Full List

Search

Recent Vulnerabilities

• CVE-2025-47534 • published on May 16, 2025 Missing Authorization vulnerability in ValvePress Wordpress Auto Spinner allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Wordpress Auto Spinner: from n/a through 3.25.0.
• CVE-2025-47556 • published on May 16, 2025 Missing Authorization vulnerability in QuanticaLabs CSS3 Compare Pricing Tables for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CSS3 Compare Pricing Tables for WordPress: from n/a through 11.5.
• CVE-2025-47557 • published on May 16, 2025 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RomanCode MapSVG allows Stored XSS. This issue affects MapSVG: from n/a through 8.5.31.
• CVE-2025-47560 • published on May 16, 2025 Missing Authorization vulnerability in RomanCode MapSVG allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MapSVG: from n/a through 8.5.32.
• CVE-2025-47562 • published on May 16, 2025 Improper Control of Generation of Code ('Code Injection') vulnerability in RomanCode MapSVG allows Code Injection. This issue affects MapSVG: from n/a through 8.5.34.
• CVE-2025-47563 • published on May 16, 2025 Missing Authorization vulnerability in villatheme CURCY allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects CURCY: from n/a through 2.3.7.
• CVE-2025-47564 • published on May 16, 2025 Missing Authorization vulnerability in ashanjay EventON allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects EventON: from n/a through 4.9.9.
• CVE-2025-47567 • published on May 16, 2025 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Video Player & FullScreen Video Background allows Blind SQL Injection. This issue affects Video Player & FullScreen Video Background: from n/a through 2.4.1.
• CVE-2025-47693 • published on May 16, 2025 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in roninwp FAT Services Booking allows PHP Local File Inclusion. This issue affects FAT Services Booking: from n/a through 5.5.
• CVE-2025-48146 • published on May 16, 2025 Cross-Site Request Forgery (CSRF) vulnerability in Michael Lups SEO Flow by LupsOnline allows Stored XSS. This issue affects SEO Flow by LupsOnline: from n/a through 2.2.0.
• CVE-2025-48144 • published on May 16, 2025 Cross-Site Request Forgery (CSRF) vulnerability in sidngr Import Export For WooCommerce allows Stored XSS. This issue affects Import Export For WooCommerce: from n/a through 1.6.2.
• CVE-2025-48138 • published on May 16, 2025 Missing Authorization vulnerability in berthaai BERTHA AI allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects BERTHA AI: from n/a through 1.12.11.
• CVE-2025-48137 • published on May 16, 2025 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in proxymis Interview allows SQL Injection. This issue affects Interview: from n/a through 1.01.
• CVE-2025-48136 • published on May 16, 2025 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Estatik Mortgage Calculator Estatik allows PHP Local File Inclusion. This issue affects Mortgage Calculator Estatik: from n/a through 2.0.12.
• CVE-2025-48135 • published on May 16, 2025 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aptivadadev Aptivada for WP allows DOM-Based XSS. This issue affects Aptivada for WP: from n/a through 2.0.0.
• CVE-2025-48134 • published on May 16, 2025 Deserialization of Untrusted Data vulnerability in ShapedPlugin LLC WP Tabs allows Object Injection. This issue affects WP Tabs: from n/a through 2.2.11.
• CVE-2025-48132 • published on May 16, 2025 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pencilwp X Addons for Elementor allows Stored XSS. This issue affects X Addons for Elementor: from n/a through 1.0.14.
• CVE-2025-48131 • published on May 16, 2025 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saiful Islam UltraAddons Elementor Lite allows Stored XSS. This issue affects UltraAddons Elementor Lite: from n/a through 2.0.0.
• CVE-2025-48128 • published on May 16, 2025 Missing Authorization vulnerability in Sharespine Sharespine Woocommerce Connector allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sharespine Woocommerce Connector: from n/a through 4.7.55.
• CVE-2025-48127 • published on May 16, 2025 Missing Authorization vulnerability in App Cheap Push notification for Mobile and Web app allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Push notification for Mobile and Web app: from n/a through 2.0.3.