39 CVEs tracked today. 1 Critical, 9 High, 28 Medium, 1 Low.
-
CVE-2024-12583
CRITICAL
CVSS 9.9
The Dynamics 365 Integration plugin for WordPress is vulnerable to Remote Code Execution and Arbitrary File Read in all versions up to, and including, 1.3.23 via Twig Server-Side Template Injection. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
RCE
Ssti
WordPress
-
CVE-2025-22390
HIGH
CVSS 7.5
An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Brute Force
Information Disclosure
Optimizely Cms
-
CVE-2025-22389
HIGH
CVSS 8.0
An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
File Upload
Optimizely Cms
-
CVE-2025-22387
HIGH
CVSS 7.5
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Information Disclosure
Configured Commerce
-
CVE-2025-22386
HIGH
CVSS 7.3
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Information Disclosure
Configured Commerce
-
CVE-2025-22384
HIGH
CVSS 7.5
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Information Disclosure
Configured Commerce
-
CVE-2024-41767
HIGH
CVSS 7.3
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 is vulnerable to SQL injection. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
IBM
SQLi
Engineering Lifecycle Optimization Publishing
-
CVE-2024-41766
HIGH
CVSS 7.5
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause a denial of service using a complex regular expression. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
IBM
Denial Of Service
Engineering Lifecycle Optimization Publishing
-
CVE-2024-10957
HIGH
CVSS 8.8
The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions from 1.23.8 to 1.24.11 via deserialization of untrusted input in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Deserialization
WordPress
Information Disclosure
PHP
-
CVE-2024-10932
HIGH
CVSS 8.8
The Backup Migration plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.6 via deserialization of untrusted input in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Deserialization
WordPress
Information Disclosure
PHP
-
CVE-2025-22388
MEDIUM
CVSS 5.7
An issue was discovered in Optimizely EPiServer.CMS.Core before 12.22.0. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
XSS
Optimizely Cms
-
CVE-2025-22385
MEDIUM
CVSS 5.9
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Authentication Bypass
Configured Commerce
-
CVE-2025-22383
MEDIUM
CVSS 4.6
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
XSS
Configured Commerce
-
CVE-2025-0213
MEDIUM
CVSS 5.3
A vulnerability was found in Campcodes Project Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
File Upload
Authentication Bypass
PHP
Project Management System
-
CVE-2025-0212
MEDIUM
CVSS 5.3
A vulnerability was found in Campcodes Student Grading System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
SQLi
PHP
Student Grading System
-
CVE-2025-0211
MEDIUM
CVSS 5.3
A vulnerability was found in Campcodes School Faculty Scheduling System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Information Disclosure
PHP
School Faculty Scheduling System
-
CVE-2025-0210
MEDIUM
CVSS 6.9
A vulnerability has been found in Campcodes School Faculty Scheduling System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
SQLi
PHP
School Faculty Scheduling System
-
CVE-2025-0208
MEDIUM
CVSS 5.3
A vulnerability, which was classified as critical, was found in code-projects Online Shoe Store 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
SQLi
PHP
Online Shoe Store
-
CVE-2025-0207
MEDIUM
CVSS 6.9
A vulnerability, which was classified as critical, has been found in code-projects Online Shoe Store 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
SQLi
PHP
Online Shoe Store
-
CVE-2025-0206
MEDIUM
CVSS 6.9
A vulnerability classified as critical was found in code-projects Online Shoe Store 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Information Disclosure
PHP
Online Shoe Store
-
CVE-2025-0205
MEDIUM
CVSS 5.3
A vulnerability classified as critical has been found in code-projects Online Shoe Store 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
SQLi
PHP
Online Shoe Store
-
CVE-2025-0204
MEDIUM
CVSS 5.3
A vulnerability was found in code-projects Online Shoe Store 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
SQLi
PHP
Online Shoe Store
-
CVE-2025-0203
MEDIUM
CVSS 5.3
A vulnerability was found in code-projects Student Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
SQLi
PHP
Student Management System
-
CVE-2025-0202
MEDIUM
CVSS 5.1
A vulnerability was found in TCS BaNCS 10. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.
Information Disclosure
-
CVE-2025-0201
MEDIUM
CVSS 5.3
A vulnerability was found in code-projects Point of Sales and Inventory Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
SQLi
PHP
Point Of Sales And Inventory Management System
-
CVE-2025-0200
MEDIUM
CVSS 5.3
A vulnerability has been found in code-projects Point of Sales and Inventory Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
SQLi
PHP
Point Of Sales And Inventory Management System
-
CVE-2024-41768
MEDIUM
CVSS 6.5
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause an unhandled SSL exception which could leave the connection in an unexpected or insecure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
IBM
Information Disclosure
Engineering Lifecycle Optimization Publishing
-
CVE-2024-41765
MEDIUM
CVSS 6.5
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM
Path Traversal
Engineering Lifecycle Optimization Publishing
-
CVE-2024-41763
MEDIUM
CVSS 5.9
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
IBM
Information Disclosure
Engineering Lifecycle Optimization Publishing
-
CVE-2024-12701
MEDIUM
CVSS 6.1
The WP Smart Import : Import any XML File to WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘ page’ parameter in all versions up to, and including, 1.1.2 due. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
WordPress
XSS
-
CVE-2024-12545
MEDIUM
CVSS 5.4
The Scratch & Win - Giveaways and Contests. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.
CSRF
WordPress
Scratch Win
-
CVE-2024-12475
MEDIUM
CVSS 6.4
The WP Multi Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
WordPress
XSS
Wp Multi Store Locator
-
CVE-2024-12279
MEDIUM
CVSS 6.1
The WP Social AutoConnect plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.
CSRF
WordPress
Wp Social Autoconnect
-
CVE-2024-12221
MEDIUM
CVSS 6.1
The Turnkey bbPress by WeaverTheme plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘_wpnonce’ parameter in all versions up to, and including, 1.6.3 due to insufficient. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
WordPress
XSS
-
CVE-2024-12195
MEDIUM
CVSS 6.5
The WP Project Manager - Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to SQL Injection via the 'project_id' parameter of the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
WordPress
SQLi
Wp Project Manager
-
CVE-2024-12047
MEDIUM
CVSS 6.1
The WP Compress - Instant Performance & Speed Optimization plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘custom_server’ parameter in all versions up to, and including,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
WordPress
XSS
Wp Compress
-
CVE-2024-11974
MEDIUM
CVSS 6.1
The Media Library Assistant plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘smc_settings_tab', 'unattachfixit-action', and 'woofixit-action’ parameters in all versions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
WordPress
XSS
Media Library Assistant
-
CVE-2024-11930
MEDIUM
CVSS 6.4
The Taskbuilder - WordPress Project & Task Management plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wppm_tasks shortcode in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
WordPress
XSS
Taskbuilder
-
CVE-2025-0214
LOW
CVSS 2.1
A vulnerability was found in TMD Custom Header Menu 4.0.0.1 on OpenCart. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.
SQLi
PHP