0.0
CVE-2025-31029 - WordPress replyMail plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bingu replyMail replymail allows Stored XSS.This issue affects replyMail: from n/a through <= 1.2.0.
0.0
CVE-2025-28953 - WordPress smart SEO plugin <= 4.0 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in axiomthemes smart SEO smartSEO allows SQL Injection.This issue affects smart SEO: from n/a through <= 4.0.
0.0
CVE-2025-22288 - WordPress Smush Image Compression and Optimization plugin <= 3.17.0 - Directory Traversal vulnerabiβ¦
Path Traversal: '.../...//' vulnerability in WPMU DEV - Your All-in-One WordPress Platform Smush Image Compression and Optimization wp-smushit allows Path Traversal.This issue affects Smush Image Compression and Optimization: from n/a through <= 3.17.0.
8.7
CVE-2025-12556 - IDIS ICM Viewer Argument Injection
An argument injection vulnerability exists in the affected product that could allow an attacker to execute arbitrary code within the context of the host machine.
8.9
CVE-2025-11956 - XSS in Proliz's OBS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Proliz Software Ltd. Co. OBS (Student Affairs Information System) allows Stored XSS.This issue affects OBS (Student Affairs Information System): before 25.0401.
6.1
CVE-2025-10955 - HTML Injection in Netcad Software's Netigma
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Netcad Software Inc. Netigma allows XSS Through HTTP Query Strings.This issue affects Netigma: from 6.3.5 before 6.3.5 V8.
7
CVE-2025-37735 -
Improper preservation of permissions in Elastic Defend on Windows hosts can lead to arbitrary files on the system being deleted by the Defend service running as SYSTEM. In some cases, this could result in local privilege escalation.
6.1
CVE-2025-36054 - Cross-site scripting vulnerability affect IBM Business Automation Workflow Process Federation Serveβ¦
IBM Business Automation Workflow containers 24.0.0 through 24.0.0-IF006, 24.0.1 through 24.0.1-IF004, 25.0.0 through 25.0.0-IF001 and IBM Business Automation Workflow traditional with Process Federation Server 24.0.0 through 24.0.1 and 25.0.0 are vulnerable to cross-site scripting. This vulnerabiliβ¦
4.3
CVE-2025-11268 - Strong Testimonials <= 3.2.16 - Unauthenticated Arbitrary Shortcode Execution
The Strong Testimonials plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.2.16. This is due to the software allowing users to submit a testimonial in which a value is not properly validated or sanitized prior to being passed to a do_shortcodβ¦
4.3
CVE-2025-12360 - Better Find and Replace <= 1.7.7 - Missing Authorization
The Better Find and Replace β AI-Powered Suggestions plugin for WordPress is vulnerable to unauthorized API usage due to a missing capability check on the rtafar_ajax() function in all versions up to, and including, 1.7.7. This makes it possible for authenticated attackers, with Subscriber-level acβ¦