Latest CVE Feed
-
7.1
HIGHCVE-2025-28964
Cross-Site Request Forgery (CSRF) vulnerability in mangup Personal Favicon allows Stored XSS. This issue affects Personal Favicon: from n/a through 2.0.... Read more
Affected Products :- Published: Jun. 06, 2025
- Modified: Jun. 06, 2025
- Vuln Type: Cross-Site Request Forgery
-
7.1
HIGHCVE-2025-28958
Cross-Site Request Forgery (CSRF) vulnerability in Vadim Bogaiskov Bg Orthodox Calendar allows Stored XSS. This issue affects Bg Orthodox Calendar: from n/a through 0.13.10.... Read more
Affected Products :- Published: Jun. 06, 2025
- Modified: Jun. 06, 2025
- Vuln Type: Cross-Site Request Forgery
-
7.4
HIGHCVE-2025-28954
Cross-Site Request Forgery (CSRF) vulnerability in wphobby Backwp allows Path Traversal. This issue affects Backwp: from n/a through 2.0.2.... Read more
Affected Products :- Published: Jun. 06, 2025
- Modified: Jun. 06, 2025
- Vuln Type: Cross-Site Request Forgery
-
4.3
MEDIUMCVE-2025-28952
Cross-Site Request Forgery (CSRF) vulnerability in Jonathan Lau CubePoints allows Cross Site Request Forgery. This issue affects CubePoints: from n/a through 3.2.1.... Read more
Affected Products :- Published: Jun. 06, 2025
- Modified: Jun. 06, 2025
- Vuln Type: Cross-Site Request Forgery
-
7.1
HIGHCVE-2025-28950
Cross-Site Request Forgery (CSRF) vulnerability in David Shabtai Post Author allows Stored XSS. This issue affects Post Author: from n/a through 1.1.1.... Read more
Affected Products :- Published: Jun. 06, 2025
- Modified: Jun. 06, 2025
- Vuln Type: Cross-Site Request Forgery
-
7.1
HIGHCVE-2025-28948
Cross-Site Request Forgery (CSRF) vulnerability in codedraft Mediabay - WordPress Media Library Folders allows Reflected XSS. This issue affects Mediabay - WordPress Media Library Folders: from n/a through 1.4.... Read more
Affected Products : mediabay_-_wordpress_media_library_folders- Published: Jun. 06, 2025
- Modified: Jun. 06, 2025
- Vuln Type: Cross-Site Request Forgery
-
4.3
MEDIUMCVE-2025-27360
Cross-Site Request Forgery (CSRF) vulnerability in WP Corner Quick Event Calendar allows Cross Site Request Forgery. This issue affects Quick Event Calendar: from n/a through 1.4.9.... Read more
Affected Products :- Published: Jun. 06, 2025
- Modified: Jun. 06, 2025
- Vuln Type: Cross-Site Request Forgery
-
4.3
MEDIUMCVE-2025-27359
Cross-Site Request Forgery (CSRF) vulnerability in Seerox WP Media File Type Manager allows Cross Site Request Forgery. This issue affects WP Media File Type Manager: from n/a through 2.3.0.... Read more
Affected Products :- Published: Jun. 06, 2025
- Modified: Jun. 06, 2025
- Vuln Type: Cross-Site Request Forgery
-
6.5
MEDIUMCVE-2025-27334
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ángel C. Simple Google Static Map allows DOM-Based XSS. This issue affects Simple Google Static Map: from n/a through 1.0.1.... Read more
Affected Products :- Published: Jun. 06, 2025
- Modified: Jun. 06, 2025
- Vuln Type: Cross-Site Scripting
-
4.3
MEDIUMCVE-2025-26593
Cross-Site Request Forgery (CSRF) vulnerability in FasterThemes FastBook allows Cross Site Request Forgery. This issue affects FastBook: from n/a through 1.1.... Read more
Affected Products :- Published: Jun. 06, 2025
- Modified: Jun. 06, 2025
- Vuln Type: Cross-Site Request Forgery
-
7.6
HIGHCVE-2025-26590
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nir Complete Google Seo Scan allows SQL Injection. This issue affects Complete Google Seo Scan: from n/a through 3.5.1.... Read more
Affected Products :- Published: Jun. 06, 2025
- Modified: Jun. 06, 2025
- Vuln Type: Injection
-
5.4
MEDIUMCVE-2025-24778
Missing Authorization vulnerability in De paragon No Spam At All allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects No Spam At All: from n/a through 1.3.... Read more
Affected Products :- Published: Jun. 06, 2025
- Modified: Jun. 06, 2025
- Vuln Type: Authorization
-
5.4
MEDIUMCVE-2025-24776
Missing Authorization vulnerability in codelobster Responsive Flipbooks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Responsive Flipbooks: from n/a through 1.0.... Read more
Affected Products :- Published: Jun. 06, 2025
- Modified: Jun. 06, 2025
- Vuln Type: Authorization
-
5.4
MEDIUMCVE-2025-24772
Cross-Site Request Forgery (CSRF) vulnerability in cmsMinds Pay with Contact Form 7 allows Cross Site Request Forgery. This issue affects Pay with Contact Form 7: from n/a through 1.0.4.... Read more
Affected Products :- Published: Jun. 06, 2025
- Modified: Jun. 06, 2025
- Vuln Type: Cross-Site Request Forgery
-
5.3
MEDIUMCVE-2025-24763
Missing Authorization vulnerability in Pascal Casier bbPress API allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects bbPress API: from n/a through 1.0.14.... Read more
Affected Products :- Published: Jun. 06, 2025
- Modified: Jun. 06, 2025
- Vuln Type: Authorization
-
5.4
MEDIUMCVE-2025-24762
Missing Authorization vulnerability in facturaone TicketBAI Facturas para WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects TicketBAI Facturas para WooCommerce: from n/a through 3.19.... Read more
Affected Products :- Published: Jun. 06, 2025
- Modified: Jun. 06, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-23971
Missing Authorization vulnerability in whassan KI Live Video Conferences allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects KI Live Video Conferences: from n/a through 5.5.15.... Read more
Affected Products :- Published: Jun. 06, 2025
- Modified: Jun. 06, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-23969
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in whassan KI Live Video Conferences allows Retrieve Embedded Sensitive Data. This issue affects KI Live Video Conferences: from n/a through 5.5.15.... Read more
Affected Products :- Published: Jun. 06, 2025
- Modified: Jun. 06, 2025
- Vuln Type: Information Disclosure
-
7.6
HIGHCVE-2023-26003
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in vipul Jariwala WP Post Corrector allows SQL Injection. This issue affects WP Post Corrector: from n/a through 1.0.2.... Read more
Affected Products :- Published: Jun. 06, 2025
- Modified: Jun. 06, 2025
- Vuln Type: Injection
-
4.3
MEDIUMCVE-2023-26002
Missing Authorization vulnerability in 6Storage 6Storage Rentals allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects 6Storage Rentals: from n/a through 2.19.5.... Read more
Affected Products :- Published: Jun. 06, 2025
- Modified: Jun. 06, 2025
- Vuln Type: Authorization