5.1
CVE-2024-12429 -
An attacker who successfully exploited these vulnerabilities could grant read access to files.ย A vulnerability exists in the AC500 V3 version mentioned. Aย successfully authenticated attacker can use this vulnerability to read system wide files and configuration All AC500 V3 products (PM5xxx) witโฆ
6.5
CVE-2025-22354 - WordPress Digi Store theme <= 1.1.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Code Themes Digi Store allows DOM-Based XSS.This issue affects Digi Store: from n/a through 1.1.4.
6.5
CVE-2025-22365 - WordPress EMC2 Alert Boxes Plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eric McNiece EMC2 Alert Boxes allows Stored XSS.This issue affects EMC2 Alert Boxes: from n/a through 1.3.
6.5
CVE-2025-22500 - WordPress Alpha Price Table For Elementor plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ali Ali Alpha Price Table For Elementor alpha-price-table-for-elementor allows DOM-Based XSS.This issue affects Alpha Price Table For Elementor: from n/a through <= 1.2.0.
7.6
CVE-2025-22350 - WordPress Indeed Ultimate Learning Pro plugin <= 3.9 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WpIndeed Ultimate Learning Pro allows SQL Injection.This issue affects Ultimate Learning Pro: from n/a through 3.9.
6.4
CVE-2025-22621 - Privilege escalation for users who hold the โsplunk_app_soarโ role in the Splunk App for SOAR
In versions 1.0.67 and lower of the Splunk App for SOAR, the Splunk documentation for that app recommended adding the `admin_all_objects` capability to the `splunk_app_soar` role. This addition could lead to improper access control for a low-privileged user that does not hold the "admin" Splunk roโฆ
5.3
CVE-2024-56270 - WordPress WP SecureSubmit plugin <= 1.5.20 - Sensitive Data Exposure vulnerability
Missing Authorization vulnerability in SecureSubmit WP SecureSubmit securesubmit allows Retrieve Embedded Sensitive Data.This issue affects WP SecureSubmit: from n/a through <= 1.5.20.
4.3
CVE-2024-56272 - WordPress Hide Category by User Role for WooCommerce plugin <= 2.1.1 - Broken Access Control vulnerโฆ
Missing Authorization vulnerability in ThemeSupport Hide Category by User Role for WooCommerce hide-category-by-user-role-for-woocommerce.This issue affects Hide Category by User Role for WooCommerce: from n/a through <= 2.1.1.
5.3
CVE-2025-0299 - code-projects Online Book Shop search_result.php sql injection
A vulnerability classified as critical has been found in code-projects Online Book Shop 1.0. Affected is an unknown function of the file /search_result.php. The manipulation of the argument s leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to theโฆ
7.3
CVE-2024-12430 -
An attacker who successfully exploited these vulnerabilities could cause enable command execution. A vulnerability exists in the AC500 V3 version mentioned. After successfully exploiting CVE-2024-12429 (directory traversal), a successfully authenticated attacker can inject arbitrary commands into aโฆ