Skip to main content
CVE-2025-2010 HIGH POC THREAT Act Now

The JobWP - Job Board, Job Listing, Career Page and Recruitment Plugin plugin for WordPress is vulnerable to SQL Injection via the 'jobwp_upload_resume' parameter in all versions up to, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 22.8% and no vendor patch available.

WordPress SQLi PHP
NVD
CVSS 3.1
7.5
EPSS
22.8%
CVE-2025-3820 HIGH POC This Week

A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644) and classified as critical. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow W12 Firmware I24 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.6%
CVE-2025-3803 HIGH POC This Week

A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow W12 Firmware I24 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.6%
CVE-2025-3802 HIGH POC This Week

A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow W12 Firmware I24 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.6%
CVE-2024-13926 HIGH POC This Week

The WP-Syntax WordPress plugin through 1.2 does not properly handle input, allowing an attacker to create a post containing a large number of tags, thereby exploiting a catastrophic backtracking. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Denial Of Service Wp Syntax
NVD WPScan
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-3404 HIGH This Week

The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the savePackage function in all versions up to, and including, 3.3.12. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress PHP RCE Path Traversal
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2025-43917 HIGH This Week

In Pritunl Client before 1.3.4220.57, an administrator with access to /Applications can escalate privileges after uninstalling the product. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
8.2
EPSS
0.1%
CVE-2025-3103 HIGH This Week

The CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon plugin for WordPress is vulnerable to arbitrary file read due to insufficient file path validation in the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure WordPress PHP
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-2111 HIGH This Week

The Insert Headers And Footers plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

WordPress CSRF PHP
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-3809 HIGH This Week

The Debug Log Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the auto-refresh debug log in all versions up to, and including, 2.3.4 due to insufficient input. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
7.2
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy