Full List

Search

Recent Vulnerabilities

• CVE-2025-39526 • published on April 17, 2025 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in nicdark Hotel Booking allows PHP Local File Inclusion. This issue affects Hotel Booking: from n/a through 3.6.
• CVE-2025-39527 • published on April 17, 2025 Deserialization of Untrusted Data vulnerability in bestwebsoft Rating by BestWebSoft allows Object Injection. This issue affects Rating by BestWebSoft: from n/a through 1.7.
• CVE-2025-39532 • published on April 17, 2025 Missing Authorization vulnerability in spicethemes Spice Blocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Spice Blocks: from n/a through 2.0.7.1.
• CVE-2025-39533 • published on April 17, 2025 Missing Authorization vulnerability in Starfish Reviews Starfish Review Generation & Marketing allows Privilege Escalation. This issue affects Starfish Review Generation & Marketing: from n/a through 3.1.14.
• CVE-2025-39535 • published on April 17, 2025 Authentication Bypass Using an Alternate Path or Channel vulnerability in appsbd Vitepos allows Authentication Abuse. This issue affects Vitepos: from n/a through 3.1.7.
• CVE-2025-39542 • published on April 17, 2025 Incorrect Privilege Assignment vulnerability in Jauhari Xelion Xelion Webchat allows Privilege Escalation. This issue affects Xelion Webchat: from n/a through 9.1.0.
• CVE-2025-39550 • published on April 17, 2025 Deserialization of Untrusted Data vulnerability in Shahjahan Jewel FluentCommunity allows Object Injection. This issue affects FluentCommunity: from n/a through 1.2.15.
• CVE-2025-39551 • published on April 17, 2025 Deserialization of Untrusted Data vulnerability in Mahmudul Hasan Arif FluentBoards allows Object Injection. This issue affects FluentBoards: from n/a through 1.47.
• CVE-2025-39554 • published on April 17, 2025 Missing Authorization vulnerability in Elliot Sowersby / RelyWP AI Text to Speech allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AI Text to Speech: from n/a through 3.0.3.
• CVE-2025-39558 • published on April 17, 2025 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks CRM Perks allows Reflected XSS. This issue affects CRM Perks: from n/a through 1.1.7.
• CVE-2025-39559 • published on April 17, 2025 Missing Authorization vulnerability in Eivin Landa Bring Fraktguiden for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Bring Fraktguiden for WooCommerce: from n/a through 1.11.4.
• CVE-2025-39562 • published on April 17, 2025 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople Payment Form for PayPal Pro allows Stored XSS. This issue affects Payment Form for PayPal Pro: from n/a through 1.1.72.
• CVE-2025-39567 • published on April 17, 2025 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shamalli Web Directory Free allows Reflected XSS. This issue affects Web Directory Free: from n/a through 1.7.8.
• CVE-2025-39568 • published on April 17, 2025 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Arture B.V. StoreContrl Woocommerce allows Path Traversal. This issue affects StoreContrl Woocommerce: from n/a through 4.1.3.
• CVE-2025-39569 • published on April 17, 2025 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in taskbuilder Taskbuilder allows Blind SQL Injection. This issue affects Taskbuilder: from n/a through 4.0.1.
• CVE-2025-39580 • published on April 17, 2025 Missing Authorization vulnerability in jidaikobo Dashi allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Dashi: from n/a through 3.1.8.
• CVE-2025-39583 • published on April 17, 2025 Missing Authorization vulnerability in berthaai BERTHA AI allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects BERTHA AI: from n/a through 1.12.10.2.
• CVE-2025-39586 • published on April 17, 2025 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid allows SQL Injection. This issue affects ProfileGrid : from n/a through 5.9.4.8.
• CVE-2025-39587 • published on April 17, 2025 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stylemix Cost Calculator Builder allows SQL Injection. This issue affects Cost Calculator Builder: from n/a through 3.2.65.
• CVE-2025-39588 • published on April 17, 2025 Deserialization of Untrusted Data vulnerability in bdthemes Ultimate Store Kit Elementor Addons allows Object Injection. This issue affects Ultimate Store Kit Elementor Addons: from n/a through 2.4.0.