7.1
CVE-2025-26547 - WordPress My Login Logout Plugin plugin <= 2.4 - CSRF to Stored Cross-Site Scripting vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in nagarjunsonti My Login Logout Plugin my-loginlogout allows Stored XSS.This issue affects My Login Logout Plugin: from n/a through <= 2.4.
7.1
CVE-2025-26545 - WordPress Related Posts Line-up-Exactly by Milliard plugin <= 0.0.22 - CSRF to Stored XSS vulnerabiโฆ
Cross-Site Request Forgery (CSRF) vulnerability in shisuh Related Posts Line-up-Exactly by Milliard related-posts-line-up-exactry-by-milliard allows Stored XSS.This issue affects Related Posts Line-up-Exactly by Milliard: from n/a through <= 0.0.22.
7.1
CVE-2025-26543 - WordPress Simple Responsive Menu plugin <= 2.1 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Pukhraj Suthar Simple Responsive Menu simple-responsive-menu allows Stored XSS.This issue affects Simple Responsive Menu: from n/a through <= 2.1.
8.1
CVE-2025-1094 - PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to uโฆ
6.1
CVE-2025-1271 - Reflected Cross-Site Scripting (XSS) vulnerability in H6Web
Reflected Cross-Site Scripting (XSS) in Anapi Group's h6web. This security flaw could allow an attacker to inject malicious JavaScript code into a URL. When a user accesses that URL, the injected code is executed in their browser, which can result in the theft of sensitive information, identity theโฆ
9.1
CVE-2025-1270 - Insecure direct object reference (IDOR) vulnerability in H6Web
Insecure direct object reference (IDOR) vulnerability in Anapi Group's h6web, allows an authenticated attacker to access other users' information by making a POST request and modifying the โpkrelatedโ parameter in the โ/h6web/ha_datos_hermano.phpโ endpoint to refer to another user. In addition, theโฆ
9.8
CVE-2024-13182 - WP Directorybox Manager <= 2.5 - Authentication Bypass
The WP Directorybox Manager plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.5. This is due to incorrect authentication in the 'wp_dp_parse_request' function. This makes it possible for unauthenticated attackers to log in as any existing user on thโฆ
7.5
CVE-2024-13606 - JS Help Desk โ The Ultimate Help Desk & Support Plugin <= 2.8.8 - Unauthenticated Sensitive Informaโฆ
The JS Help Desk โ The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.8 via the 'jssupportticketdata' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored โฆ
6.1
CVE-2024-13867 - Listivo - Classified Ads WordPress Theme <= 2.3.67 - Reflected Cross-Site Scripting
The Listivo - Classified Ads WordPress Theme theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 2.3.67 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injโฆ
7.1
CVE-2024-46910 - Apache Atlas: An authenticated user can perform XSS and potentially impersonate another user
An authenticated user can perform XSS and potentially impersonate another user. This issue affects Apache Atlas versionsย 2.3.0 and earlier. Users are recommended to upgrade to version 2.4.0, which fixes the issue.