Latest CVE Feed
-
6.4
MEDIUMCVE-2025-13747
The NewStatPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a regex bypass in nsp_shortcode function in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping on user supplied attribu... Read more
Affected Products : newstatpress- Published: Dec. 12, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Cross-Site Scripting
-
4.3
MEDIUMCVE-2025-14391
The Simple Theme Changer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to update the plugi... Read more
Affected Products :- Published: Dec. 12, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Cross-Site Request Forgery
-
5.3
MEDIUMCVE-2025-13660
The Guest Support plugin for WordPress is vulnerable to User Email Disclosure in versions up to, and including, 1.2.3. This is due to the plugin exposing a public AJAX endpoint that allows anyone to search for and retrieve user email addresses without any... Read more
Affected Products :- Published: Dec. 12, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Information Disclosure
-
8.7
HIGHCVE-2024-58306
minaliC 2.0.0 contains a denial of service vulnerability that allows remote attackers to crash the web server by sending oversized GET requests. Attackers can send crafted HTTP requests with excessive data to overwhelm the server and cause service interru... Read more
Affected Products :- Published: Dec. 11, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Denial of Service