Skip to main content
CVE-2025-4602 MEDIUM POC This Month

The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Reads in all versions up to, and including, 1.2.5 via the get_file() function. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

WordPress Information Disclosure
NVD GitHub
CVSS 3.1
5.9
EPSS
0.4%
CVE-2025-5055 MEDIUM This Month

The Smart Forms - when you need more than just a contact form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.6.98 due to. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2025-5135 MEDIUM POC Monitor

A vulnerability, which was classified as problematic, has been found in Tmall Demo up to 20250505. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tmall Demo
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.3%
CVE-2025-5134 MEDIUM POC This Month

A vulnerability classified as problematic was found in Tmall Demo up to 20250505. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tmall Demo
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.2%
CVE-2025-5133 MEDIUM POC This Month

A vulnerability classified as problematic has been found in Tmall Demo up to 20250505. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tmall Demo
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-5132 MEDIUM POC This Month

A vulnerability was found in Tmall Demo up to 20250505. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Tmall Demo
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-5131 MEDIUM POC This Month

A vulnerability was found in Tmall Demo up to 20250505. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass File Upload Tmall Demo
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.5%
CVE-2025-5130 MEDIUM POC This Month

A vulnerability was found in Tmall Demo up to 20250505. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass File Upload Tmall Demo
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.3%
CVE-2025-5128 MEDIUM POC This Week

A vulnerability, which was classified as critical, was found in ScriptAndTools Real-Estate-website-in-PHP 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Real Estate Management System
NVD VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4223 MEDIUM Monitor

The Page Builder: Pagelayer - Drag and Drop website builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘login_url’ parameter in all versions up to, and including,. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
4.7
EPSS
0.4%
CVE-2025-3869 MEDIUM This Month

The 4stats plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.9. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress PHP CSRF XSS
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-13427 MEDIUM This Month

The Page Builder: Pagelayer - Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button widget in all versions up to, and including,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy