0.0
CVE-2025-48119 - WordPress RS WP Book Showcase plugin <= 6.7.59 - Content Injection vulnerability
Improper Control of Generation of Code ('Code Injection') vulnerability in RS WP THEMES RS WP Book Showcase rs-wp-books-showcase allows Code Injection.This issue affects RS WP Book Showcase: from n/a through <= 6.7.59.
0.0
CVE-2025-48117 - WordPress WooCommerce POS plugin <= 1.7.8 - Broken Access Control Vulnerability
Missing Authorization vulnerability in kilbot WooCommerce POS woocommerce-pos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce POS: from n/a through <= 1.7.8.
0.0
CVE-2025-48116 - WordPress EventON plugin <= 2.4.4 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Ashan Perera EventON eventon-lite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects EventON: from n/a through <= 2.4.4.
0.0
CVE-2025-48115 - WordPress ValidateCertify plugin <= 1.6.4 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Javier Revilla ValidateCertify validar-certificados-de-cursos allows Cross Site Request Forgery.This issue affects ValidateCertify: from n/a through <= 1.6.4.
0.0
CVE-2025-48114 - WordPress ShayanWeb Admin FontChanger plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) to Storedβ¦
Cross-Site Request Forgery (CSRF) vulnerability in Shayan Farhang Pazhooh ShayanWeb Admin FontChanger shayanweb-admin-fontchanger allows Stored XSS.This issue affects ShayanWeb Admin FontChanger: from n/a through <= 1.9.1.
0.0
CVE-2025-48113 - WordPress Broadstreet plugin <= 1.51.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Broadstreet Broadstreet Ads broadstreet allows Stored XSS.This issue affects Broadstreet Ads: from n/a through <= 1.51.2.
0.0
CVE-2025-48112 - WordPress Dot html,php,xml etc pages plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerabiβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in karimmughal Dot html,php,xml etc pages dot-htmlphpxml-etc-pages allows Reflected XSS.This issue affects Dot html,php,xml etc pages: from n/a through <= 1.0.
0.0
CVE-2025-48080 - WordPress Uncanny Toolkit for LearnDash plugin <= 3.7.0.2 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash uncanny-learndash-toolkit allows Stored XSS.This issue affects Uncanny Toolkit for LearnDash: from n/a through <= 3.7.0.2.
0.0
CVE-2025-48079 - WordPress ProfileGrid plugin <= 5.9.5.1 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ProfileGrid : from n/a through <= 5.9.5.1.
5.3
CVE-2025-4786 - SourceCodester/oretnom23 Stock Management System view_return sql injection
A vulnerability was found in SourceCodester/oretnom23 Stock Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/?page=return/view_return. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely.β¦