0.0
CVE-2025-23124 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
5.3
CVE-2025-0392 - Guangzhou Huayi Intelligent Technology Jeewms graphReportController.do datagridGraph sql injection
A vulnerability, which was classified as critical, was found in Guangzhou Huayi Intelligent Technology Jeewms up to 20241229. Affected is the function datagridGraph of the file /graphReportController.do. The manipulation of the argument store_code leads to sql injection. It is possible to launch thโฆ
5.3
CVE-2025-0391 - Guangzhou Huayi Intelligent Technology Jeewms CgFormBuildController. java saveOrUpdate sql injection
A vulnerability, which was classified as critical, has been found in Guangzhou Huayi Intelligent Technology Jeewms up to 20241229. This issue affects the function saveOrUpdate of the file org/jeecgframework/web/cgform/controller/build/CgFormBuildController. java. The manipulation leads to sql injecโฆ
6.9
CVE-2025-0390 - Guangzhou Huayi Intelligent Technology Jeewms wmOmNoticeHController.do path traversal
A vulnerability classified as critical was found in Guangzhou Huayi Intelligent Technology Jeewms up to 20241229. This vulnerability affects unknown code of the file /wmOmNoticeHController.do. The manipulation leads to path traversal: '../filedir'. The attack can be initiated remotely. The exploit โฆ
6.1
CVE-2024-12407 - Push Notification for Post and BuddyPress <= 2.07 - Reflected Cross-Site Scripting
The Push Notification for Post and BuddyPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'pushnotificationid' parameter in all versions up to, and including, 2.07 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticatedโฆ
6.4
CVE-2024-11386 - GatorMail SmartForms <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The GatorMail SmartForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gatormailsmartform' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for aโฆ
6.4
CVE-2024-12527 - Perfect Portal Widgets <= 3.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Perfect Portal Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'perfect_portal_intake_form' shortcode in all versions up to, and including, 3.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possโฆ
6.4
CVE-2024-11892 - Accordion Slider Lite <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Accordion Slider Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'accordion_slider' shortcode in all versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for auโฆ
9.8
CVE-2024-12877 - GiveWP โ Donation Plugin and Fundraising Platform <= 3.19.2 - Unauthenticated PHP Object Injection
The GiveWP โ Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.19.2 via deserialization of untrusted input from the donation form like 'firstName'. This makes it possible for unauthenticated attackers to injecโฆ
6.1
CVE-2024-12412 - Rental and Booking Manager for Bike, Car, Dress, Resort with WooCommerce Integration โ WpRently | Wโฆ
The Rental and Booking Manager for Bike, Car, Dress, Resort with WooCommerce Integration โ WpRently | WordPress plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the โactive_tabโ parameter in all versions up to, and including, 2.2.1 due to insufficient input sanitization โฆ