Skip to main content
CVE-2025-0764 MEDIUM PATCH This Month

The wpForo Forum plugin for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'update' method of the 'Members' class in all versions up to, and including,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

WordPress Information Disclosure Wpforo Forum PHP
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-23225 MEDIUM This Month

IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user to cause a denial of service due to the improper handling of invalid headers sent to the queue. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Mq Appliance
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-0823 MEDIUM PATCH This Month

IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 and 12.0.0 through 12.0.4 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

IBM Path Traversal Cognos Analytics
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-25728 MEDIUM This Month

Bosscomm IF740 Firmware versions:11001.7078 & v11001.0000 and System versions: 6.25 & 6.00 were discovered to send communications to the update API in plaintext, allowing attackers to access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-1662 MEDIUM This Month

The URL Media Uploader plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.0 via the 'url_media_uploader_url_upload' action. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SSRF
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-1560 MEDIUM This Month

The WOW Entrance Effects (WEE!) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wee' shortcode in all versions up to, and including, 0.1 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Wow Entrance Effects Wee PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-1571 MEDIUM PATCH This Month

The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Animated Text and Image Comparison Widgets in all versions up to, and including,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Exclusive Addons For Elementor PHP Elementor
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-1405 MEDIUM PATCH This Month

The Product Catalog Simple plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's show_products shortcode in all versions up to, and including, 1.7.11 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Product Catalog Simple PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-1757 MEDIUM This Month

The WordPress Portfolio Builder - Portfolio Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pfhub_portfolio' and 'pfhub_portfolio_portfolio' shortcodes in. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Portfoliohub PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-9019 MEDIUM This Month

The SecuPress Free - WordPress Security plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's secupress_check_ban_ips_form shortcode in all versions up to, and including,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-13469 MEDIUM This Month

The Pricing Table by PickPlugins plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button Link in all versions up to, and including, 1.12.10 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Pricing Table
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-12820 MEDIUM PATCH This Month

The MK Google Directions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'MKGD' shortcode in all versions up to, and including, 3.1 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Google WordPress XSS Mk Google Directions
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-0769 MEDIUM This Month

PixelYourSite - Your smart PIXEL (TAG) and API Manager 10.1.1.1 was found to be vulnerable. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

PHP Deserialization
NVD
CVSS 4.0
6.3
EPSS
0.2%
CVE-2025-22492 MEDIUM This Month

The connection string visible to users with access to FRSCore database on Foreseer Reporting Software (FRS) VM, this string can be used for gaining administrative access to the 4crXref database. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2025-1511 MEDIUM PATCH This Month

The User Registration & Membership - Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS User Registration PHP
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2025-25727 MEDIUM This Month

Bosscomm IF740 Firmware versions:11001.7078 & v11001.0000 and System versions: 6.25 & 6.00 were discovered to store passwords in cleartext. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-1505 MEDIUM PATCH This Month

The Advanced AJAX Product Filters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'nonce' parameter in all versions up to, and including, 1.6.8.1 due to insufficient. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Advanced Ajax Product Filters PHP
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2025-1776 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in Soteshop, versions prior to 8.3.4, which could allow remote attackers to execute arbitrary code via the ‘query’ parameter in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google RCE XSS
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-1300 MEDIUM PATCH This Month

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Codechecker
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-1746 MEDIUM POC This Month

Cross-Site Scripting vulnerability in OpenCart versions prior to 4.1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Opencart
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-13638 MEDIUM This Month

The Order Attachments for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.1 via the 'uploads' directory. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

WordPress Information Disclosure Order Attachments For Woocommerce
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2025-24318 MEDIUM This Month

Cookie policy is observable via built-in browser tools. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XSS
NVD
CVSS 4.0
5.9
EPSS
0.1%
CVE-2024-13851 MEDIUM This Month

The Modal Portfolio plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.7.4.2 due to insufficient input sanitization and output escaping. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Modal Portfolio
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-0985 MEDIUM This Month

IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD stores potentially sensitive information in environment variables that could be obtained by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure IBM Mq
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-54175 MEDIUM This Month

IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow a local user to cause a denial of service due to an improper check for unusual or exceptional conditions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Denial Of Service Mq
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-1681 MEDIUM This Month

The Cardealer theme for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check and missing filename sanitization on the demo theme scheme AJAX. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-13796 MEDIUM PATCH This Month

The Post Grid and Gutenberg Blocks - ComboBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.6 via the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

WordPress Information Disclosure Post Grid
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2025-24843 MEDIUM This Month

Insecure file retrieval process that facilitates potential for file manipulation to affect product stability and confidentiality, integrity, authenticity, and attestation of stored data. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-27408 MEDIUM PATCH This Month

Manifest offers users a one-file micro back end. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
4.8
EPSS
0.1%
CVE-2025-1749 MEDIUM This Month

HTML injection vulnerabilities in OpenCart versions prior to 4.1.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Opencart
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2025-1748 MEDIUM This Month

HTML injection vulnerabilities in OpenCart versions prior to 4.1.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Opencart
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2025-1747 MEDIUM This Month

HTML injection vulnerabilities in OpenCart versions prior to 4.1.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Opencart
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2024-54173 MEDIUM This Month

IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD reveals potentially sensitive information in trace files that could be read by a local user when webconsole trace is enabled. Rated medium severity (CVSS 4.7). No vendor patch available.

Information Disclosure IBM Mq Appliance
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-27414 MEDIUM PATCH This Month

MinIO is a high performance object storage. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Red Hat Suse
NVD GitHub
CVSS 4.0
4.6
EPSS
0.2%
CVE-2024-10860 MEDIUM This Month

The NextMove Lite - Thank You Page for WooCommerce plugin for WordPress is vulnerable to unauthorized submission of data due to a missing capability check on the _submit_uninstall_reason_action(). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Nextmove
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-13716 MEDIUM This Month

The Forex Calculators plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_settings_callback() function in all versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-13832 MEDIUM This Month

The Ultra Addons Lite for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.8 via the 'ut_elementor' shortcode due to insufficient. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Information Disclosure Authentication Bypass Elementor
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-1506 MEDIUM PATCH This Month

The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Wp Social Login And Register Social Counter PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-0801 MEDIUM PATCH This Month

The RateMyAgent Official plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Ratemyagent PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-27400 LOW PATCH Monitor

Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Rated low severity (CVSS 2.9). No vendor patch available.

Adobe XSS
NVD GitHub
CVSS 3.1
2.9
EPSS
0.4%
CVE-2025-1795 LOW Monitor

During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is also unicode-encoded. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
2.3
EPSS
0.6%
CVE-2025-22272 LOW Monitor

In the "/EPMUI/ModalDlgHandler.ashx?value=showReadonlyDlg" endpoint, it is possible to inject code in the "modalDlgMsgInternal" parameter via POST, which is then executed in the browser. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
2.1
EPSS
0.3%
CVE-2025-22274 LOW Monitor

It is possible to inject HTML code into the page content using the "content" field in the "Application definition" page. Rated low severity (CVSS 2.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
2.0
EPSS
0.3%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy