7.1
CVE-2025-23489 - WordPress WP-Announcements plugin <= 1.8 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brian Messenlehner WP-Announcements wp-announcements allows Reflected XSS.This issue affects WP-Announcements: from n/a through <= 1.8.
8.2
CVE-2025-23477 - WordPress Realty Workstation plugin <= 1.0.45 - Broken Access Control vulnerability
Missing Authorization vulnerability in realtyworkstation Realty Workstation realty-workstation allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Realty Workstation: from n/a through <= 1.0.45.
7.1
CVE-2025-23461 - WordPress Social2Blog plugin <= 0.2.990 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xkollsoftware Social2Blog social2blog allows Reflected XSS.This issue affects Social2Blog: from n/a through <= 0.2.990.
7.1
CVE-2025-23454 - WordPress Nature FlipBook WordPress Plugin plugin <= 1.7 - Reflected Cross Site Scripting (XSS) vulβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in flashmaniac Nature FlipBook vertical-diamond-flipbook-flash allows Reflected XSS.This issue affects Nature FlipBook: from n/a through <= 1.7.
7.6
CVE-2025-24018 - YesWiki Vulnerable to Authenticated Stored XSS
YesWiki is a wiki system written in PHP. In versions up to and including 4.4.5, it is possible for an authenticated user with rights to edit/create a page or comment to trigger a stored XSS which will be reflected on any page where the resource is loaded. The vulnerability makes use of the content β¦
2.4
CVE-2024-45687 - HTTP Server incorrectly accepting disallowed characters within header values
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') vulnerability in Payara Platform Payara Server (Grizzly, REST Management Interface modules), Payara Platform Payara Micro (Grizzly modules) allows Manipulating State, Identity Spoofing.This issue affects Pβ¦
0.0
CVE-2025-0623 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
7.6
CVE-2025-24017 - YesWiki Vulnerable to Unauthenticated DOM Based XSS
YesWiki is a wiki system written in PHP. Versions up to and including 4.4.5 are vulnerable to any end-user crafting a DOM based XSS on all of YesWiki's pages which is triggered when a user clicks on a malicious link. The vulnerability makes use of the search by tag feature. When a tag doesn't existβ¦
4.6
CVE-2025-24012 - Umbraco Backoffice Components Have XSS/HTML Injection Vulnerability
Umbraco is a free and open source .NET content management system. Starting in version 14.0.0 and prior to versions 14.3.2 and 15.1.2, authenticated users are able to exploit a cross-site scripting vulnerability when viewing certain localized backoffice components. Versions 14.3.2 and 15.1.2 containβ¦
5.3
CVE-2025-24011 - Umbraco CMS Vulnerable to User Enumeration Feasible Based On Management API Timing and Response Codβ¦
Umbraco is a free and open source .NET content management system. Starting in version 14.0.0 and prior to versions 14.3.2 and 15.1.2, it's possible to determine whether an account exists based on an analysis of response codes and timing of Umbraco management API responses. Versions 14.3.2 and 15.1.β¦