Skip to main content
CVE-2024-12129 HIGH This Month

The Royal Core plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'royal_restore_backup' function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Privilege Escalation Royal Core
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-12102 MEDIUM Monitor

The Typer Core plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.6 via the 'elementor-template' shortcode due to insufficient restrictions on which. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Information Disclosure Typer Core
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-0870 MEDIUM POC This Month

A vulnerability was found in Axiomatic Bento4 up to 1.6.0-641. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Bento4
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.1%
CVE-2025-0869 MEDIUM This Month

A vulnerability was found in Cianet ONU GW24AC up to 20250127. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-13466 MEDIUM This Month

The Automatically Hierarchic Categories in Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'autocategorymenu' shortcode in all versions up to, and including,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-13380 MEDIUM This Month

The Alex Reservations: Smart Restaurant Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rr_form' shortcode in all versions up to, and including, 2.0.5 due. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-0747 HIGH This Month

A Stored Cross-Site Scripting vulnerability has been found in EmbedAI. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Embedai
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-0746 MEDIUM This Month

A Reflected Cross-Site Scripting vulnerability has been found in EmbedAI 2.1 and below. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Embedai
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-0745 HIGH This Month

An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Embedai
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-0744 HIGH This Month

an Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Embedai
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-0743 MEDIUM This Month

An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Embedai
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-0742 MEDIUM This Month

An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Embedai
NVD
CVSS 3.1
5.8
EPSS
0.1%
CVE-2025-0741 MEDIUM This Month

An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Embedai
NVD
CVSS 3.1
5.8
EPSS
0.1%
CVE-2025-0740 HIGH This Month

An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Embedai
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-0739 HIGH This Month

An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Embedai
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2024-13706 MEDIUM This Month

The WP Image Uploader plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'file' parameter in all versions up to, and including, 1.0.1 due to insufficient input sanitization. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-13453 HIGH This Month

The The Contact Form & SMTP Plugin for WordPress by PirateForms plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.6.0. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection WordPress
NVD
CVSS 3.1
7.3
EPSS
0.5%
CVE-2024-12524 MEDIUM This Month

The Clinked Client Portal plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'clinked-login-button' shortcode in all versions up to, and including, 1.9 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-12409 MEDIUM PATCH This Month

The Simple:Press Forum plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 6.10.11 due to insufficient input sanitization. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Simplepress
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2025-23007 MEDIUM This Month

A vulnerability in the NetExtender Windows client log export function allows unauthorized access to sensitive Windows system files, potentially leading to privilege escalation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Privilege Escalation Windows
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-21107 HIGH This Month

Dell NetWorker, version(s) prior to 19.11.0.3, all versions of 19.10 & prior versions contain(s) an Unquoted Search Path or Element vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Dell Networker
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-0834 HIGH This Month

Privilege escalation vulnerability has been found in Wondershare Dr.Fone version 13.5.21. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-13758 MEDIUM PATCH This Month

The CP Contact Form with PayPal plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.52. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF WordPress Cp Contact Form
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-13732 MEDIUM PATCH This Month

The Responsive Blocks - WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘section_tag’ parameter in all versions up to, and including, 1.9.9 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Responsive Blocks
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-13694 HIGH PATCH This Month

The WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features) plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass WordPress Woocommerce Wishlist
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-13470 MEDIUM PATCH This Month

The Ninja Forms - The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Ninja Forms
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-13642 MEDIUM PATCH This Month

The Stratum - Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Hotspot widget in all versions up to, and including, 1.4.7 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Stratum
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-13457 MEDIUM PATCH This Month

The Event Tickets and Registration plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.18.1 via the tc-order-id parameter due to missing. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass WordPress Event Tickets
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-12921 MEDIUM This Month

The EthereumICO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ethereum-ico shortcode in all versions up to, and including, 2.4.6 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-12709 MEDIUM POC Monitor

The Bulk Me Now!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Bulk Me Now
NVD WPScan
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-12708 HIGH POC This Month

The Bulk Me Now!. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Bulk Me Now
NVD WPScan
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-12400 HIGH POC This Month

The tourmaster WordPress plugin before 5.3.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Tour Master
NVD WPScan
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-12163 MEDIUM POC This Week

The goodlayers-core WordPress plugin before 2.1.3 allows users with a subscriber role and above to upload SVGs containing malicious payloads. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Goodlayers Core
NVD WPScan
CVSS 3.1
6.5
EPSS
0.0%
CVE-2024-10309 MEDIUM POC This Month

The Tracking Code Manager WordPress plugin before 2.4.0 does not sanitise and escape some of its metabox settings when outputing them in the page, which could allow users with a role as low as. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Tracking Code Manager
NVD WPScan
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-23374 HIGH This Month

Dell Networking Switches running Enterprise SONiC OS, version(s) prior to 4.4.1 and 4.2.3, contain(s) an Insertion of Sensitive Information into Log File vulnerability. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. No vendor patch available.

Dell Information Disclosure Enterprise Sonic Distribution
NVD
CVSS 3.1
8.0
EPSS
0.2%
CVE-2025-0662 MEDIUM Monitor

In some cases, the ktrace facility will log the contents of kernel structures to userspace. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-0374 MEDIUM This Month

When etcupdate encounters conflicts while merging files, it saves a version containing conflict markers in /var/db/etcupdate/conflicts. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-0373 MEDIUM This Month

On 64-bit systems, the implementation of VOP_VPTOFH() in the cd9660, tarfs and ext2fs filesystems overflows the destination FID buffer by 4 bytes, a stack buffer overflow. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Stack Overflow Buffer Overflow
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2025-0849 MEDIUM POC This Month

A vulnerability classified as critical has been found in CampCodes School Management Software 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure School Management Software
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-0848 HIGH POC This Month

A vulnerability was found in Tenda A18 up to 15.13.07.09. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow A18 Firmware
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-0847 MEDIUM POC This Week

A vulnerability was found in 1000 Projects Employee Task Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Employee Task Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-0846 MEDIUM This Month

A vulnerability was found in 1000 Projects Employee Task Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Employee Task Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-0844 MEDIUM POC This Week

A vulnerability was found in needyamin Library Card System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Library Card System
NVD VulDB
CVSS 4.0
6.9
EPSS
0.2%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy