Skip to main content
CVE-2025-5058 CRITICAL POC Act Now

The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the set_image() function in all versions up to, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress RCE File Upload
NVD GitHub
CVSS 3.1
9.8
EPSS
3.1%
CVE-2025-4603 CRITICAL POC Act Now

The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_file() function in all versions up to,. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP RCE
NVD GitHub
CVSS 3.1
9.1
EPSS
3.0%
CVE-2025-4336 HIGH POC This Week

The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the set_file() function in all versions up to, and. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

WordPress RCE File Upload
NVD GitHub
CVSS 3.1
8.1
EPSS
1.9%
CVE-2025-4602 MEDIUM POC This Month

The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Reads in all versions up to, and including, 1.2.5 via the get_file() function. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

WordPress Information Disclosure
NVD GitHub
CVSS 3.1
5.9
EPSS
0.4%
CVE-2025-5127 LOW POC Monitor

A vulnerability was determined in Teledyne FLIR AX8 up to 1.46.16.php. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.2%
CVE-2025-5055 MEDIUM This Month

The Smart Forms - when you need more than just a contact form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.6.98 due to. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2025-5135 MEDIUM POC Monitor

A vulnerability, which was classified as problematic, has been found in Tmall Demo up to 20250505. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tmall Demo
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.3%
CVE-2025-5134 MEDIUM POC This Month

A vulnerability classified as problematic was found in Tmall Demo up to 20250505. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tmall Demo
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.2%
CVE-2025-5133 MEDIUM POC This Month

A vulnerability classified as problematic has been found in Tmall Demo up to 20250505. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tmall Demo
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-5132 MEDIUM POC This Month

A vulnerability was found in Tmall Demo up to 20250505. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Tmall Demo
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-5131 MEDIUM POC This Month

A vulnerability was found in Tmall Demo up to 20250505. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass File Upload Tmall Demo
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.5%
CVE-2025-5130 MEDIUM POC This Month

A vulnerability was found in Tmall Demo up to 20250505. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass File Upload Tmall Demo
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.3%
CVE-2025-5129 HIGH POC This Month

A vulnerability has been found in Sangfor 零信任访问控制系统 aTrust 2.3.10.60 and classified as critical. Rated high severity (CVSS 7.3). Public exploit code available and no vendor patch available.

Information Disclosure Atrust
NVD VulDB
CVSS 4.0
7.3
EPSS
0.1%
CVE-2025-5128 MEDIUM POC This Week

A vulnerability, which was classified as critical, was found in ScriptAndTools Real-Estate-website-in-PHP 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Real Estate Management System
NVD VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-5126 HIGH POC THREAT This Month

A vulnerability was found in Teledyne FLIR AX8 up to 1.46.16. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 10.9%.

Command Injection PHP Flir Ax8 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
10.9%
CVE-2025-5124 CRITICAL POC Act Now

A vulnerability classified as critical has been found in Sony SNC-M1, SNC-M3, SNC-RZ25N, SNC-RZ30N, SNC-DS10, SNC-CS3N and SNC-RX570N up to 1.30. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
9.2
EPSS
0.6%
CVE-2025-4223 MEDIUM Monitor

The Page Builder: Pagelayer - Drag and Drop website builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘login_url’ parameter in all versions up to, and including,. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
4.7
EPSS
0.4%
CVE-2025-48756 LOW POC Monitor

In group_number in the scsir crate 0.2.0 for Rust, there can be an overflow because a hardware device may expect a small number of bits (e.g., 5 bits) for group number. Rated low severity (CVSS 2.9), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Scsir
NVD GitHub
CVSS 3.1
2.9
EPSS
0.2%
CVE-2025-48755 LOW POC Monitor

In the spiral-rs crate 0.2.0 for Rust, allocation can be attempted for a ZST (zero-sized type). Rated low severity (CVSS 2.9), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Spiral Rs
NVD GitHub
CVSS 3.1
2.9
EPSS
0.2%
CVE-2025-48754 LOW POC Monitor

In the memory_pages crate 0.1.0 for Rust, division by zero can occur. Rated low severity (CVSS 2.9), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Memory Pages
NVD GitHub
CVSS 3.1
2.9
EPSS
0.2%
CVE-2025-48753 LOW POC Monitor

In the anode crate 0.1.0 for Rust, data races can occur in unlock in SpinLock. Rated low severity (CVSS 2.9), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Race Condition Anode
NVD GitHub
CVSS 3.1
2.9
EPSS
0.2%
CVE-2025-48752 LOW POC Monitor

In the process-sync crate 0.2.2 for Rust, the drop function lacks a check for whether the pthread_mutex is unlocked. Rated low severity (CVSS 2.9), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Information Disclosure Process Sync
NVD GitHub
CVSS 3.1
2.9
EPSS
0.2%
CVE-2025-48751 LOW POC Monitor

The process_lock crate 0.1.0 for Rust allows data races in unlock. Rated low severity (CVSS 2.9), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Race Condition Process Lock
NVD GitHub
CVSS 3.1
2.9
EPSS
0.2%
CVE-2025-3869 MEDIUM This Month

The 4stats plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.9. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress PHP CSRF XSS
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-13427 MEDIUM This Month

The Page Builder: Pagelayer - Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button widget in all versions up to, and including,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy