Skip to main content

PHP

24729 CVEs product

Monthly

CVE-2025-13851 CRITICAL Act Now

Privilege escalation via registration in Buyent Classified WordPress plugin.

WordPress Privilege Escalation PHP
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-13842 MEDIUM This Month

The Breadcrumb NavXT plugin for WordPress is vulnerable to authorization bypass through user-controlled key in versions up to and including 7.5.0. This is due to the Gutenberg block renderer trusting the $_REQUEST['post_id'] parameter without verification in the includes/blocks/build/breadcrumb-trail/render.php file. This makes it possible for unauthenticated attackers to enumerate and view breadcrumb trails for draft or private posts by manipulating the post_id parameter, revealing post titl...

WordPress PHP
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-13738 MEDIUM This Month

The Easy Table of Contents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `ez-toc` shortcode in all versions up to, and including, 2.0.78 due to insufficient input sanitization and output escaping on user supplied attributes. [CVSS 6.4 MEDIUM]

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-13732 MEDIUM This Month

The s2Member - Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 's2Eot' shortcode in all versions up to, and including, 251005 due to insufficient input sanitization and output escaping. [CVSS 6.4 MEDIUM]

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-13617 MEDIUM This Month

Apollo13 Framework Extensions (WordPress plugin) is affected by cross-site scripting (xss) (CVSS 6.4).

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-13612 MEDIUM This Month

Album and Image Gallery plus Lightbox (WordPress plugin) is affected by cross-site scripting (xss) (CVSS 6.4).

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-13603 HIGH This Week

WP AUDIO GALLERY (WordPress plugin) versions up to 2.0. is affected by missing authorization (CVSS 8.8).

WordPress PHP
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-13587 MEDIUM This Month

The Two Factor (2FA) Authentication via Email plugin for WordPress is vulnerable to Two-Factor Authentication Bypass in versions up to, and including, 1.9.8. [CVSS 6.5 MEDIUM]

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-13563 CRITICAL Act Now

Privilege escalation in Lizza LMS Pro WordPress plugin <= 1.0.3.

WordPress Privilege Escalation PHP
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-13438 MEDIUM This Month

The Page Title, Description & Open Graph Updater plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.02. This is due to missing nonce validation on multiple AJAX actions including dieno_update_page_title. [CVSS 4.3 MEDIUM]

WordPress CSRF PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-13413 MEDIUM This Month

Country Blocker for AdSense (WordPress plugin) is affected by cross-site request forgery (csrf) (CVSS 4.3).

WordPress CSRF PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-13113 MEDIUM This Month

The Web Accessibility by accessiBe plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11. This is due to the `accessibe_render_js_in_footer()` function logging the complete plugin options array to the browser console on public pages, without restricting output to privileged users or checking for debug mode. This makes it possible for unauthenticated attackers to view sensitive configuration data, including email addresses, accessiBe us...

WordPress Information Disclosure PHP
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-13091 MEDIUM This Month

The Shopire theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the shopire_admin_install_plugin() function in all versions up to, and including, 1.0.57. [CVSS 4.3 MEDIUM]

WordPress PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-13079 MEDIUM This Month

mobile friendly marketing popups. versions up to 4.4.2. contains a security vulnerability (CVSS 5.3).

WordPress PHP
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-13048 MEDIUM This Month

The StatCounter - Free Real Time Visitor Stats plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user's Nickname in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. [CVSS 6.4 MEDIUM]

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-12975 HIGH This Week

The CTX Feed - WooCommerce Product Feed Manager plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the woo_feed_plugin_installing() function in all versions up to, and including, 6.6.11. [CVSS 7.2 HIGH]

WordPress RCE PHP
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2025-12884 MEDIUM This Month

The Advanced Ads - Ad Manager & AdSense plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 2.0.14. This is due to the plugin not properly verifying that a user is authorized to perform an action in the `placement_update_item()` function. [CVSS 4.3 MEDIUM]

WordPress PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-12882 CRITICAL Act Now

Privilege escalation in Clasifico Listing WordPress plugin <= 2.0.

WordPress Privilege Escalation PHP
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-12845 HIGH This Week

The Tablesome Table - Contact Form DB - WPForms, CF7, Gravity, Forminator, Fluent plugin for WordPress is vulnerable to unauthorized access of data that leads to privilege escalation due to a missing capability check on the get_table_data() function in versions 0.5.4 to 1.2.1. [CVSS 8.8 HIGH]

WordPress Privilege Escalation PHP
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-12821 HIGH This Week

The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 0.2.5.6 to 0.2.6.1. This is due to missing or incorrect nonce validation on the newsblogger_install_and_activate_plugin() function. [CVSS 8.8 HIGH]

WordPress RCE CSRF PHP
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-12707 HIGH This Week

The Library Management System plugin for WordPress is vulnerable to SQL Injection via the 'bid' parameter in all versions up to, and including, 3.2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. [CVSS 7.5 HIGH]

WordPress SQLi PHP
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-12500 MEDIUM This Month

The Checkout Field Manager (Checkout Manager) for WooCommerce plugin for WordPress is vulnerable to unauthenticated limited file upload in all versions up to, and including, 7.8.1. This is due to the plugin not properly verifying that a user is authorized to perform file upload actions via the "ajax_checkout_attachment_upload" function. This makes it possible for unauthenticated attackers to upload files to the server, though file types are limited to WordPress's default allowed MIME types (i...

WordPress PHP
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-12448 MEDIUM This Month

The Smartsupp - live chat, AI shopping assistant and chatbots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'code' parameter in all versions up to, and including, 3.9.1 due to insufficient input sanitization and output escaping. [CVSS 6.4 MEDIUM]

WordPress XSS AI / ML PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-12375 MEDIUM This Month

The Printful Integration for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.11 via the advanced size chart REST API endpoint. This is due to insufficient validation of user-supplied URLs before passing them to the download_url() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to make web requests to arbitrary locations originating from the web application which can b...

WordPress SSRF PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-12172 MEDIUM This Month

Mailchimp List Subscribe Form (WordPress plugin) is affected by cross-site request forgery (csrf) (CVSS 4.3).

WordPress CSRF PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-12117 MEDIUM This Month

The Renden theme for WordPress is vulnerable to Stored Cross-Site Scripting via the post title in all versions up to, and including, 1.8.1 due to insufficient input sanitization and output escaping. [CVSS 6.4 MEDIUM]

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-12116 MEDIUM This Month

The Drift theme for WordPress is vulnerable to Stored Cross-Site Scripting via the post title in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. [CVSS 6.4 MEDIUM]

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-12081 MEDIUM This Month

The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the "acf_photo_gallery_edit_save" function in all versions up to, and including, 3.0. [CVSS 4.3 MEDIUM]

WordPress PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-12027 MEDIUM This Month

The Mesmerize Companion plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the "openPageInCustomizer" and "openPageInDefaultEditor" functions in all versions up to, and including, 1.6.158. [CVSS 4.3 MEDIUM]

WordPress PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-11754 HIGH This Week

The GDPR Cookie Consent plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'gdpr/v1/settings' REST API endpoint in all versions up to, and including, 4.1.2. [CVSS 7.5 HIGH]

WordPress PHP
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-11725 MEDIUM This Month

Aruba HiSpeed Cache (WordPress plugin) versions up to 3.0.2. is affected by missing authorization (CVSS 6.5).

WordPress PHP
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-11706 MEDIUM This Month

The Aruba HiSpeed Cache plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the dbstatus parameter in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. [CVSS 6.1 MEDIUM]

WordPress XSS PHP
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-25548 CRITICAL POC PATCH Act Now

Remote Code Execution in InvoicePlane self-hosted invoicing application through code injection. PoC and patch available.

PHP RCE LFI Invoiceplane
NVD GitHub
CVSS 3.1
9.1
EPSS
0.4%
CVE-2026-27180 CRITICAL POC THREAT Emergency

MajorDoMo home automation platform is vulnerable to unauthenticated remote code execution through supply chain compromise via update URL poisoning. The saverestore module exposes its admin() method without authentication due to improper use of gr() (which reads from $_REQUEST), allowing attackers to redirect update URLs and push malicious code packages.

PHP TLS RCE Majordomo
NVD GitHub
CVSS 3.1
9.8
EPSS
61.8%
Threat
5.3
CVE-2026-27179 HIGH POC This Week

Unauthenticated SQL injection in MajorDoMo's commands module allows remote attackers to extract database contents including unsalted MD5 password hashes without authentication, enabling credential compromise and admin panel access. The vulnerability stems from unsanitized $_GET parameters in SQL queries accessible via the /objects/?module=commands endpoint, and public exploit code is available. Affected versions lack a patch and impact both MajorDoMo and PHP installations running this software.

PHP SQLi Majordomo
NVD GitHub
CVSS 3.1
8.2
EPSS
0.1%
CVE-2026-27178 HIGH POC This Week

MajorDomo's shoutbox feature is vulnerable to stored XSS due to unsanitized user input in the /objects/?method= endpoint, allowing unauthenticated attackers to inject malicious scripts that persist in the database. When administrators access the auto-refreshing dashboard, the stored payload executes automatically, enabling session hijacking and cookie theft. Public exploit code exists for this vulnerability, and no patch is currently available.

PHP XSS Majordomo
NVD GitHub
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-27177 HIGH POC This Week

MajorDoMo's unauthenticated /objects/?op=set endpoint fails to sanitize property values, allowing remote attackers to inject stored XSS payloads that execute when administrators access the property editor, with public exploit code available. The vulnerability is compounded by session cookies lacking HttpOnly protection, enabling attackers to enumerate properties via the /api.php/data/ endpoint and hijack admin sessions through JavaScript exfiltration.

PHP IoT XSS Majordomo
NVD GitHub
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-27176 MEDIUM POC This Month

Reflected XSS in MajorDoMo's command.php allows remote attackers to inject arbitrary JavaScript through an unsanitized qry parameter, affecting users who click malicious links. Public exploit code exists for this vulnerability, and no patch is currently available.

PHP XSS Majordomo
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-27175 CRITICAL POC THREAT Emergency

Unauthenticated OS command injection in MajorDoMo via rc/index.php. EPSS 41.7% — the $param variable is passed unsanitized to shell commands. PoC available.

PHP RCE Command Injection Race Condition Majordomo
NVD GitHub
CVSS 3.1
9.8
EPSS
41.7%
Threat
4.7
CVE-2026-27174 CRITICAL POC THREAT Emergency

MajorDoMo home automation platform allows unauthenticated remote code execution through the admin panel's PHP console. An include order bug in panel.class.php causes execution to continue past a redirect() call that lacks an exit statement, allowing unauthenticated requests to reach the PHP code execution functionality in inc_panel_ajax.php.

PHP RCE Majordomo
NVD GitHub
CVSS 3.1
9.8
EPSS
60.3%
Threat
5.3
CVE-2025-70062 MEDIUM POC This Month

Hospital Management System versions up to 4.0 is affected by cross-site request forgery (csrf) (CVSS 6.5).

PHP CSRF Hospital Management System
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-70152 CRITICAL POC Act Now

SQL injection in code-projects Community Project Scholars Tracking System 1.0 admin user management. Allows database compromise via admin panel. PoC available.

PHP SQLi Scholars Tracking System
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-70151 HIGH POC This Week

Scholars Tracking System versions up to 1.0 is affected by unrestricted upload of file with dangerous type (CVSS 8.8).

PHP RCE Scholars Tracking System
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-70150 CRITICAL POC Act Now

Missing authentication in CodeAstro Membership Management System 1.0 delete_members.php allows unauthenticated deletion of member records. PoC available.

PHP Membership Management System
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-70148 HIGH POC This Week

Missing authentication and authorization in print_membership_card.php in CodeAstro Membership Management System 1.0 allows unauthenticated attackers to access membership card data of arbitrary users via direct requests with a manipulated id parameter, resulting in insecure direct object reference (IDOR). [CVSS 7.5 HIGH]

PHP Membership Management System
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-70149 CRITICAL POC Act Now

SQL injection in CodeAstro Membership Management System 1.0 via ID parameter in print_membership_card.php enables unauthenticated database access. PoC available.

PHP SQLi Membership Management System
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-70147 HIGH POC This Week

Online Time Table Generator versions up to 1.0 is affected by missing authentication for critical function (CVSS 7.5).

PHP Online Time Table Generator
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-70141 CRITICAL POC Act Now

Incorrect access control in SourceCodester Customer Support System 1.0 allows unauthenticated access to AJAX dispatcher, enabling full system compromise. PoC available.

PHP Customer Support System
NVD
CVSS 3.1
9.4
EPSS
0.4%
CVE-2025-65791 CRITICAL POC Act Now

Command injection in ZoneMinder v1.36.34 video surveillance system via web/views/image.php. Unsanitized user input enables unauthenticated remote code execution. PoC available.

PHP Command Injection Zoneminder
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2026-1426 HIGH This Week

PHP Object Injection in the Advanced AJAX Product Filters plugin for WordPress (versions up to 3.1.9.6) allows authenticated authors and above to deserialize malicious objects through the Live Composer compatibility layer. While the plugin itself lacks a gadget chain for exploitation, the vulnerability can enable arbitrary file deletion, data theft, or remote code execution if a POP chain exists in installed themes or plugins. No patch is currently available, and exploitation requires valid WordPress user credentials.

WordPress PHP Deserialization
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-1582 LOW Monitor

The WP All Export plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.14 via the export download endpoint. This is due to a PHP type juggling vulnerability in the security token comparison which uses loose comparison (==) instead of strict comparison (===). This makes it possible for unauthenticated attackers to bypass authentication using "magic hash" values when the expected MD5 hash prefix happens to be numeric-looking (matching pa...

WordPress PHP Authentication Bypass Information Disclosure
NVD
CVSS 3.1
3.7
EPSS
0.1%
CVE-2026-1317 MEDIUM This Month

SQL injection in the WP Import - Ultimate CSV Importer plugin for WordPress (versions up to 7.37) allows authenticated subscribers and higher-privileged users to inject malicious SQL commands through specially crafted filenames during file uploads. When the Single Import/Export feature is enabled on PHP versions below 8.0, attackers can extract sensitive database information by exploiting insufficient input validation. The vulnerability requires valid WordPress credentials but poses a medium risk due to its direct access to database contents.

WordPress PHP SQLi
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-8781 MEDIUM This Month

The Bookster - WordPress Appointment Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘raw’ parameter in all versions up to, and including, 2.1.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. [CVSS 4.9 MEDIUM]

WordPress SQLi PHP
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-14799 MEDIUM This Month

The Brevo - Email, SMS, Web Push, Chat, and more. plugin for WordPress is vulnerable to authorization bypass due to type juggling in all versions up to, and including, 3.3.0. This is due to the use of loose comparison (==) instead of strict comparison (===) when validating the installation ID in the `/wp-json/mailin/v1/mailin_disconnect` REST API endpoint. This makes it possible for unauthenticated attackers to disconnect the Brevo integration, delete the API key, remove all subscription form...

WordPress PHP
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-2426 MEDIUM This Month

Arbitrary file deletion in WP-DownloadManager plugin versions up to 1.69 allows high-privileged WordPress administrators to bypass path validation and remove critical system files through directory traversal in the file deletion parameter. Deletion of essential files like wp-config.php can result in remote code execution or complete site compromise. No patch is currently available.

WordPress PHP RCE Path Traversal
NVD GitHub
CVSS 3.1
6.5
EPSS
2.6%
CVE-2025-14444 MEDIUM This Month

The RegistrationMagic - Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to payment bypass due to insufficient verification of data authenticity on the 'process_paypal_sdk_payment' function in all versions up to, and including, 6.0.6.9. [CVSS 5.3 MEDIUM]

WordPress PHP
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-13727 MEDIUM This Month

The Video Share VOD - Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 2.7.11 due to insufficient input sanitization and output escaping. [CVSS 4.4 MEDIUM]

WordPress XSS PHP
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-11185 MEDIUM This Month

The Complianz - GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cmplz-accept-link shortcode in all versions up to, and including, 7.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. [CVSS 6.4 MEDIUM]

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-2296 HIGH This Week

Arbitrary PHP code execution in Product Addons for WooCommerce plugin (versions up to 3.1.0) through unsafe use of eval() on unsanitized conditional logic operators allows Shop Manager-level and higher-privileged WordPress users to execute malicious code on affected servers. The vulnerability stems from insufficient input validation in the evalConditions() function where user-supplied operator parameters are passed directly to PHP's eval() without sanitization. No patch is currently available.

WordPress PHP Code Injection
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-2019 HIGH This Week

Cart All In One For WooCommerce (WordPress plugin) versions up to 1.1.21. contains a security vulnerability (CVSS 7.2).

WordPress PHP Code Injection
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-12356 MEDIUM This Month

The Tickera - Sell Tickets & Manage Events plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_change_ticket_status' AJAX endpoint in all versions up to, and including, 3.5.6.4. [CVSS 4.3 MEDIUM]

WordPress PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-12122 MEDIUM This Month

The Popup Box - Easily Create WordPress Popups plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'iframeBox' shortcode in all versions up to, and including, 3.2.12 due to insufficient input sanitization and output escaping on user supplied attributes. [CVSS 6.4 MEDIUM]

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-11737 MEDIUM This Month

VK All in One Expansion Unit (WordPress plugin) is affected by cross-site scripting (xss) (CVSS 6.4).

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-6460 MEDIUM This Month

Display During Conditional Shortcode (WordPress plugin) is affected by cross-site scripting (xss) (CVSS 6.4).

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-13959 MEDIUM This Month

The Filestack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'filepicker' shortcode in all versions up to, and including, 2.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. [CVSS 6.4 MEDIUM]

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-12075 MEDIUM This Month

The Order Splitter for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wos_troubleshooting' AJAX endpoint in all versions up to, and including, 5.3.5. [CVSS 4.3 MEDIUM]

WordPress PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-12074 MEDIUM This Month

The Context Blog theme for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.5 via the 'context_blog_modal_popup' due to insufficient restrictions on which posts can be included. [CVSS 5.3 MEDIUM]

WordPress Information Disclosure PHP
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-12071 MEDIUM This Month

Frontend User Notes (WordPress plugin) versions up to 2.1.0 is affected by authorization bypass through user-controlled key (CVSS 4.3).

WordPress PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-12037 MEDIUM This Month

WP 404 Auto Redirect to Similar Post (WordPress plugin) is affected by cross-site scripting (xss) (CVSS 4.4).

WordPress XSS PHP
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2024-55270 HIGH POC This Week

phpgurukul Student Management System 1.0 is vulnerable to SQL Injection in studentms/admin/search.php via the searchdata parameter. [CVSS 8.8 HIGH]

PHP SQLi Student Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2024-55271 LOW POC Monitor

Gym Management System versions up to 1.0 is affected by cross-site request forgery (csrf) (CVSS 3.5).

PHP CSRF
NVD GitHub
CVSS 3.1
3.5
EPSS
0.0%
CVE-2025-12062 HIGH This Week

The WP Maps - Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.8.6 via the fc_load_template function. [CVSS 8.8 HIGH]

WordPress PHP LFI
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-2560 LOW POC Monitor

OS command injection in Kodbox up to version 1.64.05 allows remote authenticated attackers to execute arbitrary commands through the localFile parameter in the Media File Preview Plugin's VideoResize class. Public exploit code exists for this vulnerability, and the vendor has not provided patches or responded to disclosure efforts. The attack requires valid credentials but does not need user interaction and can fully compromise affected systems through command execution.

PHP Command Injection
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.3%
CVE-2026-2553 LOW Monitor

SQL injection in the Hotel-Management-System /home.php POST handler allows authenticated remote attackers to manipulate Name/Email parameters and execute arbitrary database queries. Public exploit code exists for this vulnerability, which affects PHP-based deployments with no available patch. An attacker with login credentials can leverage this flaw to read or modify sensitive database records.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-2552 MEDIUM POC This Month

Path traversal in ZenTao's editor component (versions up to 21.7.8) allows authenticated attackers to manipulate the filePath parameter and access files outside intended directories. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected systems vulnerable to unauthorized file access and potential information disclosure.

PHP Path Traversal Zentao
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-2551 LOW POC Monitor

ZenTao versions up to 21.7.8 contain a path traversal vulnerability in the backup handler that allows authenticated attackers to manipulate file parameters and access or delete arbitrary files on the affected system. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires valid credentials but can be executed remotely without user interaction.

PHP Path Traversal
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-2543 LOW Monitor

A vulnerability was identified in vichan-devel vichan versions up to 5.1.5. contains a security vulnerability (CVSS 2.7).

PHP
NVD GitHub VulDB
CVSS 3.1
2.7
EPSS
0.0%
CVE-2026-2533 MEDIUM This Month

Tosei Self-service Washing Machine 4.02 contains an unauthenticated command injection vulnerability in the adr_txt_1 parameter of /cgi-bin/tosei_datasend.php, allowing remote attackers to execute arbitrary commands with limited confidentiality, integrity, and availability impact. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early notification.

PHP Command Injection
NVD VulDB
CVSS 4.0
5.5
EPSS
2.1%
CVE-2019-25377 MEDIUM POC This Month

OPNsense 19.1 contains a reflected cross-site scripting vulnerability in the system_advanced_sysctl.php endpoint that allows attackers to inject malicious scripts via the value parameter. [CVSS 5.4 MEDIUM]

PHP XSS Opnsense
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2019-25374 MEDIUM POC This Month

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by exploiting the passthrough_networks parameter in vpn_ipsec_settings.php. [CVSS 6.1 MEDIUM]

PHP XSS Opnsense
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2019-25373 MEDIUM POC This Month

OPNsense 19.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the category parameter. [CVSS 6.4 MEDIUM]

PHP XSS Opnsense
NVD Exploit-DB
CVSS 3.1
6.4
EPSS
0.0%
CVE-2019-25372 MEDIUM POC This Month

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. [CVSS 6.1 MEDIUM]

PHP XSS Opnsense
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2019-25371 MEDIUM POC This Month

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. [CVSS 6.1 MEDIUM]

PHP XSS Opnsense
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2019-25370 MEDIUM POC This Month

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input through multiple parameters. [CVSS 6.1 MEDIUM]

PHP XSS Opnsense
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2019-25369 MEDIUM POC This Month

OPNsense 19.1 contains a stored cross-site scripting vulnerability in the system_advanced_sysctl.php endpoint that allows attackers to inject persistent malicious scripts via the tunable parameter. [CVSS 6.4 MEDIUM]

PHP XSS Opnsense
NVD Exploit-DB
CVSS 3.1
6.4
EPSS
0.0%
CVE-2019-25368 MEDIUM POC This Month

OPNsense 19.1 contains multiple cross-site scripting vulnerabilities in the diag_backup.php endpoint that allow attackers to inject malicious scripts through multiple parameters including GDrive_GDriveEmail, GDrive_GDriveFolderID, GDrive_GDriveBackupCount, Nextcloud_url, Nextcloud_user, Nextcloud_password, Nextcloud_password_encryption, and Nextcloud_backupdir. [CVSS 5.4 MEDIUM]

PHP XSS Opnsense Nextcloud
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-8572 CRITICAL Act Now

Privilege escalation in Truelysell Core WordPress plugin <= 1.8.7. Insufficient role validation allows elevation.

WordPress Privilege Escalation PHP
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-1988 HIGH This Week

Arbitrary PHP code execution in the Flexi Product Slider and Grid for WooCommerce WordPress plugin through version 1.0.5 allows authenticated contributors to exploit unsanitized file path parameters in the flexipsg_carousel shortcode to include and execute arbitrary files on the server. The vulnerability requires an attacker with Contributor-level access or above to create posts containing malicious shortcodes, but carries high risk due to lack of input validation on the theme parameter enabling local file inclusion attacks. No patch is currently available for this vulnerability.

WordPress PHP LFI Path Traversal
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-6792 MEDIUM This Month

One to one user Chat by WPGuppy (WordPress plugin) is affected by missing authentication for critical function (CVSS 5.3).

WordPress PHP
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-15483 MEDIUM This Month

The Link Hopper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hop_name’ parameter in all versions up to, and including, 2.5 due to insufficient input sanitization and output escaping. [CVSS 4.4 MEDIUM]

WordPress XSS PHP
NVD
CVSS 3.1
4.4
EPSS
0.0%
EPSS 0% CVSS 9.8
CRITICAL Act Now

Privilege escalation via registration in Buyent Classified WordPress plugin.

WordPress Privilege Escalation PHP
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

The Breadcrumb NavXT plugin for WordPress is vulnerable to authorization bypass through user-controlled key in versions up to and including 7.5.0. This is due to the Gutenberg block renderer trusting the $_REQUEST['post_id'] parameter without verification in the includes/blocks/build/breadcrumb-trail/render.php file. This makes it possible for unauthenticated attackers to enumerate and view breadcrumb trails for draft or private posts by manipulating the post_id parameter, revealing post titl...

WordPress PHP
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

The Easy Table of Contents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `ez-toc` shortcode in all versions up to, and including, 2.0.78 due to insufficient input sanitization and output escaping on user supplied attributes. [CVSS 6.4 MEDIUM]

WordPress XSS PHP
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

The s2Member - Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 's2Eot' shortcode in all versions up to, and including, 251005 due to insufficient input sanitization and output escaping. [CVSS 6.4 MEDIUM]

WordPress XSS PHP
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

Apollo13 Framework Extensions (WordPress plugin) is affected by cross-site scripting (xss) (CVSS 6.4).

WordPress XSS PHP
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

Album and Image Gallery plus Lightbox (WordPress plugin) is affected by cross-site scripting (xss) (CVSS 6.4).

WordPress XSS PHP
NVD
EPSS 0% CVSS 8.8
HIGH This Week

WP AUDIO GALLERY (WordPress plugin) versions up to 2.0. is affected by missing authorization (CVSS 8.8).

WordPress PHP
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

The Two Factor (2FA) Authentication via Email plugin for WordPress is vulnerable to Two-Factor Authentication Bypass in versions up to, and including, 1.9.8. [CVSS 6.5 MEDIUM]

WordPress Authentication Bypass PHP
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Privilege escalation in Lizza LMS Pro WordPress plugin <= 1.0.3.

WordPress Privilege Escalation PHP
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

The Page Title, Description & Open Graph Updater plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.02. This is due to missing nonce validation on multiple AJAX actions including dieno_update_page_title. [CVSS 4.3 MEDIUM]

WordPress CSRF PHP
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Country Blocker for AdSense (WordPress plugin) is affected by cross-site request forgery (csrf) (CVSS 4.3).

WordPress CSRF PHP
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

The Web Accessibility by accessiBe plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11. This is due to the `accessibe_render_js_in_footer()` function logging the complete plugin options array to the browser console on public pages, without restricting output to privileged users or checking for debug mode. This makes it possible for unauthenticated attackers to view sensitive configuration data, including email addresses, accessiBe us...

WordPress Information Disclosure PHP
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

The Shopire theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the shopire_admin_install_plugin() function in all versions up to, and including, 1.0.57. [CVSS 4.3 MEDIUM]

WordPress PHP
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

mobile friendly marketing popups. versions up to 4.4.2. contains a security vulnerability (CVSS 5.3).

WordPress PHP
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

The StatCounter - Free Real Time Visitor Stats plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user's Nickname in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. [CVSS 6.4 MEDIUM]

WordPress XSS PHP
NVD
EPSS 0% CVSS 7.2
HIGH This Week

The CTX Feed - WooCommerce Product Feed Manager plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the woo_feed_plugin_installing() function in all versions up to, and including, 6.6.11. [CVSS 7.2 HIGH]

WordPress RCE PHP
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

The Advanced Ads - Ad Manager & AdSense plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 2.0.14. This is due to the plugin not properly verifying that a user is authorized to perform an action in the `placement_update_item()` function. [CVSS 4.3 MEDIUM]

WordPress PHP
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Privilege escalation in Clasifico Listing WordPress plugin <= 2.0.

WordPress Privilege Escalation PHP
NVD
EPSS 0% CVSS 8.8
HIGH This Week

The Tablesome Table - Contact Form DB - WPForms, CF7, Gravity, Forminator, Fluent plugin for WordPress is vulnerable to unauthorized access of data that leads to privilege escalation due to a missing capability check on the get_table_data() function in versions 0.5.4 to 1.2.1. [CVSS 8.8 HIGH]

WordPress Privilege Escalation PHP
NVD
EPSS 0% CVSS 8.8
HIGH This Week

The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 0.2.5.6 to 0.2.6.1. This is due to missing or incorrect nonce validation on the newsblogger_install_and_activate_plugin() function. [CVSS 8.8 HIGH]

WordPress RCE CSRF +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The Library Management System plugin for WordPress is vulnerable to SQL Injection via the 'bid' parameter in all versions up to, and including, 3.2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. [CVSS 7.5 HIGH]

WordPress SQLi PHP
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

The Checkout Field Manager (Checkout Manager) for WooCommerce plugin for WordPress is vulnerable to unauthenticated limited file upload in all versions up to, and including, 7.8.1. This is due to the plugin not properly verifying that a user is authorized to perform file upload actions via the "ajax_checkout_attachment_upload" function. This makes it possible for unauthenticated attackers to upload files to the server, though file types are limited to WordPress's default allowed MIME types (i...

WordPress PHP
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

The Smartsupp - live chat, AI shopping assistant and chatbots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'code' parameter in all versions up to, and including, 3.9.1 due to insufficient input sanitization and output escaping. [CVSS 6.4 MEDIUM]

WordPress XSS AI / ML +1
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

The Printful Integration for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.11 via the advanced size chart REST API endpoint. This is due to insufficient validation of user-supplied URLs before passing them to the download_url() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to make web requests to arbitrary locations originating from the web application which can b...

WordPress SSRF PHP
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Mailchimp List Subscribe Form (WordPress plugin) is affected by cross-site request forgery (csrf) (CVSS 4.3).

WordPress CSRF PHP
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

The Renden theme for WordPress is vulnerable to Stored Cross-Site Scripting via the post title in all versions up to, and including, 1.8.1 due to insufficient input sanitization and output escaping. [CVSS 6.4 MEDIUM]

WordPress XSS PHP
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

The Drift theme for WordPress is vulnerable to Stored Cross-Site Scripting via the post title in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. [CVSS 6.4 MEDIUM]

WordPress XSS PHP
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the "acf_photo_gallery_edit_save" function in all versions up to, and including, 3.0. [CVSS 4.3 MEDIUM]

WordPress PHP
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

The Mesmerize Companion plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the "openPageInCustomizer" and "openPageInDefaultEditor" functions in all versions up to, and including, 1.6.158. [CVSS 4.3 MEDIUM]

WordPress PHP
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The GDPR Cookie Consent plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'gdpr/v1/settings' REST API endpoint in all versions up to, and including, 4.1.2. [CVSS 7.5 HIGH]

WordPress PHP
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Aruba HiSpeed Cache (WordPress plugin) versions up to 3.0.2. is affected by missing authorization (CVSS 6.5).

WordPress PHP
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

The Aruba HiSpeed Cache plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the dbstatus parameter in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. [CVSS 6.1 MEDIUM]

WordPress XSS PHP
NVD
EPSS 0% CVSS 9.1
CRITICAL POC PATCH Act Now

Remote Code Execution in InvoicePlane self-hosted invoicing application through code injection. PoC and patch available.

PHP RCE LFI +1
NVD GitHub
EPSS 62% 5.3 CVSS 9.8
CRITICAL POC THREAT Emergency

MajorDoMo home automation platform is vulnerable to unauthenticated remote code execution through supply chain compromise via update URL poisoning. The saverestore module exposes its admin() method without authentication due to improper use of gr() (which reads from $_REQUEST), allowing attackers to redirect update URLs and push malicious code packages.

PHP TLS RCE +1
NVD GitHub
EPSS 0% CVSS 8.2
HIGH POC This Week

Unauthenticated SQL injection in MajorDoMo's commands module allows remote attackers to extract database contents including unsalted MD5 password hashes without authentication, enabling credential compromise and admin panel access. The vulnerability stems from unsanitized $_GET parameters in SQL queries accessible via the /objects/?module=commands endpoint, and public exploit code is available. Affected versions lack a patch and impact both MajorDoMo and PHP installations running this software.

PHP SQLi Majordomo
NVD GitHub
EPSS 0% CVSS 7.2
HIGH POC This Week

MajorDomo's shoutbox feature is vulnerable to stored XSS due to unsanitized user input in the /objects/?method= endpoint, allowing unauthenticated attackers to inject malicious scripts that persist in the database. When administrators access the auto-refreshing dashboard, the stored payload executes automatically, enabling session hijacking and cookie theft. Public exploit code exists for this vulnerability, and no patch is currently available.

PHP XSS Majordomo
NVD GitHub
EPSS 0% CVSS 7.2
HIGH POC This Week

MajorDoMo's unauthenticated /objects/?op=set endpoint fails to sanitize property values, allowing remote attackers to inject stored XSS payloads that execute when administrators access the property editor, with public exploit code available. The vulnerability is compounded by session cookies lacking HttpOnly protection, enabling attackers to enumerate properties via the /api.php/data/ endpoint and hijack admin sessions through JavaScript exfiltration.

PHP IoT XSS +1
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM POC This Month

Reflected XSS in MajorDoMo's command.php allows remote attackers to inject arbitrary JavaScript through an unsanitized qry parameter, affecting users who click malicious links. Public exploit code exists for this vulnerability, and no patch is currently available.

PHP XSS Majordomo
NVD GitHub
EPSS 42% 4.7 CVSS 9.8
CRITICAL POC THREAT Emergency

Unauthenticated OS command injection in MajorDoMo via rc/index.php. EPSS 41.7% — the $param variable is passed unsanitized to shell commands. PoC available.

PHP RCE Command Injection +2
NVD GitHub
EPSS 60% 5.3 CVSS 9.8
CRITICAL POC THREAT Emergency

MajorDoMo home automation platform allows unauthenticated remote code execution through the admin panel's PHP console. An include order bug in panel.class.php causes execution to continue past a redirect() call that lacks an exit statement, allowing unauthenticated requests to reach the PHP code execution functionality in inc_panel_ajax.php.

PHP RCE Majordomo
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Month

Hospital Management System versions up to 4.0 is affected by cross-site request forgery (csrf) (CVSS 6.5).

PHP CSRF Hospital Management System
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

SQL injection in code-projects Community Project Scholars Tracking System 1.0 admin user management. Allows database compromise via admin panel. PoC available.

PHP SQLi Scholars Tracking System
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

Scholars Tracking System versions up to 1.0 is affected by unrestricted upload of file with dangerous type (CVSS 8.8).

PHP RCE Scholars Tracking System
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Missing authentication in CodeAstro Membership Management System 1.0 delete_members.php allows unauthenticated deletion of member records. PoC available.

PHP Membership Management System
NVD
EPSS 0% CVSS 7.5
HIGH POC This Week

Missing authentication and authorization in print_membership_card.php in CodeAstro Membership Management System 1.0 allows unauthenticated attackers to access membership card data of arbitrary users via direct requests with a manipulated id parameter, resulting in insecure direct object reference (IDOR). [CVSS 7.5 HIGH]

PHP Membership Management System
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

SQL injection in CodeAstro Membership Management System 1.0 via ID parameter in print_membership_card.php enables unauthenticated database access. PoC available.

PHP SQLi Membership Management System
NVD
EPSS 0% CVSS 7.5
HIGH POC This Week

Online Time Table Generator versions up to 1.0 is affected by missing authentication for critical function (CVSS 7.5).

PHP Online Time Table Generator
NVD
EPSS 0% CVSS 9.4
CRITICAL POC Act Now

Incorrect access control in SourceCodester Customer Support System 1.0 allows unauthenticated access to AJAX dispatcher, enabling full system compromise. PoC available.

PHP Customer Support System
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Command injection in ZoneMinder v1.36.34 video surveillance system via web/views/image.php. Unsanitized user input enables unauthenticated remote code execution. PoC available.

PHP Command Injection Zoneminder
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

PHP Object Injection in the Advanced AJAX Product Filters plugin for WordPress (versions up to 3.1.9.6) allows authenticated authors and above to deserialize malicious objects through the Live Composer compatibility layer. While the plugin itself lacks a gadget chain for exploitation, the vulnerability can enable arbitrary file deletion, data theft, or remote code execution if a POP chain exists in installed themes or plugins. No patch is currently available, and exploitation requires valid WordPress user credentials.

WordPress PHP Deserialization
NVD
EPSS 0% CVSS 3.7
LOW Monitor

The WP All Export plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.14 via the export download endpoint. This is due to a PHP type juggling vulnerability in the security token comparison which uses loose comparison (==) instead of strict comparison (===). This makes it possible for unauthenticated attackers to bypass authentication using "magic hash" values when the expected MD5 hash prefix happens to be numeric-looking (matching pa...

WordPress PHP Authentication Bypass +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

SQL injection in the WP Import - Ultimate CSV Importer plugin for WordPress (versions up to 7.37) allows authenticated subscribers and higher-privileged users to inject malicious SQL commands through specially crafted filenames during file uploads. When the Single Import/Export feature is enabled on PHP versions below 8.0, attackers can extract sensitive database information by exploiting insufficient input validation. The vulnerability requires valid WordPress credentials but poses a medium risk due to its direct access to database contents.

WordPress PHP SQLi
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

The Bookster - WordPress Appointment Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘raw’ parameter in all versions up to, and including, 2.1.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. [CVSS 4.9 MEDIUM]

WordPress SQLi PHP
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

The Brevo - Email, SMS, Web Push, Chat, and more. plugin for WordPress is vulnerable to authorization bypass due to type juggling in all versions up to, and including, 3.3.0. This is due to the use of loose comparison (==) instead of strict comparison (===) when validating the installation ID in the `/wp-json/mailin/v1/mailin_disconnect` REST API endpoint. This makes it possible for unauthenticated attackers to disconnect the Brevo integration, delete the API key, remove all subscription form...

WordPress PHP
NVD
EPSS 3% CVSS 6.5
MEDIUM This Month

Arbitrary file deletion in WP-DownloadManager plugin versions up to 1.69 allows high-privileged WordPress administrators to bypass path validation and remove critical system files through directory traversal in the file deletion parameter. Deletion of essential files like wp-config.php can result in remote code execution or complete site compromise. No patch is currently available.

WordPress PHP RCE +1
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

The RegistrationMagic - Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to payment bypass due to insufficient verification of data authenticity on the 'process_paypal_sdk_payment' function in all versions up to, and including, 6.0.6.9. [CVSS 5.3 MEDIUM]

WordPress PHP
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

The Video Share VOD - Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 2.7.11 due to insufficient input sanitization and output escaping. [CVSS 4.4 MEDIUM]

WordPress XSS PHP
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

The Complianz - GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cmplz-accept-link shortcode in all versions up to, and including, 7.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. [CVSS 6.4 MEDIUM]

WordPress XSS PHP
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Arbitrary PHP code execution in Product Addons for WooCommerce plugin (versions up to 3.1.0) through unsafe use of eval() on unsanitized conditional logic operators allows Shop Manager-level and higher-privileged WordPress users to execute malicious code on affected servers. The vulnerability stems from insufficient input validation in the evalConditions() function where user-supplied operator parameters are passed directly to PHP's eval() without sanitization. No patch is currently available.

WordPress PHP Code Injection
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Cart All In One For WooCommerce (WordPress plugin) versions up to 1.1.21. contains a security vulnerability (CVSS 7.2).

WordPress PHP Code Injection
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

The Tickera - Sell Tickets & Manage Events plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_change_ticket_status' AJAX endpoint in all versions up to, and including, 3.5.6.4. [CVSS 4.3 MEDIUM]

WordPress PHP
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

The Popup Box - Easily Create WordPress Popups plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'iframeBox' shortcode in all versions up to, and including, 3.2.12 due to insufficient input sanitization and output escaping on user supplied attributes. [CVSS 6.4 MEDIUM]

WordPress XSS PHP
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

VK All in One Expansion Unit (WordPress plugin) is affected by cross-site scripting (xss) (CVSS 6.4).

WordPress XSS PHP
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

Display During Conditional Shortcode (WordPress plugin) is affected by cross-site scripting (xss) (CVSS 6.4).

WordPress XSS PHP
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

The Filestack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'filepicker' shortcode in all versions up to, and including, 2.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. [CVSS 6.4 MEDIUM]

WordPress XSS PHP
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

The Order Splitter for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wos_troubleshooting' AJAX endpoint in all versions up to, and including, 5.3.5. [CVSS 4.3 MEDIUM]

WordPress PHP
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

The Context Blog theme for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.5 via the 'context_blog_modal_popup' due to insufficient restrictions on which posts can be included. [CVSS 5.3 MEDIUM]

WordPress Information Disclosure PHP
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Frontend User Notes (WordPress plugin) versions up to 2.1.0 is affected by authorization bypass through user-controlled key (CVSS 4.3).

WordPress PHP
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

WP 404 Auto Redirect to Similar Post (WordPress plugin) is affected by cross-site scripting (xss) (CVSS 4.4).

WordPress XSS PHP
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

phpgurukul Student Management System 1.0 is vulnerable to SQL Injection in studentms/admin/search.php via the searchdata parameter. [CVSS 8.8 HIGH]

PHP SQLi Student Management System
NVD GitHub
EPSS 0% CVSS 3.5
LOW POC Monitor

Gym Management System versions up to 1.0 is affected by cross-site request forgery (csrf) (CVSS 3.5).

PHP CSRF
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

The WP Maps - Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.8.6 via the fc_load_template function. [CVSS 8.8 HIGH]

WordPress PHP LFI
NVD
EPSS 0% CVSS 2.1
LOW POC Monitor

OS command injection in Kodbox up to version 1.64.05 allows remote authenticated attackers to execute arbitrary commands through the localFile parameter in the Media File Preview Plugin's VideoResize class. Public exploit code exists for this vulnerability, and the vendor has not provided patches or responded to disclosure efforts. The attack requires valid credentials but does not need user interaction and can fully compromise affected systems through command execution.

PHP Command Injection
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW Monitor

SQL injection in the Hotel-Management-System /home.php POST handler allows authenticated remote attackers to manipulate Name/Email parameters and execute arbitrary database queries. Public exploit code exists for this vulnerability, which affects PHP-based deployments with no available patch. An attacker with login credentials can leverage this flaw to read or modify sensitive database records.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Path traversal in ZenTao's editor component (versions up to 21.7.8) allows authenticated attackers to manipulate the filePath parameter and access files outside intended directories. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected systems vulnerable to unauthorized file access and potential information disclosure.

PHP Path Traversal Zentao
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

ZenTao versions up to 21.7.8 contain a path traversal vulnerability in the backup handler that allows authenticated attackers to manipulate file parameters and access or delete arbitrary files on the affected system. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires valid credentials but can be executed remotely without user interaction.

PHP Path Traversal
NVD GitHub VulDB
EPSS 0% CVSS 2.7
LOW Monitor

A vulnerability was identified in vichan-devel vichan versions up to 5.1.5. contains a security vulnerability (CVSS 2.7).

PHP
NVD GitHub VulDB
EPSS 2% CVSS 5.5
MEDIUM This Month

Tosei Self-service Washing Machine 4.02 contains an unauthenticated command injection vulnerability in the adr_txt_1 parameter of /cgi-bin/tosei_datasend.php, allowing remote attackers to execute arbitrary commands with limited confidentiality, integrity, and availability impact. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early notification.

PHP Command Injection
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM POC This Month

OPNsense 19.1 contains a reflected cross-site scripting vulnerability in the system_advanced_sysctl.php endpoint that allows attackers to inject malicious scripts via the value parameter. [CVSS 5.4 MEDIUM]

PHP XSS Opnsense
NVD Exploit-DB
EPSS 0% CVSS 6.1
MEDIUM POC This Month

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by exploiting the passthrough_networks parameter in vpn_ipsec_settings.php. [CVSS 6.1 MEDIUM]

PHP XSS Opnsense
NVD Exploit-DB
EPSS 0% CVSS 6.4
MEDIUM POC This Month

OPNsense 19.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the category parameter. [CVSS 6.4 MEDIUM]

PHP XSS Opnsense
NVD Exploit-DB
EPSS 0% CVSS 6.1
MEDIUM POC This Month

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. [CVSS 6.1 MEDIUM]

PHP XSS Opnsense
NVD Exploit-DB
EPSS 0% CVSS 6.1
MEDIUM POC This Month

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. [CVSS 6.1 MEDIUM]

PHP XSS Opnsense
NVD Exploit-DB
EPSS 0% CVSS 6.1
MEDIUM POC This Month

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input through multiple parameters. [CVSS 6.1 MEDIUM]

PHP XSS Opnsense
NVD Exploit-DB
EPSS 0% CVSS 6.4
MEDIUM POC This Month

OPNsense 19.1 contains a stored cross-site scripting vulnerability in the system_advanced_sysctl.php endpoint that allows attackers to inject persistent malicious scripts via the tunable parameter. [CVSS 6.4 MEDIUM]

PHP XSS Opnsense
NVD Exploit-DB
EPSS 0% CVSS 5.4
MEDIUM POC This Month

OPNsense 19.1 contains multiple cross-site scripting vulnerabilities in the diag_backup.php endpoint that allow attackers to inject malicious scripts through multiple parameters including GDrive_GDriveEmail, GDrive_GDriveFolderID, GDrive_GDriveBackupCount, Nextcloud_url, Nextcloud_user, Nextcloud_password, Nextcloud_password_encryption, and Nextcloud_backupdir. [CVSS 5.4 MEDIUM]

PHP XSS Opnsense +1
NVD Exploit-DB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Privilege escalation in Truelysell Core WordPress plugin <= 1.8.7. Insufficient role validation allows elevation.

WordPress Privilege Escalation PHP
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Arbitrary PHP code execution in the Flexi Product Slider and Grid for WooCommerce WordPress plugin through version 1.0.5 allows authenticated contributors to exploit unsanitized file path parameters in the flexipsg_carousel shortcode to include and execute arbitrary files on the server. The vulnerability requires an attacker with Contributor-level access or above to create posts containing malicious shortcodes, but carries high risk due to lack of input validation on the theme parameter enabling local file inclusion attacks. No patch is currently available for this vulnerability.

WordPress PHP LFI +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

One to one user Chat by WPGuppy (WordPress plugin) is affected by missing authentication for critical function (CVSS 5.3).

WordPress PHP
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

The Link Hopper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hop_name’ parameter in all versions up to, and including, 2.5 due to insufficient input sanitization and output escaping. [CVSS 4.4 MEDIUM]

WordPress XSS PHP
NVD
Prev Page 36 of 275 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy