6.9
CVE-2025-3213 - PHPGurukul e-Diary Management System view-note.php sql injection
A vulnerability classified as critical was found in PHPGurukul e-Diary Management System 1.0. This vulnerability affects unknown code of the file /view-note.php?noteid=11. The manipulation of the argument remark leads to sql injection. The attack can be initiated remotely. The exploit has been discβ¦
5.3
CVE-2025-3211 - code-projects Patient Record Management System birthing_print.php sql injection
A vulnerability classified as critical has been found in code-projects Patient Record Management System 1.0. This affects an unknown part of the file /birthing_print.php. The manipulation of the argument itr_no/birth_id leads to sql injection. It is possible to initiate the attack remotely. The expβ¦
3.5
CVE-2024-42208 - HCL Connections is vulnerable to an information disclosure vulnerability
HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data.
7.2
CVE-2024-13708 - Booster for WooCommerce 4.0.1 - 7.2.4 - Unauthenticated Stored Cross-Site Scripting
The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in versions 4.0.1 to 7.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages thaβ¦
8.1
CVE-2025-2270 - Countdown, Coming Soon, Maintenance β Countdown & Clock <= 2.8.9.1 - Unauthenticated Limited Local β¦
The Countdown, Coming Soon, Maintenance β Countdown & Clock plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.8.9.1 via the createCdObj function. This makes it possible for unauthenticated attackers to include and execute files with the specific fileβ¦
6.4
CVE-2025-2836 - RegistrationMagic β Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.4.β¦
The RegistrationMagic β Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βpayment_methodβ parameter in all versions up to, and including, 6.0.4.3 due to insufficient input sanitization and output escapingβ¦
4.4
CVE-2024-13898 - Simple Banner <= 3.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
The Simple Banner β Easily add multiple Banners/Bars/Notifications/Announcements to the top or bottom of your website plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.5 due to insufficient input sanitization and output esβ¦
9.8
CVE-2024-13645 - TagDiv Composer <= 5.3 - Unauthenticated Arbitrary PHP Object Instantiation
The tagDiv Composer plugin for WordPress is vulnerable to PHP Object Instantiation in all versions up to, and including, 5.3 via module parameter. This makes it possible for unauthenticated attackers to Instantiate a PHP Object. No known POP chain is present in the vulnerable software, which means β¦
7.5
CVE-2025-2317 - Product Filter by WBW <= 2.7.9 - Unauthenticated SQL Injection via filtersDataBackend Parameter
The Product Filter by WBW plugin for WordPress is vulnerable to time-based SQL Injection via the filtersDataBackend parameter in all versions up to, and including, 2.7.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This mβ¦
5.3
CVE-2025-3210 - code-projects Patient Record Management System birthing_pending.php sql injection
A vulnerability was found in code-projects Patient Record Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /birthing_pending.php. The manipulation of the argument birth_id leads to sql injection. The attack may be launched remoteβ¦