Skip to main content
CVE-2025-2322 MEDIUM POC This Month

A vulnerability was found in 274056675 springboot-openai-chatgpt e84f6f5. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Java Springboot Openai Chatgpt
NVD VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-2334 MEDIUM POC This Month

A vulnerability classified as problematic has been found in 274056675 springboot-openai-chatgpt e84f6f5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Springboot Openai Chatgpt
NVD VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2025-2321 MEDIUM POC This Month

A vulnerability was found in 274056675 springboot-openai-chatgpt e84f6f5 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Springboot Openai Chatgpt
NVD VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-2323 MEDIUM POC This Month

A vulnerability was found in 274056675 springboot-openai-chatgpt e84f6f5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Springboot Openai Chatgpt
NVD VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-2025 MEDIUM PATCH This Month

The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the give_reports_earnings() function in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Givewp PHP
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-12336 MEDIUM This Month

The WC Affiliate - A Complete WooCommerce Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'export_all_data' function in all. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-2267 MEDIUM This Month

The WP01 plugin for WordPress is vulnerable to Arbitrary File Download in all versions up to, and including, 2.6.2 due to a missing capability check and insufficient restrictions on the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-1670 MEDIUM This Month

The School Management System - WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'cid' parameter in all versions up to, and including, 2.2.16 due to insufficient escaping on. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-1669 MEDIUM This Month

The School Management System - WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'addNotify' action in all versions up to, and including, 2.2.16 due to insufficient escaping. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-26924 MEDIUM This Month

Improper Control of Generation of Code ('Code Injection') vulnerability in NotFound Ohio Extra allows Code Injection.4.7. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-26895 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in maennchen1.de m1.DownloadList allows DOM-Based XSS.DownloadList: from n/a through 0.19. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-26899 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Recapture Cart Recovery and Email Marketing Recapture for WooCommerce allows Cross Site Request Forgery.0.43. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-25225 MEDIUM This Month

A privilege escalation vulnerability in the Hikashop component versions 1.0.0-5.1.3 for Joomla allows authenticated attackers (administrator) to escalate their privileges to Super Admin Permissions. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Hikashop Joomla
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-26940 MEDIUM This Month

Path Traversal vulnerability in NotFound Pie Register Premium.8.3.2. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-2164 MEDIUM This Month

The pixelstats plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'post_id' and 'sortby' parameters in all versions up to, and including, 0.8.2 due to insufficient input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Pixelstats PHP
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2025-1773 MEDIUM This Month

The Traveler theme for WordPress is vulnerable to Reflected Cross-Site Scripting via multiple parameters in all versions up to, and including, 3.1.8 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Traveler PHP
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2025-2163 MEDIUM This Month

The Zoorum Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF XSS Zoorum Comments PHP
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2019-25222 MEDIUM This Month

The Thumbnail carousel slider plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.4 due to insufficient escaping on the user supplied. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi Thumbnail Carousel Slider
NVD
CVSS 3.1
4.9
EPSS
0.4%
CVE-2025-1668 MEDIUM This Month

The School Management System - WPSchoolPress plugin for WordPress is vulnerable to arbitrary user deletion due to a missing capability check on the wpsp_DeleteUser() function in all versions up to,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-1530 MEDIUM PATCH This Month

The Tripetto plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.0.9. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Tripetto PHP
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-1057 MEDIUM PATCH This Month

A flaw was found in Keylime, a remote attestation solution, where strict type checking introduced in version 7.12.0 prevents the registrar from reading database entries created by previous versions,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD VulDB GitHub
CVSS 3.1
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy