0.0
CVE-2025-48238 - WordPress AWcode Toolkit plugin <= 1.0.18 - Cross Site Request Forgery (CSRF) to Stored XSS vulneraβ¦
Cross-Site Request Forgery (CSRF) vulnerability in awcode AWcode Toolkit awcode-toolkit allows Stored XSS.This issue affects AWcode Toolkit: from n/a through <= 1.0.18.
0.0
CVE-2025-48237 - WordPress Wishlist for WooCommerce plugin <= 3.2.2 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Wishlist for WooCommerce wish-list-for-woocommerce allows Stored XSS.This issue affects Wishlist for WooCommerce: from n/a through <= 3.2.2.
0.0
CVE-2025-48236 - WordPress bunny.net plugin <= 2.3.0 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bunny.net bunny.net bunnycdn allows Stored XSS.This issue affects bunny.net: from n/a through <= 2.3.0.
0.0
CVE-2025-48235 - WordPress WP Image Mask plugin <= 3.1.2 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bogdan Bendziukov WP Image Mask wp-image-mask allows DOM-Based XSS.This issue affects WP Image Mask: from n/a through <= 3.1.2.
0.0
CVE-2025-48234 - WordPress Ultimate Blocks plugin <= 3.3.0 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ultimate Blocks Ultimate Blocks ultimate-blocks allows DOM-Based XSS.This issue affects Ultimate Blocks: from n/a through <= 3.3.0.
0.0
CVE-2025-48233 - WordPress Affiliates Manager Google reCAPTCHA Integration plugin <= 1.0.6 - Cross Site Request Forgβ¦
Cross-Site Request Forgery (CSRF) vulnerability in affmngr Affiliates Manager Google reCAPTCHA Integration affiliates-manager-google-recaptcha-integration allows Stored XSS.This issue affects Affiliates Manager Google reCAPTCHA Integration: from n/a through <= 1.0.6.
0.0
CVE-2025-48232 - WordPress Xpro Addons For Beaver Builder β Lite plugin <= 1.5.5 - Cross Site Scripting (XSS) Vulnerβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xpro Xpro Addons For Beaver Builder – Lite xpro-addons-beaver-builder-elementor allows Stored XSS.This issue affects Xpro Addons For Beaver Builder – Lite: from n/a through <= 1.5.5.
6.9
CVE-2025-4936 - projectworlds Online Food Ordering System admin-page.php sql injection
A vulnerability was found in projectworlds Online Food Ordering System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin-page.php. The manipulation of the argument 1_price leads to sql injection. It is possible to launch the attack remotely. The exploit hasβ¦
6.9
CVE-2025-4935 - SourceCodester Stock Management System changePassword.php sql injection
A vulnerability was found in SourceCodester Stock Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /php_action/changePassword.php. The manipulation of the argument user_id leads to sql injection. The attack may be initiated remotely. The exploβ¦
6.9
CVE-2025-4934 - PHPGurukul User Registration & Login and User Management System edit-profile.php sql injection
A vulnerability has been found in PHPGurukul User Registration & Login and User Management System 3.3 and classified as critical. This vulnerability affects unknown code of the file /edit-profile.php. The manipulation of the argument Contact leads to sql injection. The attack can be initiated remotβ¦