Skip to main content
CVE-2025-4723 MEDIUM POC This Week

A vulnerability classified as critical was found in itsourcecode Placement Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Placement Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4722 MEDIUM POC This Week

A vulnerability classified as critical has been found in itsourcecode Placement Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Placement Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4721 MEDIUM POC This Week

A vulnerability was found in itsourcecode Placement Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Placement Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4720 MEDIUM POC This Month

A vulnerability was found in SourceCodester Student Result Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Student Result Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2025-4719 MEDIUM POC This Week

A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Sales And Inventory System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-4718 MEDIUM POC This Week

A vulnerability has been found in Campcodes Sales and Inventory System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Sales And Inventory System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-1138 MEDIUM Monitor

IBM InfoSphere Information Server 11.7 could disclose sensitive information to an authenticated user that could aid in further attacks against the system through a directory listing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Infosphere Information Server Infosphere Information Server On Cloud
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-4717 MEDIUM POC This Week

A vulnerability, which was classified as critical, was found in PHPGurukul Company Visitor Management System 2.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Company Visitor Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4716 MEDIUM POC This Week

A vulnerability was found in Campcodes Sales and Inventory System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Sales And Inventory System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4715 MEDIUM POC This Week

A vulnerability was found in Campcodes Sales and Inventory System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Sales And Inventory System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-47789 MEDIUM PATCH This Month

Horilla is a free and open source Human Resource Management System (HRMS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Horilla
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-47784 MEDIUM PATCH This Month

Emlog is an open source website building system. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Emlog
NVD GitHub
CVSS 4.0
6.6
EPSS
0.8%
CVE-2025-46834 MEDIUM This Month

Alchemy's Modular Account is a smart contract account that is compatible with ERC-4337 and ERC-6900. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 4.0
6.6
EPSS
0.4%
CVE-2025-2203 MEDIUM POC This Month

The FunnelKit WordPress plugin before 3.10.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Funnel Builder PHP
NVD WPScan
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-1454 MEDIUM POC This Month

The Ninja Pages WordPress plugin through 1.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Ninja Pages PHP
NVD WPScan
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-1289 MEDIUM POC Monitor

The Plugin Oficial WordPress plugin through 1.7.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Plugin Oficial PHP
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2025-1288 MEDIUM POC This Month

The WOOEXIM WordPress plugin through 5.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make an unauthenticated user. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF XSS Wooexim PHP
NVD WPScan
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-1286 MEDIUM POC This Month

The Download HTML TinyMCE Button WordPress plugin through 1.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Download Html Tinymce Button PHP
NVD WPScan
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-1033 MEDIUM POC Monitor

The Badgearoo WordPress plugin through 1.0.14 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Badgearoo PHP
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2025-0688 MEDIUM POC This Month

The Spiritual Gifts Survey (and optional S.H.A.P.E survey) WordPress plugin through 0.9.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Spiritual Gifts Survey And Optional S H A P E Survey PHP
NVD WPScan
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-0687 MEDIUM POC This Month

The Spiritual Gifts Survey (and optional S.H.A.P.E survey) WordPress plugin through 0.9.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Spiritual Gifts Survey And Optional S H A P E Survey PHP
NVD WPScan
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-0329 MEDIUM POC Monitor

The AI ChatBot for WordPress WordPress plugin before 6.2.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wpbot PHP
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-9882 MEDIUM POC Monitor

The Salon Booking System, Appointment Scheduling for Salons, Spas & Small Businesses WordPress plugin before 1.9.4 does not sanitise and escape some of its settings, which could allow high privilege. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Salon Booking System
NVD WPScan
CVSS 3.1
4.8
EPSS
0.1%
CVE-2024-9879 MEDIUM POC This Month

The Melapress File Monitor WordPress plugin before 2.1.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Melapress File Monitor
NVD WPScan
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-9838 MEDIUM POC This Month

The Auto Affiliate Links WordPress plugin before 6.4.7 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Auto Affiliate Links
NVD WPScan
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-9711 MEDIUM POC This Month

The EKC Tournament Manager WordPress plugin before 2.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Ekc Tournament Manager
NVD WPScan
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-9709 MEDIUM POC This Month

The EKC Tournament Manager WordPress plugin before 2.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Ekc Tournament Manager
NVD WPScan
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-9663 MEDIUM POC This Month

The CYAN Backup WordPress plugin before 2.5.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Cyan Backup
NVD WPScan
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-9662 MEDIUM POC This Month

The CYAN Backup WordPress plugin before 2.5.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Cyan Backup
NVD WPScan
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-9645 MEDIUM POC This Month

The Post Grid, Posts Slider, Posts Carousel, Post Filter, Post Masonry WordPress plugin before 2.2.93 does not validate and escape some of its block options before outputting them back in a page/post. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Post Grid
NVD WPScan
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-9599 MEDIUM POC This Month

The Popup Box WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Popup Box
NVD WPScan
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-9390 MEDIUM POC Monitor

The RegistrationMagic WordPress plugin before 6.0.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Registrationmagic
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-9236 MEDIUM POC Monitor

The Team WordPress plugin before 4.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Team Wordpress Team Members Showcase
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-9233 MEDIUM POC Monitor

The Logo Slider WordPress plugin before 3.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Logo Slider
NVD WPScan
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-9227 MEDIUM POC Monitor

The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.9.18 does not sanitise and escape some of its settings when adding a podcast, which could allow admin users to perform Stored. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Powerpress
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-9182 MEDIUM POC Monitor

The Maspik WordPress plugin before 2.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Maspik
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-8854 MEDIUM POC This Month

The Polls CP WordPress plugin before 1.0.77 does not sanitise and escape some of its poll settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Polls Cp
NVD WPScan
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-8851 MEDIUM POC This Month

The Polls CP WordPress plugin before 1.0.77 does not sanitise and escape some of its poll settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Polls Cp
NVD WPScan
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-8759 MEDIUM POC Monitor

The Nested Pages WordPress plugin before 3.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Nested Pages
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-8703 MEDIUM POC This Month

The Z-Downloads WordPress plugin before 1.11.6 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated visitors to perform Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Z Downloads
NVD WPScan
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-8702 MEDIUM POC Monitor

The Backup Database WordPress plugin through 4.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Backup Database
NVD WPScan
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-8701 MEDIUM POC Monitor

The events-calendar WordPress plugin through 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Events Calendar
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-8670 MEDIUM POC Monitor

The Photo Gallery by 10Web WordPress plugin before 1.8.29 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Photo Gallery
NVD WPScan
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-8620 MEDIUM POC Monitor

The MapPress Maps for WordPress plugin before 2.93 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Mappress
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-8619 MEDIUM POC Monitor

The Ajax Search Lite WordPress plugin before 4.12.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Ajax Search
NVD WPScan
CVSS 3.1
4.8
EPSS
0.0%
CVE-2024-8618 MEDIUM POC Monitor

The Page Builder: Pagelayer WordPress plugin before 1.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Pagelayer
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-8617 MEDIUM POC Monitor

The Quiz Maker WordPress plugin before 6.5.9.9 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Quiz Maker
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-8542 MEDIUM POC Monitor

The Everest Forms WordPress plugin before 3.0.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Everest Forms
NVD WPScan
CVSS 3.1
4.8
EPSS
0.1%
CVE-2024-8493 MEDIUM POC Monitor

The Events Calendar WordPress plugin before 6.6.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS The Events Calendar
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-8492 MEDIUM POC Monitor

The Hustle WordPress plugin through 7.8.5 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Hustle
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
Prev Page 3 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy