| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Missing Authorization vulnerability in Magazine3 PWA for WP & AMP pwa-for-wp.This issue affects PWA for WP & AMP: from n/a through <= 1.7.72. |
| Missing Authorization vulnerability in Ads by WPQuads Ads by WPQuads quick-adsense-reloaded.This issue affects Ads by WPQuads: from n/a through <= 2.0.84. |
| Authorization Bypass Through User-Controlled Key vulnerability in Dimitri Grassi Salon booking system salon-booking-system.This issue affects Salon booking system: from n/a through <= 10.9. |
| Cross-Site Request Forgery (CSRF) vulnerability in StellarWP GiveWP give.This issue affects GiveWP: from n/a through <= 3.15.1. |
| Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through <= 3.2.8. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in catchthemes Catch Base catch-base allows Stored XSS.This issue affects Catch Base: from n/a through <= 3.4.6. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Grim Classic Editor and Classic Widgets classic-editor-and-classic-widgets allows SQL Injection.This issue affects Classic Editor and Classic Widgets: from n/a through <= 1.4.1. |
| Missing Authorization vulnerability in Kraft Plugins Wheel of Life wheel-of-life allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wheel of Life: from n/a through <= 1.1.8. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in arisoft ARI Fancy Lightbox ari-fancy-lightbox allows Stored XSS.This issue affects ARI Fancy Lightbox: from n/a through <= 1.3.17. |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Condless Cities Shipping Zones for WooCommerce cities-shipping-zones-for-woocommerce allows PHP Local File Inclusion.This issue affects Cities Shipping Zones for WooCommerce: from n/a through <= 1.2.7. |
| Missing Authorization vulnerability in WPDeveloper Templately templately.This issue affects Templately: from n/a through <= 3.1.2. |
| Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, contain an OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Essential Plugin Meta slider and carousel with lightbox meta-slider-and-carousel-with-lightbox allows Stored XSS.This issue affects Meta slider and carousel with lightbox: from n/a through <= 2.0.1. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Secure Copy Content Protection and Content Locking secure-copy-content-protection-subscribe-to-view allows Stored XSS.This issue affects Secure Copy Content Protection and Content Locking: from n/a through <= 4.2.3. |
| Cross-Site Request Forgery (CSRF) vulnerability in Dnesscarkey Use Any Font use-any-font allows Cross Site Request Forgery.This issue affects Use Any Font: from n/a through <= 6.3.08. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shahjahan Jewel Fluent Support fluent-support allows SQL Injection.This issue affects Fluent Support: from n/a through <= 1.8.0. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in livemesh Livemesh Addons for Elementor addons-for-elementor allows Cross-Site Scripting (XSS).This issue affects Livemesh Addons for Elementor: from n/a through <= 8.5. |
| Missing Authorization vulnerability in Shahjahan Jewel Fluent Support fluent-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fluent Support: from n/a through <= 1.8.0. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bit Apps Bit Form bit-form allows Stored XSS.This issue affects Bit Form: from n/a through <= 2.13.10. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Imran Tauqeer CubeWP Forms cubewp-forms allows Stored XSS.This issue affects CubeWP Forms: from n/a through <= 1.1.1. |
