| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2025-9651 | shafhasan chatbox chat.php sql injection | E | |
| CVE-2025-9650 | yeqifu carRental AppFileUtils.java removeFileByPath path traversal | E | |
| CVE-2025-9649 | appneta tcpreplay send_packets.c calc_sleep_time divide by zero | E | |
| CVE-2025-9647 | mtons mblog list cross site scripting | E | |
| CVE-2025-9646 | O2OA calendarConfig cross site scripting | E | |
| CVE-2025-9645 | itsourcecode Apartment Management System r_all_info.php sql injection | E | |
| CVE-2025-9644 | itsourcecode Apartment Management System bill_setup.php sql injection | E | |
| CVE-2025-9643 | itsourcecode Apartment Management System utility_bill_setup.php sql injection | E | |
| CVE-2025-40709 | Cross-Site Scripting (XSS) vulnerability in OpenAtlas by ACDH-CH | S | |
| CVE-2025-40708 | Cross-Site Scripting (XSS) vulnerability in OpenAtlas by ACDH-CH | S | |
| CVE-2025-40707 | Cross-Site Scripting (XSS) vulnerability in OpenAtlas by ACDH-CH | S | |
| CVE-2025-40706 | Cross-Site Scripting (XSS) vulnerability in OpenAtlas by ACDH-CH | S | |
| CVE-2025-40705 | Cross-Site Scripting (XSS) vulnerability in OpenAtlas by ACDH-CH | S | |
| CVE-2025-40704 | Cross-Site Scripting (XSS) vulnerability in OpenAtlas by ACDH-CH | S | |
| CVE-2025-40703 | Cross-Site Scripting (XSS) vulnerability in OpenAtlas by ACDH-CH | S | |
| CVE-2025-40702 | Cross-Site Scripting (XSS) vulnerability in OpenAtlas by ACDH-CH | S | |
| CVE-2025-9217 | Slider Revolution <= 6.7.36 - Authenticated (Contributor+) Arbitrary File Read via 'used_svg' and 'used_images' | | |
| CVE-2024-13342 | Booster for WooCommerce <= 7.2.4 - Unauthenticated Double Extension Arbitrary File Upload | | |
| CVE-2025-4644 | User Session Fixation after Account Removal in PayloadCMS | | |
| CVE-2025-4643 | Lack of JWT Expiration after Log Out in PayloadCMS | | |
| CVE-2025-9071 | Insecure RSA-OAEP implementation with all-zero seed for padding in Oberon PSA Crypto | | |
| CVE-2025-7383 | Timing side-channel vulnerability in AES-CBC decryption with PKCS#7 padding in Oberon PSA Crypto library | S | |
| CVE-2025-7071 | Timing side-channel vulnerability in AES-CBC decryption with PKCS#7 padding in ocrypto library | S | |
| CVE-2025-8150 | Events Addon for Elementor <= 2.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Typewriter and Countdown Widgets | | |
| CVE-2024-13987 | Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability i... | | |
| CVE-2025-54777 | Uncaught exception issue exists in Multiple products in bizhub series. If a malformed file is import... | | |
| CVE-2025-9441 | iATS Online Forms <= 1.2 - Authenticated (Contributor+) SQL Injection via order Parameter | | |
| CVE-2025-8290 | List Subpages <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via title Parameter | | |
| CVE-2025-8619 | OSM Map Widget for Elementor <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button URL | | |
| CVE-2025-9374 | Ultimate Tag Warrior Importer <= 0.2 - Cross-Site Request Forgery | | |
| CVE-2025-8147 | LWSCache <= 2.8.5 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Activation via lwscache_activatePlugin Function | | |
| CVE-2025-53508 | Multiple products provided by iND Co.,Ltd contain an OS command injection vulnerability. If exploite... | | |
| CVE-2025-53507 | Multiple products provided by iND Co.,Ltd contain an insecure storage of sensitive information vulne... | | |
| CVE-2025-9619 | E4 Sistemas Mercatus ERP id resource injection | | |
| CVE-2025-9639 | Ai3|QbiCRMGateway - Arbitrary File Reading through Path Traversal | S | |
| CVE-2025-8858 | Changing|Clinic Image System - SQL Injection | S | |
| CVE-2025-8857 | Changing|Clinic Image System - Use of Hard-coded Credentials | S | |
| CVE-2025-9610 | code-projects Online Event Judging System create_account.php sql injection | E | |
| CVE-2025-9609 | Portabilis i-Educar consulta improper authorization | E | |
| CVE-2025-8861 | Changing|TSA - Missing Authentication | S | |
| CVE-2025-9608 | Portabilis i-Educar Formula de Cálculo de Média view sql injection | E | |
| CVE-2025-9607 | Portabilis i-Educar Tabelas de Arredondamento view sql injection | E | |
| CVE-2025-9606 | Portabilis i-Educar agenda_preferencias.php sql injection | E | |
| CVE-2025-9605 | Tenda AC21/AC23 GetParentControlInfo stack-based overflow | E | |
| CVE-2025-58323 | NAVER MYBOX Explorer for Windows before 3.0.8.133 allows a local attacker to escalate privileges to ... | | |
| CVE-2025-39247 | There is an Access Control Vulnerability in some HikCentral Professional versions. This could allow ... | | |
| CVE-2025-39246 | There is an Unquoted Service Path Vulnerability in some HikCentral FocSign versions. This could allo... | | |
| CVE-2025-39245 | There is a CSV Injection Vulnerability in some HikCentral Master Lite versions. This could allow an ... | | |
| CVE-2025-9604 | coze-studio aes.go hard-coded key | S | |
| CVE-2025-9603 | Telesquare TLR-2005KSH internet.cgi command injection | E | |
| CVE-2025-9602 | Xinhu RockOA index.php publicsaveAjax improper authorization | E | |
| CVE-2025-9601 | itsourcecode Apartment Management System employee_salary_setup.php sql injection | E | |
| CVE-2025-9600 | itsourcecode Apartment Management System member_type_setup.php sql injection | E | |
| CVE-2025-9599 | itsourcecode Apartment Management System month_setup.php sql injection | E | |
| CVE-2024-54554 | This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15... | | |
| CVE-2025-43187 | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.7.7... | | |
| CVE-2025-43284 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Sono... | | |
| CVE-2024-54568 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.2. Pa... | | |
| CVE-2024-44271 | The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2. An app may ... | | |
| CVE-2025-43268 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia... | | |
| CVE-2025-43255 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Sono... | | |
| CVE-2025-40927 | CGI::Simple versions 1.281 and earlier for Perl has a HTTP response splitting flaw | S | |
| CVE-2025-9598 | itsourcecode Apartment Management System year_setup.php sql injection | E | |
| CVE-2025-9597 | itsourcecode Apartment Management System rented_all_info.php sql injection | E | |
| CVE-2025-54142 | Akamai Ghost before 2025-07-21 allows HTTP Request Smuggling via an OPTIONS request that has an enti... | | |
| CVE-2025-9596 | itsourcecode Sports Management System login.php sql injection | E | |
| CVE-2025-9595 | code-projects Student Information Management System login.php cross site scripting | E | |
| CVE-2025-48979 | An Improper Input Validation in UISP Application could allow a Command Injection by a malicious acto... | | |
| CVE-2025-9594 | itsourcecode Apartment Management System complain_info.php sql injection | E | |
| CVE-2025-9593 | itsourcecode Apartment Management System unit_status_info.php sql injection | E | |
| CVE-2025-58062 | LSTM-Kirigaya's openmcp-client Vulnerable to RCE in MCP Authorization Flow | | |
| CVE-2025-58061 | OpenEBS Local PV RawFile persistent volume data is world readable | | |
| CVE-2025-9592 | itsourcecode Apartment Management System bill_info.php sql injection | E | |
| CVE-2025-9591 | ZrLog Theme Configuration Form config cross site scripting | E | |
| CVE-2025-58058 | github.com/ulikunitz/xz leaks memory when decoding a corrupted multiple LZMA archives | | |
| CVE-2025-9590 | Weaver E-Mobile Mobile Management Platform cross site scripting | E | |
| CVE-2025-9589 | Cudy WR1200EA shadow default password | E | |
| CVE-2025-9586 | Comfast CF-N1 webmgnt wireless_device_dissoc command injection | E | |
| CVE-2025-9585 | Comfast CF-N1 webmgnt wifilith_delete_pic_file command injection | E | |
| CVE-2025-9584 | Comfast CF-N1 webmgnt update_interface_png command injection | E S | |
| CVE-2025-9583 | Comfast CF-N1 webmgnt ping_config command injection | E | |
| CVE-2025-6203 | Vault unauthenticated denial of service through complex json payload | | |
| CVE-2025-9582 | Comfast CF-N1 webmgnt ntp_timezone command injection | E | |
| CVE-2025-9581 | Comfast CF-N1 webmgnt multi_pppoe command injection | E | |
| CVE-2025-9580 | LB-LINK BL-X26 HTTP set_blacklist os command injection | E | |
| CVE-2025-9579 | LB-LINK BL-X26 HTTP set_hidessid_cfg os command injection | E | |
| CVE-2025-9577 | TOTOLINK X2000R Administrative shadow.sample default credentials | E | |
| CVE-2025-31971 | AIML Solutions for HCL SX is susceptible to a URL validation vulnerability | | |
| CVE-2025-9576 | seeedstudio ReSpeaker Administrative shadow default credentials | E | |
| CVE-2025-9575 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 upload.cgi cgiMain os command injection | E | |
| CVE-2025-9195 | Improper input validation in firmware of some Solidigm DC Products may allow an attacker with local ... | | |
| CVE-2025-58059 | Valtimo scripting engine can be used to gain access to sensitive data or resources | | |
| CVE-2025-58049 | XWiki PDF export jobs store sensitive cookies unencrypted in job statuses | | |
| CVE-2025-58048 | Paymenter Vulnerable to Remote Code Execution via Public File Uploads | | |
| CVE-2025-58047 | Volto affected by possible DoS by invoking specific URL by anonymous user | | |
| CVE-2025-31979 | A File Upload Validation Bypass vulnerability has been identified in the HCL BigFix Service Management (SM) | | |
| CVE-2025-31977 | A cryptographic weakness has been identified in the HCL BigFix Service Management (SM) | | |
| CVE-2025-31972 | HCL BigFix Service Management (SM) is affected by a Sensitive Information Exposure vulnerability | | |
| CVE-2025-58335 | In JetBrains Junie before 252.284.66, 251.284.66, 243.284.66, 252.284.61, 251.284.61, 243.284.61, 25... | | |
| CVE-2025-58334 | In JetBrains IDE Services before 2025.5.0.1086, 2025.4.2.2164 users without appropriate permissions... | | |
| CVE-2025-57819 | FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE | | |
| CVE-2025-57759 | Contao has improper privilege management for page and article fields | | |
| CVE-2025-57758 | Contao has improper access control in the back end voters | | |
| CVE-2025-57757 | Contao discloses information in the news module | | |
| CVE-2025-57756 | Contao discloses sensitive information in the front end search index | | |
| CVE-2025-25010 | Kibana privilege escalation via reporting_user role | | |
| CVE-2024-13986 | Nagios XI Authenticated Arbitrary File Upload Path Traversal RCE | E S | |
| CVE-2025-57767 | Asterisk can crash from a specifically malformed Authorization header in an incoming SIP request | | |
| CVE-2025-54995 | Asterisk remotely exploitable leak of RTP UDP ports and internal resources | | |
| CVE-2024-48908 | lychee-action vulnerable to arbitrary code injection in composite action | | |
| CVE-2025-8067 | Udisks: out-of-bounds read in udisks daemon | M | |
| CVE-2024-49790 | IBM Watson Studio on Cloud Pak for Data cross-site scripting | S | |
| CVE-2025-9578 | Local privilege escalation due to insecure folder permissions. The following products are affected: ... | | |
| CVE-2025-58127 | Lack of TLS validation in plugin Dell Powerscale on Checkmk Exchange | | |
| CVE-2025-58126 | Lack of TLS validation in plugin VMware vSAN on Checkmk Exchange | | |
| CVE-2025-58125 | Lack of TLS validation in plugin Freebox v6 agent on Checkmk Exchange | | |
| CVE-2025-58124 | Lack of TLS validation in plugin check-mk-api on Checkmk Exchange | | |
| CVE-2025-58123 | Lack of TLS validation in plugin BGP Monitoring on Checkmk Exchange | | |
| CVE-2025-54742 | WordPress WpEvently Plugin <= 4.4.8 - PHP Object Injection Vulnerability | S | |
| CVE-2025-54738 | WordPress Jobmonster Theme <= 4.7.9 - Broken Authentication Vulnerability | S | |
| CVE-2025-54734 | WordPress B Slider Plugin <= 1.1.30 - Broken Access Control Vulnerability | S | |
| CVE-2025-54733 | WordPress All Bootstrap Blocks Plugin <= 1.3.28 - Broken Access Control Vulnerability | S | |
| CVE-2025-54731 | WordPress YouTube Showcase Plugin <= 3.5.1 - PHP Object Injection Vulnerability | S | |
| CVE-2025-54725 | WordPress Golo Theme <= 1.7.0 - Broken Authentication Vulnerability | S | |
| CVE-2025-54724 | WordPress Golo Theme <= 1.7.1 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-54720 | WordPress Nest Addons Plugin <= 1.6.3 - SQL Injection Vulnerability | S | |
| CVE-2025-54716 | WordPress Ireca Theme <= 1.8.5 - Local File Inclusion Vulnerability | S | |
| CVE-2025-54714 | WordPress Zephyr Project Manager Plugin <= 3.3.201 - Broken Access Control Vulnerability | S | |
| CVE-2025-54710 | WordPress Tiktok Feed Plugin <= 1.0.21 - Broken Access Control Vulnerability | S | |
| CVE-2025-54029 | WordPress WooCommerce csv import export Plugin <= 2.0.6 - Arbitrary File Deletion Vulnerability | S | |
| CVE-2025-53588 | WordPress UPC/EAN/GTIN Code Generator Plugin <= 2.0.2 - Arbitrary File Deletion Vulnerability | S | |
| CVE-2025-53584 | WordPress WP Ticket Customer Service Software & Support Ticket System Plugin <= 6.0.2 - PHP Object Injection Vulnerability | S | |
| CVE-2025-53583 | WordPress Employee Spotlight Plugin <= 5.1.1 - PHP Object Injection Vulnerability | S | |
| CVE-2025-53579 | WordPress Captcha.eu Plugin < 1.0.61 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-53578 | WordPress Kipso Theme <= 1.3.4 - Local File Inclusion Vulnerability | S | |
| CVE-2025-53576 | WordPress Ovatheme Events Plugin <= 1.2.8 - Local File Inclusion Vulnerability | S | |
| CVE-2025-53572 | WordPress WP Easy Contact Plugin <= 4.0.1 - PHP Object Injection Vulnerability | S | |
| CVE-2025-53337 | WordPress LifePress Plugin <= 2.1.3 - Broken Access Control Vulnerability | | |
| CVE-2025-53334 | WordPress Jannah Theme <= 7.4.1 - Local File Inclusion Vulnerability | | |
| CVE-2025-53328 | WordPress Poll, Survey & Quiz Maker Plugin by Opinion Stage Plugin <= 19.11.0 - Local File Inclusion Vulnerability | | |
| CVE-2025-53326 | WordPress Gutenify Plugin <= 1.5.6 - Local File Inclusion Vulnerability | | |
| CVE-2025-53289 | WordPress Theme Blvd Widget Areas Plugin <= 1.3.0 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-53250 | WordPress Chartbeat Plugin <= 2.0.7 - Server Side Request Forgery (SSRF) Vulnerability | | |
| CVE-2025-53248 | WordPress Magazine Theme <= 1.2.2 - Local File Inclusion Vulnerability | | |
| CVE-2025-53247 | WordPress BlogMarks Theme <= 1.0.8 - Local File Inclusion Vulnerability | | |
| CVE-2025-53244 | WordPress Magazine Elite Theme <= 1.2.4 - Local File Inclusion Vulnerability | | |
| CVE-2025-53243 | WordPress Employee Directory – Staff Listing & Team Directory Plugin for WordPress Plugin <= 4.5.3 - PHP Object Injection Vulnerability | | |
| CVE-2025-53230 | WordPress Page Manager for Elementor Plugin <= 2.0.5 - Broken Access Control Vulnerability | | |
| CVE-2025-53227 | WordPress Magazine Saga Theme <= 1.2.7 - Local File Inclusion Vulnerability | | |
| CVE-2025-53225 | WordPress e-Boekhouden.nl Plugin <= 1.9.3 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-53224 | WordPress NextGEN Gallery Search Plugin <= 2.12 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-53223 | WordPress Theme Switcher Reloaded Plugin <= 1.1 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-53220 | WordPress XmasB Quotes Plugin <= 1.6.1 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-53216 | WordPress Glamer Theme <= 1.0.2 - Local File Inclusion Vulnerability | | |
| CVE-2025-53215 | WordPress Yahoo! WebPlayer Plugin <= 2.0.6 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-52761 | WordPress WP Funnel Manager Plugin <= 1.4.0 - PHP Object Injection Vulnerability | | |
| CVE-2025-49407 | WordPress Houzez Theme <= 4.1.1 - Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2025-49405 | WordPress Houzez Theme <= 4.1.1 - Local File Inclusion Vulnerability | S | |
| CVE-2025-49404 | WordPress Listeo-Core Plugin <= 1.9.32 - SQL Injection Vulnerability | | |
| CVE-2025-49402 | WordPress Houzez CRM Plugin <= 1.4.7 - Broken Access Control Vulnerability | S | |
| CVE-2025-49388 | WordPress Miraculous Core Plugin Plugin <= 2.0.7 - Privilege Escalation Vulnerability | S | |
| CVE-2025-49387 | WordPress Drag and Drop File Upload for Elementor Forms Plugin <= 1.5.3 - Arbitrary File Upload Vulnerability | S | |
| CVE-2025-49383 | WordPress Neresa Theme <= 1.3 - Local File Inclusion Vulnerability | S | |
| CVE-2025-48365 | WordPress Custom Comment plugin <= 2.1.6 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-48364 | WordPress rajce plugin <= 0.4.2 - Server Side Request Forgery (SSRF) vulnerability | | |
| CVE-2025-48363 | WordPress Popup for CF7 with Sweet Alert plugin <= 1.6.5 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-48362 | WordPress Hesabfa Accounting plugin <= 2.2.4 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-48361 | WordPress Hesabfa Accounting plugin <= 2.2.4 - Sensitive Data Exposure via Log File vulnerability | | |
| CVE-2025-48360 | WordPress Varnish/Nginx Proxy Caching plugin <= 1.8.3 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-48359 | WordPress ATT YouTube Widget plugin <= 1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability | | |
| CVE-2025-48358 | WordPress Risk Free Cash On Delivery (COD) – WooCommerce plugin <= 1.0.4 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-48357 | WordPress Century ToolKit plugin <= 1.2.1 - Cross Site Request Forgery (CSRF) to Arbitrary Plugin Activation vulnerability | | |
| CVE-2025-48356 | WordPress Kanpress plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-48354 | WordPress Better Post & Filter Widgets for Elementor plugin <= 1.6.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-48353 | WordPress Clickbank WordPress Plugin (Niche Storefront) plugin <= 1.3.5 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability | | |
| CVE-2025-48352 | WordPress Yandex Site search pinger plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-48351 | WordPress Kento Splash Screen plugin <= 1.4 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability | | |
| CVE-2025-48350 | WordPress AutoWP plugin <= 2.2.2 - Broken Access Control vulnerability | | |
| CVE-2025-48349 | WordPress Video Gallery – Vimeo and YouTube Gallery plugin <= 1.1.7 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-48348 | WordPress Site Offline plugin <= 1.5.7 - Broken Access Control vulnerability | | |
| CVE-2025-48347 | WordPress bxSlider integration for WordPress plugin <= 1.7.2 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-48343 | WordPress WPMU Ldap Authentication plugin <= 5.0.1 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability | | |
| CVE-2025-48327 | WordPress WP Mailgun SMTP plugin <= 1.0.7 - Broken Access Control vulnerability | | |
| CVE-2025-48325 | WordPress WP Admin Theme plugin <= 1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability | | |
| CVE-2025-48324 | WordPress tli.tl auto Twitter poster plugin <= 3.4 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-48323 | WordPress Advance Food Menu plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-48322 | WordPress Statify Widget plugin <= 1.4.6 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-48321 | WordPress Ultimate twitter profile widget plugin <= 1.0 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-48320 | WordPress 百度分享按钮 plugin <= 1.0.6 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-48319 | WordPress Mesa Mesa Reservation Widget plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-48318 | WordPress 多说社会化评论框 plugin <= 1.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability | | |
| CVE-2025-48316 | WordPress Responsive Mobile-Friendly Tooltip plugin <= 1.6.6 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-48315 | WordPress WordPress HTML plugin <= 0.51 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-48314 | WordPress Add Code To Head plugin <= 1.17 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-48313 | WordPress Tripadvisor Shortcode plugin <= 2.2 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-48312 | WordPress WPAvatar plugin <= 1.9.3 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-48311 | WordPress Invisible Optin plugin <= 1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability | | |
| CVE-2025-48310 | WordPress Table Editor plugin <= 1.6.4 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-48309 | WordPress BetPress plugin <= 1.0.1 Lite - CSRF to Stored XSS vulnerability | | |
| CVE-2025-48308 | WordPress Newsletter subscription optin module plugin <= 1.2.9 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability | |