Skip to main content
CVE-2025-52790 HIGH This Week

CVE-2025-52790 is a CSRF vulnerability in the r-win WP-DownloadCounter WordPress plugin (versions through 1.01) that enables Stored XSS attacks. An attacker can craft malicious requests that, when clicked by an administrator, inject persistent JavaScript into the plugin's data storage, affecting all site visitors. The CVSS 7.1 score reflects moderate severity with network-based attack delivery and user interaction requirements, though the actual exploitability and active exploitation status require verification against KEV and EPSS data.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-52789 HIGH This Week

A cross-site scripting vulnerability in George Lewe Lewe ChordPress allows Stored XSS (CVSS 7.1). High severity vulnerability requiring prompt remediation.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-52784 HIGH This Week

CVE-2025-52784 is a Cross-Site Request Forgery (CSRF) vulnerability in hideoguchi Bluff Post that enables Stored XSS attacks, affecting versions through 1.1.1. An unauthenticated attacker can craft malicious requests to inject persistent JavaScript payloads that execute in victims' browsers when they view affected content, potentially leading to session hijacking, credential theft, or defacement. The vulnerability has a CVSS score of 7.1 (High) with network-based attack vector and low complexity, indicating moderate real-world risk.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-52783 HIGH This Week

A remote code execution vulnerability in themelocation Change Cart button Colors WooCommerce allows Stored XSS (CVSS 7.1). High severity vulnerability requiring prompt remediation.

WordPress CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-52781 HIGH This Week

CVE-2025-52781 is a Cross-Site Request Forgery (CSRF) vulnerability in Beee TinyNav versions up to 1.4 that enables Stored XSS attacks. An unauthenticated attacker can craft malicious requests to inject persistent JavaScript payloads into the application, which are then executed in the browsers of other users who interact with the compromised content. With a CVSS score of 7.1 and network-based attack vector requiring only user interaction, this vulnerability poses a moderate-to-significant risk to affected deployments, particularly if actively exploited in the wild or publicly disclosed with proof-of-concept code.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-52780 HIGH This Week

CVE-2025-52780 is a CSRF vulnerability in Mohammad Parsa Logo Manager For Samandehi (versions through 0.5) that enables Stored XSS attacks, allowing unauthenticated attackers to perform unauthorized actions and inject malicious scripts affecting other users. The vulnerability has a CVSS score of 7.1 (High) and exploits weak CSRF protections in an admin/management plugin, with the attack requiring user interaction (UI:R) but affecting multiple users via stored payload persistence.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-52772 HIGH This Week

CVE-2025-52772 is a CSRF vulnerability in Adnan Haque's Virtual Moderator plugin (versions through 1.4) that enables Cross-Site Scripting (XSS) attacks. An unauthenticated attacker can exploit this via a malicious webpage to perform unauthorized actions and inject malicious scripts, potentially compromising user sessions and data. With a CVSS score of 7.1 and network-accessible attack vector requiring only user interaction, this vulnerability poses a moderate-to-significant risk to affected installations, though exploitation requires social engineering to trick users into visiting attacker-controlled sites.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-52795 HIGH This Week

CVE-2025-52795 is a Cross-Site Request Forgery (CSRF) vulnerability in the aharonyan WP Front User Submit / Front Editor WordPress plugin (versions up to 4.9.4) that allows unauthenticated attackers to perform unauthorized actions on behalf of authenticated users. The vulnerability has a CVSS score of 7.1 with high availability impact, enabling attackers to modify or delete user-submitted content through malicious web requests without user consent.

CSRF
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2024-4025 MEDIUM PATCH This Month

A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions from 7.10 prior before 16.11.5, version 17.0 before 17.0.3, and 17.1 before 17.1.1. It is possible for an attacker to cause a denial of service using a crafted markdown page.

Gitlab Denial Of Service Ubuntu Debian
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-50034 MEDIUM This Month

A security vulnerability in Missing Authorization vulnerability in Mahmudul (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-52733 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Anonform Ab ANON::form embedded secure form allows DOM-Based XSS. This issue affects ANON::form embedded secure form: from n/a through 1.7.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-52707 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FirelightWP Firelight Lightbox allows Stored XSS. This issue affects Firelight Lightbox: from n/a through 2.3.16.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-50051 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chad Butler WP-Members allows Stored XSS.This issue affects WP-Members: from n/a through 3.5.4.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-50050 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BlueGlass Interactive AG Jobs for WordPress allows Stored XSS. This issue affects Jobs for WordPress: from n/a through 2.7.12.

WordPress XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-50049 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in prismtechstudios Modern Footnotes allows Stored XSS. This issue affects Modern Footnotes: from n/a through 1.4.19.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-50048 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Atakan Au Automatically Hierarchic Categories in Menu allows Stored XSS. This issue affects Automatically Hierarchic Categories in Menu: from n/a through 2.0.9.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-50047 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webvitaly Sitekit allows Stored XSS. This issue affects Sitekit: from n/a through 1.9.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-50046 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StellarWP WPComplete allows Stored XSS. This issue affects WPComplete: from n/a through 2.9.5.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-50045 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ProWCPlugins Related Products Manager for WooCommerce allows DOM-Based XSS. This issue affects Related Products Manager for WooCommerce: from n/a through 1.6.2.

WordPress XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-50043 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jordy Meow Code Engine allows Stored XSS. This issue affects Code Engine: from n/a through 0.3.2.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-50042 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aviplugins.com WP Register Profile With Shortcode allows Stored XSS. This issue affects WP Register Profile With Shortcode: from n/a through 3.6.1.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-50041 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Engine Gutenberg Blocks - ACF Blocks Suite allows Stored XSS. This issue affects Gutenberg Blocks - ACF Blocks Suite: from n/a through 2.6.11.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-50038 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in anantaddons Anant Addons for Elementor allows Stored XSS. This issue affects Anant Addons for Elementor: from n/a through 1.2.0.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-50037 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Buying Buddy Buying Buddy IDX CRM allows DOM-Based XSS. This issue affects Buying Buddy IDX CRM: from n/a through 2.3.0.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-50035 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CyrilG Fyrebox Quizzes allows Stored XSS. This issue affects Fyrebox Quizzes: from n/a through 3.0.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-50033 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sparkle Themes Fitness Park allows DOM-Based XSS. This issue affects Fitness Park: from n/a through 1.1.1.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-50030 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sparkle Themes Spark Multipurpose allows DOM-Based XSS. This issue affects Spark Multipurpose: from n/a through 1.0.7.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-50044 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Rameez Iqbal Real Estate Manager allows Cross Site Request Forgery. This issue affects Real Estate Manager: from n/a through 7.3.

CSRF
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-50036 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Yamna Khawaja Mailing Group Listserv allows Cross Site Request Forgery. This issue affects Mailing Group Listserv: from n/a through 3.0.5.

CSRF
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-6257 MEDIUM This Month

The Euro FxRef Currency Converter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's currency shortcode in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

WordPress XSS PHP
NVD GitHub
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-52713 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid - Visual Drag and Drop Editor allows Server Side Request Forgery. This issue affects Post and Page Builder by BoldGrid - Visual Drag and Drop Editor: from n/a through 1.27.8.

SSRF
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-6299 LOW POC Monitor

A vulnerability classified as critical has been found in TOTOLINK N150RT 3.4.0-B20190525. This affects an unknown part of the file /boa/formWSC. The manipulation of the argument targetAPSsid leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Command Injection
NVD VulDB
CVSS 4.0
2.0
EPSS
1.7%
CVE-2025-48058 MEDIUM PATCH This Month

PowSyBl (Power System Blocks) is a framework to build power system oriented software. Prior to version 6.7.2, there is a potential polynomial Regular Expression Denial of Service (ReDoS) vulnerability in the PowSyBl's DataSource mechanism. If successfully exploited, a malicious actor can cause significant CPU consumption due to regex backtracking - even with polynomial patterns. This issue has been patched in com.powsybl:powsybl-commons: 6.7.2.

Denial Of Service
NVD GitHub
CVSS 4.0
6.3
EPSS
0.1%
CVE-2025-6329 LOW POC Monitor

A vulnerability was found in ScriptAndTools Real Estate Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file userdelete.php of the component User Delete Handler. The manipulation of the argument ID leads to authorization bypass. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP Authentication Bypass
NVD VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-6341 LOW POC Monitor

A vulnerability classified as problematic was found in code-projects School Fees Payment System 1.0. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CSRF
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-6351 LOW POC Monitor

A vulnerability was found in itsourcecode Employee Record Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /editprofile.php. The manipulation of the argument emp1name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-6346 LOW POC Monitor

A vulnerability was found in SourceCodester Advance Charity Management System 1.0. It has been classified as critical. This affects an unknown part of the file /members/fundDetails.php. The manipulation of the argument m06 leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-6333 LOW POC Monitor

A vulnerability, which was classified as critical, was found in PHPGurukul Directory Management System 2.0. This affects an unknown part of the file /admin/admin-profile.php. The manipulation of the argument adminname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-6332 LOW POC Monitor

A vulnerability, which was classified as critical, has been found in PHPGurukul Directory Management System 2.0. Affected by this issue is some unknown functionality of the file /admin/manage-directory.php. The manipulation of the argument del leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-6331 LOW POC Monitor

A vulnerability classified as critical was found in PHPGurukul Directory Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/search-directory.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-6321 LOW POC Monitor

A vulnerability has been found in PHPGurukul Pre-School Enrollment System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/add-subadmin.php. The manipulation of the argument sadminusername leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-6320 LOW POC Monitor

A vulnerability, which was classified as critical, was found in PHPGurukul Pre-School Enrollment System 1.0. Affected is an unknown function of the file /admin/add-class.php. The manipulation of the argument classname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-6319 LOW POC Monitor

A vulnerability, which was classified as critical, has been found in PHPGurukul Pre-School Enrollment System 1.0. This issue affects some unknown processing of the file /admin/add-teacher.php. The manipulation of the argument tsubject leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-6309 LOW POC Monitor

A vulnerability classified as critical was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/add-ambulance.php. The manipulation of the argument ambregnum leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-6308 LOW POC Monitor

A vulnerability classified as critical has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected is an unknown function of the file /admin/bwdates-request-report-details.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-6335 LOW POC Monitor

A vulnerability was found in DedeCMS up to 5.7.2 and classified as critical. This issue affects some unknown processing of the file /include/dedetag.class.php of the component Template Handler. The manipulation of the argument notes leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP Command Injection
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.2%
CVE-2025-6353 LOW POC Monitor

A vulnerability classified as problematic was found in code-projects Responsive Blog 1.0. Affected by this vulnerability is an unknown functionality of the file /search.php. The manipulation of the argument keyword leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

PHP XSS
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-6345 LOW POC Monitor

A vulnerability was found in SourceCodester My Food Recipe 1.0 and classified as problematic. Affected by this issue is the function addRecipeModal of the file /endpoint/add-recipe.php of the component Add Recipe Page. The manipulation of the argument Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

PHP XSS
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-6340 LOW POC Monitor

A vulnerability classified as problematic has been found in code-projects School Fees Payment System 1.0. This affects an unknown part of the file /branch.php. The manipulation of the argument Branch/Address/Detail leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

PHP XSS
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-6193 MEDIUM PATCH This Month

A command injection vulnerability was discovered in the TrustyAI Explainability toolkit.

Command Injection Red Hat
NVD GitHub
CVSS 3.1
5.9
EPSS
0.1%
Prev Page 3 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy