Click to open the Alert Filter

 
Year Month
Severity
Categories
Search by Alert Name
Page(s) : 1 ... 4 5 6 7 8 9 10 11 12 13 [14] 15 16 17 18 19 20 21 22 23 24 ... Result(s) : 325997

Alerts Feed Alerts

DATE NAME CATEGORIES DETAIL
4.3 2025-07-04 CVE-2025-5924 cve The WP Firebase Push Notification plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.0. This is due to missing or incorre...
4.3 2025-07-04 CVE-2025-5933 cve The RD Contacto plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation ...
8.8 2025-07-04 CVE-2025-5953 cve The WP Human Resource Management plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization in the ajax_insert_employee() and update_empoyee() funct...
6.5 2025-07-04 CVE-2025-5956 cve The WP Human Resource Management plugin for WordPress is vulnerable to Arbitrary User Deletion due to a missing authorization within the ajax_delete_employee() function in versi...
6.4 2025-07-04 CVE-2025-6039 cve The ProcessingJS for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pjs4wp' shortcode in all versions up to, and in...
6.1 2025-07-04 CVE-2025-6041 cve The yContributors plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5. This is due to missing or incorrect nonce validatio...
8 2025-07-04 CVE-2025-6238 cve The AI Engine plugin for WordPress is vulnerable to open redirect in version 2.8.4. This is due to an insecure OAuth implementation, as the 'redirect_uri' parameter is...
7.2 2025-07-04 CVE-2025-6586 cve The Download Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the dpwap_plugin_locInstall function in all versions up t...
6.4 2025-07-04 CVE-2025-6729 cve The PayMaster for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 0.4.31 via the 'wp_ajax_paym_status�...
6.5 2025-07-04 CVE-2025-6739 cve The WPQuiz plugin for WordPress is vulnerable to SQL Injection via the 'id' attribute of the 'wpquiz' shortcode in all versions up to, and including, 0.4.2 d...
7.5 2025-07-04 CVE-2025-6782 cve The GoZen Forms plugin for WordPress is vulnerable to SQL Injection via the 'forms-id' parameter of the dirGZActiveForm() function in all versions up to, and including...
7.5 2025-07-04 CVE-2025-6783 cve The GoZen Forms plugin for WordPress is vulnerable to SQL Injection via the 'forms-id' parameter of the emdedSc() function in all versions up to, and including, 1.1.5 ...
5.3 2025-07-04 CVE-2025-6786 cve The DocCheck Login plugin for WordPress is vulnerable to unauthorized post access in all versions up to, and including, 1.1.5. This is due to plugin redirecting a user to login ...
6.4 2025-07-04 CVE-2025-6787 cve The Smart Docs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'smartdocs_search' shortcode in all versions up to, and includin...
7.5 2025-07-04 CVE-2025-6814 cve The Booking X plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_now() function in versions 1.0 to 1.1.2. This mak...
6.4 2025-07-04 CVE-2025-7046 cve The Portfolio for Elementor & Image Gallery | PowerFolio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom JS Attributes of Plugin's widgets ...
3.5 2025-07-04 CVE-2025-7053 cve A vulnerability was found in Cockpit up to 2.11.3. It has been rated as problematic. This issue affects some unknown processing of the file /system/users/save. The manipulation ...
7.2 2025-07-03 CVE-2025-5322 cve The VikRentCar Car Rental Management System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the do_updatecar and createcar fu...
N/A 2025-07-03 CVE-2025-23968 cve Unrestricted Upload of File with Dangerous Type vulnerability in WPCenter AiBud WP allows Upload a Web Shell to a Web Server.This issue affects AiBud WP: from n/a through 1.8.5.
N/A 2025-07-03 CVE-2025-45809 cve BerriAI litellm v1.65.4 was discovered to contain a SQL injection vulnerability via the /key/block endpoint.
Page(s) : 1 ... 4 5 6 7 8 9 10 11 12 13 [14] 15 16 17 18 19 20 21 22 23 24 ... Result(s) : 325997