Skip to main content
CVE-2024-13869 HIGH POC PATCH THREAT Act Now

The Migration, Backup, Staging - WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload_files' function in all. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 10.7%.

Nginx File Upload Apache RCE WordPress +1
NVD GitHub
CVSS 3.1
7.2
EPSS
10.7%
CVE-2025-21704 HIGH POC PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: usb: cdc-acm: Check control transfer buffer size before access If the first fragment is shorter than struct usb_cdc_notification,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Linux
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-1361 HIGH POC PATCH This Week

The IP2Location Country Blocker plugin for WordPress is vulnerable to Regular Information Exposure in all versions up to, and including, 2.38.8 due to missing capability checks on the admin_init(). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Information Disclosure Authentication Bypass Country Blocker PHP
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-26776 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Chaty Pro allows Upload a Web Shell to a Web Server.3.3. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
10.0
EPSS
0.2%
CVE-2025-26763 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in MetaSlider Responsive Slider by MetaSlider allows Object Injection.94.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-1557 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in OFCMS 1.1.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Ofcms
NVD VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-1556 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in westboy CicadasCMS 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Cicadascms
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.3%
CVE-2025-27012 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in a1post A1POST.BG Shipping for Woo allows Privilege Escalation.BG Shipping for Woo: from n/a through 1.5.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-46975 HIGH This Week

Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data into another Guest's virtualised GPU memory. Rated high severity (CVSS 7.9), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.9
EPSS
0.0%
CVE-2024-52939 HIGH This Week

Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to trigger a write data outside the Guest's virtualised GPU memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-13474 HIGH This Week

The LTL Freight Quotes - Purolator Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 2.2.3 due to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SQLi
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-26760 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Wow-Company Calculator Builder allows PHP Local File Inclusion.6.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure LFI PHP
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-26757 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in FULL SERVICES FULL Customer allows PHP Local File Inclusion.1.26. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure LFI PHP
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-0957 HIGH This Week

The SMTP for Amazon SES - YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2024-13899 HIGH This Week

The Mambo Importer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0 via deserialization of untrusted input via the $data parameter in the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure WordPress PHP Deserialization Mambo Joomla Importer
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2025-1510 HIGH This Week

The The Custom Post Type Date Archives plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.7.1. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE WordPress Code Injection Custom Post Type Date Archives PHP
NVD
CVSS 3.1
7.3
EPSS
0.6%
CVE-2025-1509 HIGH This Week

The The Show Me The Cookies plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE WordPress Code Injection Show Me The Cookies PHP
NVD
CVSS 3.1
7.3
EPSS
0.6%
CVE-2025-0953 HIGH PATCH This Week

The SMTP for Sendinblue - YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2025-0918 HIGH PATCH This Week

The SMTP for SendGrid - YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-28339 HIGH This Week

Trend Micro HouseCall for Home Networks version 5.3.1302 and below contains an uncontrolled search patch element vulnerability that could allow an attacker with low user privileges to create a. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Housecall For Home Networks
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2024-12577 HIGH This Week

Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-26774 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rock Solid Responsive Modal Builder for High Conversion - Easy Popups allows Reflected XSS.5.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-26756 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in grimdonkey Magic the Gathering Card Tooltips allows Stored XSS.5.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-26764 MEDIUM This Month

Missing Authorization vulnerability in enituretechnology Distance Based Shipping Calculator allows Exploiting Incorrectly Configured Access Control Security Levels.0.22. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-26750 MEDIUM This Month

Missing Authorization vulnerability in appsbd Vitepos allows Exploiting Incorrectly Configured Access Control Security Levels.1.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-26973 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WarfarePlugins Social Warfare allows DOM-Based XSS.5.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-13564 MEDIUM PATCH This Month

The Rife Elementor Extensions & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Writing Effect Headline shortcode in all versions up to, and including,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Rife Elementor Extensions Templates Elementor
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-12038 MEDIUM PATCH This Month

The Post Form - Registration Form - Profile Form for User Profiles - Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Buddyforms
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-12467 MEDIUM PATCH This Month

The Pago por Redsys plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'Ds_MerchantParameters' parameter in all versions up to, and including, 1.0.12 due to insufficient. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Payment By Redsys
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2024-13798 MEDIUM PATCH This Month

The Post Grid and Gutenberg Blocks - ComboBlocks plugin for WordPress is vulnerable to unauthorized order creation in all versions up to, and including, 2.3.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Authentication Bypass Comboblocks
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-22341 MEDIUM This Month

IBM Watson Query on Cloud Pak for Data 4.0.0 through 4.0.9, 4.5.0 through 4.5.3, 4.6.0 through 4.6.6, 4.7.0 through 4.7.4, and 4.8.0 through 4.8.7 could allow unauthorized data access from a remote. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Authentication Bypass Watson Query With Cloud Pak For Data
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-1553 MEDIUM This Month

A vulnerability was found in pankajindevops scale up to 3633544a00245d3df88b6d13d9b3dd0f411be7f6. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 4.0
5.1
EPSS
0.2%
CVE-2024-13873 MEDIUM PATCH This Month

The WP Job Portal - A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.8. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

WordPress Authentication Bypass Wp Job Portal
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2024-47896 LOW Monitor

Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2024-45674 LOW Monitor

IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gateway for Radius 1.0.1 through 1.0.11. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Microsoft IBM Information Disclosure Security Verify Bridge Directory Sync Security Verify Gateway For Radius +2
NVD
CVSS 3.1
3.3
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy