Skip to main content
CVE-2025-62044 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem Theme Elements (for WPBakery) thegem-elements.10.5.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-62032 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Cloud Library td-cloud-library allows DOM-Based XSS.9.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-62030 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Composer td-composer.4.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-62012 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem (Elementor) thegem-elementor.10.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-62011 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem thegem.10.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-59392 MEDIUM This Month

On Elspec G5 devices through 1.2.2.19, a person with physical access to the device can reset the Admin password by inserting a USB drive (containing a publicly documented reset string) into a USB. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure G5Dfr Firmware
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-22288 MEDIUM Monitor

Path Traversal: '.../...//' vulnerability in WPMU DEV - Your All-in-One WordPress Platform Smush Image Compression and Optimization wp-smushit allows Path Traversal.17.0. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Path Traversal PHP
NVD
CVSS 3.1
4.1
EPSS
0.1%
CVE-2025-36054 MEDIUM PATCH This Month

IBM Business Automation Workflow containers 24.0.0 through 24.0.0-IF006, 24.0.1 through 24.0.1-IF004, 25.0.0 through 25.0.0-IF001 and IBM Business Automation Workflow traditional with Process. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Business Automation Workflow Process Federation Server
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-11268 MEDIUM Monitor

The Strong Testimonials plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.2.16. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2025-12360 MEDIUM Monitor

The Better Find and Replace - AI-Powered Suggestions plugin for WordPress is vulnerable to unauthorized API usage due to a missing capability check on the rtafar_ajax() function in all versions up. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-10259 MEDIUM This Month

Improper Validation of Specified Quantity in Input vulnerability in TCP Communication Function on Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote attacker to disconnect. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-12471 MEDIUM This Month

The Hubbub Lite - Fast, free social sharing and follow buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dpsp_list_attention_search' parameter in all versions up. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-61994 MEDIUM Monitor

Cross-site scripting vulnerability exists in GROWI prior to v7.2.10. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-12563 MEDIUM Monitor

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to limited file upload due to an incorrect capability check on theuploadVideo() function in all versions up to,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress File Upload Authentication Bypass PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-11271 MEDIUM This Month

The Easy Digital Downloads plugin for WordPress is vulnerable to Order Manipulation in all versions up to, and including, 3.5.2 due to an order verification bypass. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-10691 MEDIUM Monitor

The Easy Email Subscription plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-10683 MEDIUM Monitor

The Easy Email Subscription plugin for WordPress is vulnerable to SQL Injection via the 'uid' parameter in all versions up to, and including, 1.3 due to insufficient escaping on the user supplied. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi PHP
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-64114 MEDIUM POC PATCH This Week

ClipBucket v5 is an open source video sharing platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Clipbucket
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy