| Page(s) : 1 ... 731 732 733 734 735 736 737 738 739 740 [741] 742 743 744 745 746 747 748 749 750 751 ... | Result(s) : 300013 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| 6.1 | 2025-03-14 | CVE-2025-2166 | cve | The CM FAQ – Simplify support with an intuitive FAQ management tool plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg with... |
| 8.8 | 2025-03-14 | CVE-2024-13376 | cve | The Industrial theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the _ajax_get_to... |
| 8.8 | 2025-03-14 | CVE-2024-13913 | cve | The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1.0.83. This is due... |
| 8.1 | 2025-03-14 | CVE-2025-0952 | cve | The Eco Nature - Environment & Ecology WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missi... |
| 7.5 | 2025-03-14 | CVE-2025-1764 | cve | The LoginPress | wp-login Custom Login Page Customizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.1. This is due ... |
| 8.8 | 2025-03-14 | CVE-2025-2103 | cve | The SoundRise Music plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on theironMus... |
| 8.8 | 2025-03-14 | CVE-2025-2289 | cve | The Zegen - Church WordPress Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX endpoints in all versions up to, an... |
| 9.8 | 2025-03-14 | CVE-2024-13824 | cve | The CiyaShop - Multipurpose WooCommerce Theme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.19.0 via deserialization of untru... |
| 7.5 | 2025-03-14 | CVE-2025-2221 | cve | The WPCOM Member plugin for WordPress is vulnerable to time-based SQL Injection via the ‘user_phone’ parameter in all versions up to, and including, 1.7.6 due to insufficient es... |
| 9.8 | 2025-03-14 | CVE-2024-13321 | cve | The AnalyticsWP plugin for WordPress is vulnerable to SQL Injection via the 'custom_sql' parameter in all versions up to, and including, 2.0.0 due to insufficient auth... |
| 6.5 | 2025-03-14 | CVE-2024-13407 | cve | The Omnipress plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.5.4 via the megamenu block due to insufficient restrictions on w... |
| 5.4 | 2025-03-14 | CVE-2025-1526 | cve | The DethemeKit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the De Product Display Widget (countdown feature) in all versions up to, and i... |
| N/A | 2025-03-14 | CVE-2024-8176 | cve | A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nes... |
| 5.3 | 2025-03-14 | CVE-2025-1507 | cve | The ShareThis Dashboard for Google Analytics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_actions() fu... |
| N/A | 2025-03-14 | CVE-2024-26006 | cve | An improper neutralization of input during web page Generation vulnerability [CWE-79] in FortiOS version 7.4.3 and below, version 7.2.7 and below, version 7.0.13 and below and F... |
| N/A | 2025-03-14 | CVE-2024-55549 | cve | xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes. |
| N/A | 2025-03-14 | CVE-2025-24855 | cve | numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNu... |
| N/A | 2025-03-14 | CVE-2025-26163 | cve | CM Soluces Informatica Ltda Auto Atendimento 1.x.x was discovered to contain a SQL injection via the CPF parameter. |
| N/A | 2025-03-14 | CVE-2025-30022 | cve | CM Soluces Informatica Ltda Auto Atendimento 1.x.x was discovered to contain a SQL injection via the DATANASC parameter. |
| N/A | 2025-03-13 | CVE-2025-1266 | cve | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. |
| Page(s) : 1 ... 731 732 733 734 735 736 737 738 739 740 [741] 742 743 744 745 746 747 748 749 750 751 ... | Result(s) : 300013 |
