8.8
CVE-2025-3455 - 1 Click WordPress Migration Plugin β 100% FREE for a limited time <= 2.2 - Missing Authorization toβ¦
The 1 Click WordPress Migration Plugin β 100% FREE for a limited time plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'start_restore' function in all versions up to, and including, 2.2. This makes it possible for authenticated attackeβ¦
9.8
CVE-2024-11617 - Envolve Plugin <= 1.0 - Unauthenticated Arbitrary File Upload via language_file and fonts_file
The Envolve Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'zetra_languageUpload' and 'zetra_fontsUpload' functions in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to upload arbitrary filβ¦
9.8
CVE-2025-2253 - IMITHEMES Listing <= 3.3 - Unauthenticated Privilege Escalation via Unverified Password Reset
The IMITHEMES Listing plugin is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.3. This is due to the plugin not properly validating a verification code value prior to updating their password through the imic_reset_password_init() function. This makesβ¦
9.8
CVE-2025-3605 - Frontend Login and Registration Blocks <= 1.1.1 - Unauthenticated Privilege Escalation via Account β¦
The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.1. This is due to the plugin not properly validating a user's identity prior to updating their details like email via the flr_blocks_uβ¦
6.9
CVE-2025-4468 - SourceCodester Online Student Clearance System edit-photo.php unrestricted upload
A vulnerability was found in SourceCodester Online Student Clearance System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /edit-photo.php. The manipulation of the argument userImage leads to unrestricted upload. The attack may be initiated remotely. The β¦
6.9
CVE-2025-4467 - SourceCodester Online Student Clearance System edit-admin.php sql injection
A vulnerability was found in SourceCodester Online Student Clearance System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/edit-admin.php. The manipulation of the argument id/txtfullname/txtemail/cmddesignation leads to sql injection. The attack caβ¦
6.9
CVE-2025-4466 - itsourcecode Gym Management System ajax.php sql injection
A vulnerability was found in itsourcecode Gym Management System 1.0. It has been classified as critical. This affects an unknown part of the file /ajax.php?action=save_payment. The manipulation of the argument registration_id leads to sql injection. It is possible to initiate the attack remotely. Tβ¦
9.4
CVE-2025-3463 -
"This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints."Β An insufficient validation vulnerability in ASUS DriverHub may allow untrusted sources to affect system behavior via crafted HTTP requests. Refer to the 'Security Update for ASUS DriverHub' sβ¦
8.4
CVE-2025-3462 -
"This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints."Β An insufficient validation in ASUS DriverHub may allow unauthorized sources to interact with the software's features via crafted HTTP requests. Refer to the 'Security Update for ASUS DriverHuβ¦
6.9
CVE-2025-4465 - itsourcecode Gym Management System ajax.php sql injection
A vulnerability was found in itsourcecode Gym Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /ajax.php?action=save_schedule. The manipulation of the argument member_id leads to sql injection. The attack may be launched remotely. Thβ¦