5.3

CVSS4.0

CVE-2025-2334 - 274056675 springboot-openai-chatgpt Chat History chat deleteChat access control

A vulnerability classified as problematic has been found in 274056675 springboot-openai-chatgpt e84f6f5. This affects the function deleteChat of the file /api/mjkj-chat/chat/ai/delete/chat of the component Chat History Handler. The manipulation of the argument chatListId leads to improper access co…

πŸ“… Published: March 15, 2025, 11 p.m. πŸ”„ Last Modified: March 17, 2025, 4:15 p.m.

8.5

CVSS3.1

CVE-2025-27281 - WordPress All In Menu Plugin <= 1.1.5 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in cookforweb All In Menu allows Blind SQL Injection. This issue affects All In Menu: from n/a through 1.1.5.

πŸ“… Published: March 15, 2025, 9:57 p.m. πŸ”„ Last Modified: March 17, 2025, 4:09 p.m.

8.5

CVSS3.1

CVE-2025-26978 - WordPress FS Poster plugin <= 6.5.8 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound FS Poster. This issue affects FS Poster: from n/a through 6.5.8.

πŸ“… Published: March 15, 2025, 9:57 p.m. πŸ”„ Last Modified: March 17, 2025, 4:09 p.m.

8.5

CVSS3.1

CVE-2025-26976 - WordPress PrivateContent plugin <= 8.11.4 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aldo Latino PrivateContent. This issue affects PrivateContent: from n/a through 8.11.4.

πŸ“… Published: March 15, 2025, 9:57 p.m. πŸ”„ Last Modified: March 18, 2025, 4:11 p.m.

7.1

CVSS3.1

CVE-2025-26972 - WordPress PrivateContent plugin <= 8.11.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound PrivateContent. This issue affects PrivateContent: from n/a through 8.11.5.

πŸ“… Published: March 15, 2025, 9:57 p.m. πŸ”„ Last Modified: March 18, 2025, 4:12 p.m.

8.3

CVSS3.1

CVE-2025-26969 - WordPress PrivateContent plugin <= 8.11.5 - Subscriber+ Site Wide Broken Access Control vulnerabili…

Missing Authorization vulnerability in Aldo Latino PrivateContent. This issue affects PrivateContent: from n/a through 8.11.5.

πŸ“… Published: March 15, 2025, 9:57 p.m. πŸ”„ Last Modified: March 18, 2025, 4:13 p.m.

8.6

CVSS3.1

CVE-2025-26961 - WordPress Fresh Framework plugin <= 1.70.0 - Unauthenticated Broken Access Control vulnerability

Missing Authorization vulnerability in NotFound Fresh Framework allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Fresh Framework: from n/a through 1.70.0.

πŸ“… Published: March 15, 2025, 9:57 p.m. πŸ”„ Last Modified: March 18, 2025, 4:14 p.m.

6.3

CVSS3.1

CVE-2025-26940 - WordPress Pie Register Premium plugin <= 3.8.3.2 - Path Traversal to Non-Arbitrary File Deletion vu…

Path Traversal vulnerability in NotFound Pie Register Premium. This issue affects Pie Register Premium: from n/a through 3.8.3.2.

πŸ“… Published: March 15, 2025, 9:57 p.m. πŸ”„ Last Modified: March 18, 2025, 4:15 p.m.

6.5

CVSS3.1

CVE-2025-26924 - WordPress Ohio Theme Extra plugin <= 3.4.7 - Shortcode Injection vulnerability

Improper Control of Generation of Code ('Code Injection') vulnerability in NotFound Ohio Extra allows Code Injection. This issue affects Ohio Extra: from n/a through 3.4.7.

πŸ“… Published: March 15, 2025, 9:57 p.m. πŸ”„ Last Modified: March 18, 2025, 4:16 p.m.

8.8

CVSS3.1

CVE-2025-26921 - WordPress Booking and Rental Manager Plugin <= 2.2.6 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in magepeopleteam Booking and Rental Manager allows Object Injection. This issue affects Booking and Rental Manager: from n/a through 2.2.6.

πŸ“… Published: March 15, 2025, 9:57 p.m. πŸ”„ Last Modified: March 18, 2025, 4:16 p.m.
Total resulsts: 285724
Page 31 of 28,573
Β« previous page Β» next page
Filters