Skip to main content
CVE-2025-2010 HIGH POC THREAT Act Now

The JobWP - Job Board, Job Listing, Career Page and Recruitment Plugin plugin for WordPress is vulnerable to SQL Injection via the 'jobwp_upload_resume' parameter in all versions up to, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 22.8% and no vendor patch available.

WordPress SQLi PHP
NVD
CVSS 3.1
7.5
EPSS
22.8%
CVE-2021-4455 CRITICAL POC Act Now

The Wordpress Plugin Smart Product Review plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.0.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress RCE File Upload
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
2.1%
CVE-2025-3820 HIGH POC This Week

A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644) and classified as critical. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow W12 Firmware I24 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.6%
CVE-2025-3803 HIGH POC This Week

A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow W12 Firmware I24 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.6%
CVE-2025-3802 HIGH POC This Week

A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow W12 Firmware I24 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.6%
CVE-2024-13926 HIGH POC This Week

The WP-Syntax WordPress plugin through 1.2 does not properly handle input, allowing an attacker to create a post containing a large number of tags, thereby exploiting a catastrophic backtracking. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Denial Of Service Wp Syntax
NVD WPScan
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-3800 MEDIUM POC This Month

A vulnerability has been found in WCMS 11 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Wcms
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-3799 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in WCMS 11. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Wcms
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-3819 MEDIUM POC This Month

A vulnerability has been found in PHPGurukul Men Salon Management System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Men Salon Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-1093 CRITICAL Act Now

The AIHub theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the generate_image function in all versions up to, and including, 1.3.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress RCE File Upload PHP
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2025-3278 CRITICAL Act Now

The UrbanGo Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.0.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Privilege Escalation PHP
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2025-3816 MEDIUM POC This Month

A vulnerability classified as critical was found in westboy CicadasCMS 2.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cicadascms
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
3.9%
CVE-2025-3807 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in zhenfeng13 My-BBS 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass File Upload Java My Bbs
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-3808 MEDIUM POC This Month

A vulnerability has been found in zhenfeng13 My-BBS 1.0 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF My Bbs
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3817 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in SourceCodester Online Eyewear Shop 1.0.php?f=delete_stock. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Eyewear Shop
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3404 HIGH This Week

The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the savePackage function in all versions up to, and including, 3.3.12. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress PHP RCE Path Traversal
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2025-3798 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in WCMS 11.php of the component Advertisement Image Handler. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass File Upload Wcms
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.4%
CVE-2025-3797 MEDIUM POC This Month

A vulnerability classified as critical was found in SeaCMS up to 13.3. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Seacms
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.2%
CVE-2025-3801 MEDIUM POC PATCH This Month

A vulnerability was found in songquanpeng one-api up to 0.6.10. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Suse
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.2%
CVE-2025-43917 HIGH This Week

In Pritunl Client before 1.3.4220.57, an administrator with access to /Applications can escalate privileges after uninstalling the product. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
8.2
EPSS
0.1%
CVE-2025-3103 HIGH This Week

The CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon plugin for WordPress is vulnerable to arbitrary file read due to insufficient file path validation in the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure WordPress PHP
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-2111 HIGH This Week

The Insert Headers And Footers plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

WordPress CSRF PHP
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-3809 HIGH This Week

The Debug Log Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the auto-refresh debug log in all versions up to, and including, 2.3.4 due to insufficient input. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2023-26819 LOW POC Monitor

{"a": true, "b": [ null,9999999999999999999999999999999999999999999999912345678901234567]}. Rated low severity (CVSS 2.9), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Denial Of Service Cjson
NVD GitHub
CVSS 3.1
2.9
EPSS
0.1%
CVE-2022-47112 LOW POC Monitor

7-Zip 22.01 does not report an error for certain invalid xz files, involving stream flags and reserved bits. Rated low severity (CVSS 2.5), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure 7 Zip
NVD GitHub
CVSS 3.1
2.5
EPSS
0.1%
CVE-2022-47111 LOW POC Monitor

7-Zip 22.01 does not report an error for certain invalid xz files, involving block flags and reserved bits. Rated low severity (CVSS 2.5), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure 7 Zip
NVD GitHub
CVSS 3.1
2.5
EPSS
0.1%
CVE-2025-1457 MEDIUM This Month

The Element Pack Addons for Elementor - Free Templates and Widgets for Your WordPress Websites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Wrapper Link, Countdown and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-3661 MEDIUM This Month

The SB Chart block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 1.2.6 due to insufficient input sanitization. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-3275 MEDIUM This Month

The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the TF E Slider widget in all versions up to, and including, 2.2.5 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-43918 MEDIUM This Month

SSL.com before 2025-04-19, when domain validation method 3.2.2.4.14 is used, processes certificate requests such that a trusted TLS certificate may be issued for the domain name of a requester's. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-3818 MEDIUM This Month

A vulnerability, which was classified as critical, was found in webpy web.py 0.70. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-3806 MEDIUM This Month

A vulnerability, which was classified as problematic, has been found in dazhouda lecms up to 3.0.3. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.2%
CVE-2025-3805 MEDIUM This Month

A vulnerability classified as critical was found in sarrionandia tournatrack up to 4c13a23f43da5317eea4614870a7a8510fc540ec. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-3804 MEDIUM This Month

A vulnerability classified as critical has been found in thautwarm vscode-diana 0.0.1. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-3284 MEDIUM This Month

The User Registration & Membership - Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2023-30421 LOW Monitor

mystrtod in mjson 1.2.7 requires more than a billion iterations during processing of certain digit strings such as 8891110122900e913013935755114. Rated low severity (CVSS 2.9), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
2.9
EPSS
0.1%
CVE-2025-43901 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-43900 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-43899 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-43898 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-43897 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-43896 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-43895 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-43894 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-43893 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy