Book Shop detail.php sql injection
A vulnerability was found in code-projects Online Book Shop 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /detail.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to theβ¦
8.1
CVE-2024-53800 - WordPress Rezgo Online Booking plugin <= 4.17 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in rezgo Rezgo rezgo allows PHP Local File Inclusion.This issue affects Rezgo: from n/a through <= 4.17.
7.1
CVE-2024-56056 - WordPress SimpleCharm Theme <= 1.4.3 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kmfoysal06 SimpleCharm simplecharm allows Reflected XSS.This issue affects SimpleCharm: from n/a through <= 1.4.3.
7.1
CVE-2025-22294 - WordPress Custom Field For WP Job Manager plugin <= 1.3 - Reflected Cross Site Scripting (XSS) vulnβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in theme funda Custom Field For WP Job Manager custom-field-for-wp-job-manager allows Reflected XSS.This issue affects Custom Field For WP Job Manager: from n/a through <= 1.3.
7.1
CVE-2025-22335 - WordPress Opencart Product in WP plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerabiliβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rajib.dewan Opencart Product in WP opencart-product-in-wp allows Reflected XSS.This issue affects Opencart Product in WP: from n/a through <= 1.0.1.
7.1
CVE-2025-22338 - WordPress WP-tagMaker plugin <= 0.2.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lich_wang WP-tagMaker tagmaker allows Reflected XSS.This issue affects WP-tagMaker: from n/a through <= 0.2.2.
7.6
CVE-2025-22502 - WordPress MindValley Super PageMash Plugin <= 1.1 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mindvalley MindValley Super PageMash mindvalley-pagemash allows SQL Injection.This issue affects MindValley Super PageMash: from n/a through <= 1.1.