Latest CVE Feed
-
5.3
MEDIUMCVE-2025-58797
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Mahmudul Hasan Arif Ninja Charts allows Retrieve Embedded Sensitive Data. This issue affects Ninja Charts: from n/a through 3.3.2.... Read more
Affected Products :- Published: Sep. 05, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Information Disclosure
-
5.9
MEDIUMCVE-2025-48102
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gourl GoUrl Bitcoin Payment Gateway & Paid Downloads & Membership allows Stored XSS. This issue affects GoUrl Bitcoin Payment Gateway & Paid ... Read more
Affected Products : gourl- Published: Sep. 05, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Cross-Site Scripting
-
3.8
LOWCVE-2025-58827
Improper Control of Generation of Code ('Code Injection') vulnerability in PickPlugins Job Board Manager allows Code Injection. This issue affects Job Board Manager: from n/a through 2.1.61.... Read more
Affected Products :- Published: Sep. 05, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Injection
-
7.1
HIGHCVE-2025-58809
Cross-Site Request Forgery (CSRF) vulnerability in Nick Ciske To Lead For Salesforce allows Reflected XSS. This issue affects To Lead For Salesforce: from n/a through 2.7.3.9.... Read more
Affected Products :- Published: Sep. 05, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Cross-Site Request Forgery
-
5.9
MEDIUMCVE-2025-58821
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdever WP Notification Bell allows Stored XSS. This issue affects WP Notification Bell: from n/a through 1.4.5.... Read more
Affected Products :- Published: Sep. 05, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2025-58852
Cross-Site Request Forgery (CSRF) vulnerability in Mark O'Donnell MSTW League Manager allows Stored XSS. This issue affects MSTW League Manager: from n/a through 2.10.... Read more
Affected Products :- Published: Sep. 05, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Cross-Site Request Forgery
-
6.5
MEDIUMCVE-2025-58878
Cross-Site Request Forgery (CSRF) vulnerability in usamafarooq Woocommerce Gifts Product allows Cross Site Request Forgery. This issue affects Woocommerce Gifts Product: from n/a through 1.0.0.... Read more
Affected Products :- Published: Sep. 05, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Cross-Site Request Forgery
-
5.9
MEDIUMCVE-2025-58884
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ivan Drago vipdrv allows Stored XSS. This issue affects vipdrv: from n/a through 1.0.3.... Read more
Affected Products :- Published: Sep. 05, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-58868
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Simasicher SimaCookie allows Stored XSS. This issue affects SimaCookie: from n/a through 1.3.2.... Read more
Affected Products :- Published: Sep. 05, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-58880
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in reubenthiessen Translate This gTranslate Shortcode allows Stored XSS. This issue affects Translate This gTranslate Shortcode: from n/a through 1.0.... Read more
Affected Products :- Published: Sep. 05, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-58864
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iamroody 金数据 allows Stored XSS. This issue affects 金数据: from n/a through 1.0.... Read more
Affected Products :- Published: Sep. 05, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-58863
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SdeWijs Zoomify embed for WP allows Stored XSS. This issue affects Zoomify embed for WP: from n/a through 1.5.2.... Read more
Affected Products :- Published: Sep. 05, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Cross-Site Scripting
-
7.2
HIGHCVE-2025-58839
Deserialization of Untrusted Data vulnerability in aThemeArt Translations eDS Responsive Menu allows Object Injection. This issue affects eDS Responsive Menu: from n/a through 1.2.... Read more
Affected Products :- Published: Sep. 05, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-58836
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tikolan FW Anker allows Stored XSS. This issue affects FW Anker: from n/a through 1.2.6.... Read more
Affected Products :- Published: Sep. 05, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-58834
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gugu short.io allows DOM-Based XSS. This issue affects short.io: from n/a through 2.4.0.... Read more
Affected Products :- Published: Sep. 05, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-58826
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eric Mann WP Publication Archive allows Stored XSS. This issue affects WP Publication Archive : from n/a through 3.0.1.... Read more
Affected Products :- Published: Sep. 05, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Cross-Site Scripting
-
4.3
MEDIUMCVE-2025-58824
Missing Authorization vulnerability in webriti Shk Corporate allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shk Corporate: from n/a through 2.4.1.1.... Read more
Affected Products :- Published: Sep. 05, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-58817
Missing Authorization vulnerability in DesertThemes SoftMe allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SoftMe: from n/a through 1.1.24.... Read more
Affected Products :- Published: Sep. 05, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Authorization
-
7.2
HIGHCVE-2025-58815
Deserialization of Untrusted Data vulnerability in Rubel Miah Aitasi Coming Soon allows Object Injection. This issue affects Aitasi Coming Soon: from n/a through 2.0.2.... Read more
Affected Products :- Published: Sep. 05, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-58796
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dudaster Elementor Element Condition allows Stored XSS. This issue affects Elementor Element Condition: from n/a through 1.0.5.... Read more
Affected Products :- Published: Sep. 05, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Cross-Site Scripting