6.1
CVE-2024-13444 - wp-greet <= 6.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The wp-greet plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via aโฆ
6.4
CVE-2024-11226 - FireCask Like & Share Button <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via โฆ
The FireCask Like & Share Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-levโฆ
5.3
CVE-2024-13230 - Social Share, Social Login and Social Comments Plugin โ Super Socializer <= 7.14 - Unauthenticated โฆ
The Social Share, Social Login and Social Comments Plugin โ Super Socializer plugin for WordPress is vulnerable to Limited SQL Injection via the โSuperSocializerKeyโ parameter in all versions up to, and including, 7.14 due to insufficient escaping on the user supplied parameter and lack of sufficieโฆ
6.4
CVE-2025-0450 - Betheme <= 27.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom JS
The Betheme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom JS functionality in all versions up to, and including, 27.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackโฆ
6.5
CVE-2024-52973 - Kibana allocation of resources without limits or throttling leads to crash
An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a specially crafted request to /api/log_entries/summary. This can be carried out by users with read access to the Observability-Logs feature in Kibana.
6.5
CVE-2024-43709 - Elasticsearch allocation of resources without limits or throttling leads to crash
An allocation of resources without limits or throttling in Elasticsearch can lead to an OutOfMemoryError exception resulting in a crash via a specially crafted query using an SQL function.
5.5
CVE-2024-37284 - Elastic Defend Improper Handling of Alternate Encoding Leads to Crash
Improper handling of alternate encoding occurs when Elastic Defend on Windows systems attempts to scan a file or process encoded as a multibyte character. This leads to an uncaught exception causing Elastic Defend to crash which in turn will prevent it from quarantining the file and/or killing the โฆ
5.3
CVE-2024-6466 -
NEC Corporation's WebSAM DeploymentManager v6.0 to v6.80 allows an attacker to reset configurations or restart products via network with X-FRAME-OPTIONS is not specified.
5.9
CVE-2025-23184 - Apache CXF: Denial of Service vulnerability with temporary files
A potential denial of service vulnerability is present in versions of Apache CXF beforeย 3.5.10, 3.6.5 and 4.0.6.ย In some edge cases, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system (it applies to servers and clients).
6.1
CVE-2024-13404 - Link Library <= 7.7.2 - Reflected Cross-Site Scripting
The Link Library plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'searchll' parameter in all versions up to, and including, 7.7.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scrโฆ