7.5
CVE-2025-0377 - HashiCorp go-slug Vulnerable to Zip Slip Attack
HashiCorpโs go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry.
8.2
CVE-2024-53829 - Cross-Site Request Forgery in CodeChecker API
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Cross-site request forgery allows an unauthenticated attacker to hijack the authentication of a logged in user, and use the web API with the same permissions,ย including but not liโฆ
7.1
CVE-2025-24001 - WordPress PPO Call To Actions plugin <= 0.1.3 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Ngรด Thแบฏng IT PPO Call To Actions ppo-call-to-actions allows Cross Site Request Forgery.This issue affects PPO Call To Actions: from n/a through <= 0.1.3.
7.1
CVE-2025-23998 - WordPress UltraLight theme <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in raratheme UltraLight the-ultralight allows Reflected XSS.This issue affects UltraLight: from n/a through <= 1.2.
6.5
CVE-2025-23997 - WordPress Tamara Checkout plugin < 1.9.9.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tamara Solution Tamara Checkout tamara-checkout allows Stored XSS.This issue affects Tamara Checkout: from n/a through < 1.9.9.1.
6.5
CVE-2025-22825 - WordPress Flexible PDF Coupons plugin < 1.10.3 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdesk Flexible PDF Coupons flexible-coupons allows Stored XSS.This issue affects Flexible PDF Coupons: from n/a through < 1.10.3.
7.1
CVE-2025-22733 - WordPress My auctions allegro Plugin <= 3.6.18 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Reflected XSS.This issue affects My auctions allegro: from n/a through <= 3.6.18.
6.5
CVE-2025-22732 - WordPress Ad Blocking Detector plugin <= 3.6.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Admiral Ad Blocking Detector ad-blocking-detector allows Stored XSS.This issue affects Ad Blocking Detector: from n/a through <= 3.6.0.
6.5
CVE-2025-22727 - WordPress MailChimp Subscribe Form plugin <= 4.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PluginOps MailChimp Subscribe Forms mailchimp-subscribe-sm allows Stored XSS.This issue affects MailChimp Subscribe Forms : from n/a through <= 4.1.
9.1
CVE-2025-22723 - WordPress Barcode Scanner and Inventory manager plugin <= 1.6.7 - Arbitrary File Upload vulnerabiliโฆ
Unrestricted Upload of File with Dangerous Type vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders allows Upload a Web Shell to a Web Server.This issue affects Barcode Scanner with Inventโฆ