Skip to main content
CVE-2025-5367 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Online Shopping Portal Project 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Shopping Portal
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2018-25111 MEDIUM POC PATCH This Month

django-helpdesk before 1.0.0 allows Sensitive Data Exposure because of os.umask(0) in models.py. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Python Information Disclosure Django Helpdesk
NVD GitHub
CVSS 3.1
5.1
EPSS
0.1%
CVE-2025-5383 MEDIUM POC This Month

A vulnerability was found in Yifang CMS up to 2.0.2 and classified as problematic. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Yifang
NVD VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-4590 MEDIUM This Month

The Daisycon prijsvergelijkers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'daisycon_uitvaart' shortcode in all versions up to, and including, 4.8.4 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-5285 MEDIUM This Month

The Product Subtitle for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘htmlTag’ parameter in all versions up to, and including, 1.3.9 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-5016 MEDIUM This Month

The Relevanssi - A Better Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Excerpt Highlights in all versions up to, and including, 4.24.5 (Free) and 2.27.6 (Premium). Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
4.7
EPSS
0.4%
CVE-2025-5390 MEDIUM This Month

A vulnerability, which was classified as critical, was found in JeeWMS up to 20250504. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jeewms
NVD VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-5389 MEDIUM This Month

A vulnerability, which was classified as critical, has been found in JeeWMS up to 20250504. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jeewms
NVD VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-5388 MEDIUM This Month

A vulnerability classified as critical was found in JeeWMS up to 20250504. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Jeewms
NVD VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-5387 MEDIUM This Month

A vulnerability classified as critical has been found in JeeWMS up to 20250504. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jeewms
NVD VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-5386 MEDIUM This Month

A vulnerability was found in JeeWMS up to 20250504. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Jeewms
NVD VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-5385 MEDIUM This Month

A vulnerability was found in JeeWMS up to 20250504. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Jeewms
NVD VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2025-5384 MEDIUM This Month

A vulnerability was found in JeeWMS up to 20250504. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Jeewms
NVD VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-5381 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in Yifang CMS up to 2.0.2. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Yifang
NVD VulDB
CVSS 4.0
5.1
EPSS
1.3%
CVE-2025-5380 MEDIUM This Month

A vulnerability, which was classified as critical, has been found in ashinigit 天青一白 XueShengZhuSu 学生住宿管理系统 up to 4d3f0ada0e71482c1e51fd5f5615e5a3d8bcbfbb. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal File Upload
NVD VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-5379 MEDIUM This Month

A vulnerability classified as critical was found in NuCom NC-WR744G 8.5.5 Build 20200530.307. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-5378 MEDIUM This Month

A vulnerability classified as problematic has been found in Astun Technology iShare Maps 5.4.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ishare Maps
NVD VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-5377 MEDIUM This Month

A vulnerability was found in Astun Technology iShare Maps 5.4.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ishare Maps
NVD VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-5376 MEDIUM POC This Week

A vulnerability was found in SourceCodester Health Center Patient Record Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Health Center Patient Record Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4857 HIGH PATCH This Month

The Newsletters plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.9.9.9 via the 'file' parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Information Disclosure PHP RCE WordPress Path Traversal +1
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2025-4691 MEDIUM PATCH This Month

The Free Booking Plugin for Hotels, Restaurants and Car Rentals - eaSYNC Booking plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.21. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Authentication Bypass Easync PHP
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-5375 MEDIUM POC This Month

A vulnerability was found in PHPGurukul HPGurukul Online Birth Certificate System 2.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Birth Certificate System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-5374 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Online Birth Certificate System 2.0 and classified as critical.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Birth Certificate System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-5373 MEDIUM POC This Month

A vulnerability has been found in PHPGurukul Online Birth Certificate System 2.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Birth Certificate System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-5371 MEDIUM POC This Week

A vulnerability, which was classified as critical, has been found in SourceCodester Health Center Patient Record Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Health Center Patient Record Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-5290 MEDIUM This Month

The Borderless - Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including, 1.7.1 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2025-3813 MEDIUM This Month

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_elementor_data’ parameter in all versions up to, and including, 1.7.1020 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Royal Elementor Addons PHP Elementor
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-5292 MEDIUM This Month

The Element Pack Addons for Elementor - Best Elementor addons with Ready Templates, Blocks, Widgets and WooCommerce Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-4672 HIGH This Month

The Offsprout Page Builder plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization placed on the permission_callback() function in versions 2.2.1 to 2.15.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Privilege Escalation PHP
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-4631 CRITICAL This Week

The Profitori plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the stocktend_object endpoint in versions 2.0.6.0 to 2.1.1.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Privilege Escalation PHP
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2025-4607 CRITICAL This Week

The PSW Front-end Login & Registration plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.12 via the customer_registration() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Privilege Escalation PHP
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2025-4595 MEDIUM This Month

The FastSpring plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fastspring/block-fastspringblocks-complete-product-catalog' block in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-4103 HIGH This Month

The WP-GeoMeta plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the wp_ajax_wpgm_start_geojson_import() function in versions 0.3.4 to 0.3.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Privilege Escalation PHP
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-5370 MEDIUM POC This Week

A vulnerability classified as critical was found in PHPGurukul News Portal 4.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi News Portal Project
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-5369 MEDIUM POC This Week

A vulnerability classified as critical has been found in SourceCodester PHP Display Username After Login 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Display Username After Login
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-5368 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Daily Expense Tracker System 1.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Daily Expense Tracker System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-5365 MEDIUM POC This Week

A vulnerability was found in Campcodes Online Hospital Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Hospital Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy