Skip to main content
CVE-2025-0214 LOW Monitor

A vulnerability was found in TMD Custom Header Menu 4.0.0.1 on OpenCart. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-0213 MEDIUM POC This Month

A vulnerability was found in Campcodes Project Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Authentication Bypass PHP Project Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-0212 MEDIUM POC This Month

A vulnerability was found in Campcodes Student Grading System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Student Grading System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-0211 MEDIUM POC This Month

A vulnerability was found in Campcodes School Faculty Scheduling System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP School Faculty Scheduling System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-41768 MEDIUM This Month

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause an unhandled SSL exception which could leave the connection in an unexpected or insecure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Engineering Lifecycle Optimization Publishing
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-41767 HIGH This Month

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 is vulnerable to SQL injection. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM SQLi Engineering Lifecycle Optimization Publishing
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2024-41766 HIGH This Month

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause a denial of service using a complex regular expression. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Denial Of Service Engineering Lifecycle Optimization Publishing
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-41765 MEDIUM This Month

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Path Traversal Engineering Lifecycle Optimization Publishing
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-41763 MEDIUM This Month

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Engineering Lifecycle Optimization Publishing
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-0210 MEDIUM POC This Week

A vulnerability has been found in Campcodes School Faculty Scheduling System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Faculty Scheduling System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2024-10957 HIGH This Month

The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions from 1.23.8 to 1.24.11 via deserialization of untrusted input in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization WordPress Information Disclosure PHP
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2025-0208 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in code-projects Online Shoe Store 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Shoe Store
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-0207 MEDIUM POC This Week

A vulnerability, which was classified as critical, has been found in code-projects Online Shoe Store 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Shoe Store
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-0206 MEDIUM POC This Week

A vulnerability classified as critical was found in code-projects Online Shoe Store 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Online Shoe Store
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2024-12475 MEDIUM PATCH This Month

The WP Multi Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Wp Multi Store Locator
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-12279 MEDIUM PATCH This Month

The WP Social AutoConnect plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF WordPress Wp Social Autoconnect
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-12195 MEDIUM PATCH This Month

The WP Project Manager - Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to SQL Injection via the 'project_id' parameter of the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

WordPress SQLi Wp Project Manager
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-12221 MEDIUM This Month

The Turnkey bbPress by WeaverTheme plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘_wpnonce’ parameter in all versions up to, and including, 1.6.3 due to insufficient. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2025-0205 MEDIUM POC This Month

A vulnerability classified as critical has been found in code-projects Online Shoe Store 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Shoe Store
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-12583 CRITICAL This Week

The Dynamics 365 Integration plugin for WordPress is vulnerable to Remote Code Execution and Arbitrary File Read in all versions up to, and including, 1.3.23 via Twig Server-Side Template Injection. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Ssti WordPress
NVD
CVSS 3.1
9.9
EPSS
9.1%
CVE-2024-11930 MEDIUM PATCH This Month

The Taskbuilder - WordPress Project & Task Management plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wppm_tasks shortcode in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Taskbuilder
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-0204 MEDIUM POC This Month

A vulnerability was found in code-projects Online Shoe Store 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Shoe Store
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2024-12701 MEDIUM This Month

The WP Smart Import : Import any XML File to WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘ page’ parameter in all versions up to, and including, 1.1.2 due. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2024-12545 MEDIUM PATCH This Month

The Scratch & Win - Giveaways and Contests. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF WordPress Scratch Win
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-12047 MEDIUM This Month

The WP Compress - Instant Performance & Speed Optimization plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘custom_server’ parameter in all versions up to, and including,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Wp Compress
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2024-11974 MEDIUM PATCH This Month

The Media Library Assistant plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘smc_settings_tab', 'unattachfixit-action', and 'woofixit-action’ parameters in all versions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Media Library Assistant
NVD
CVSS 3.1
6.1
EPSS
1.4%
CVE-2024-10932 HIGH This Month

The Backup Migration plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.6 via deserialization of untrusted input in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization WordPress Information Disclosure PHP
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2025-0203 MEDIUM POC This Month

A vulnerability was found in code-projects Student Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Student Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-0202 MEDIUM This Month

A vulnerability was found in TCS BaNCS 10. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-0201 MEDIUM POC This Month

A vulnerability was found in code-projects Point of Sales and Inventory Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Point Of Sales And Inventory Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-0200 MEDIUM POC This Month

A vulnerability has been found in code-projects Point of Sales and Inventory Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Point Of Sales And Inventory Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-22390 HIGH This Month

An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Brute Force Information Disclosure Optimizely Cms
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-22389 HIGH This Month

An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Optimizely Cms
NVD
CVSS 3.1
8.0
EPSS
0.4%
CVE-2025-22388 MEDIUM This Month

An issue was discovered in Optimizely EPiServer.CMS.Core before 12.22.0. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Optimizely Cms
NVD
CVSS 3.1
5.7
EPSS
0.5%
CVE-2025-22387 HIGH This Month

An issue was discovered in Optimizely Configured Commerce before 5.2.2408. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Configured Commerce
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-22386 HIGH This Month

An issue was discovered in Optimizely Configured Commerce before 5.2.2408. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Configured Commerce
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2025-22385 MEDIUM This Month

An issue was discovered in Optimizely Configured Commerce before 5.2.2408. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Configured Commerce
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2025-22384 HIGH This Month

An issue was discovered in Optimizely Configured Commerce before 5.2.2408. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Configured Commerce
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-22383 MEDIUM Monitor

An issue was discovered in Optimizely Configured Commerce before 5.2.2408. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Configured Commerce
NVD
CVSS 3.1
4.6
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy