Latest CVE Feed
-
4.4
MEDIUMCVE-2025-8490
The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Import in all versions up to, and including, 7.97 due to insufficient input sanitization and output escaping. This makes it possible for authe... Read more
Affected Products : all-in-one_wp_migration- Published: Aug. 27, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cross-Site Scripting
-
5.9
MEDIUMCVE-2025-57813
traQ is a messenger application built for Digital Creators Club traP. Prior to version 3.25.0, a vulnerability exists where sensitive information, such as OAuth tokens, are recorded in log files when an error occurs during the execution of an SQL query. A... Read more
Affected Products :- Published: Aug. 26, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Information Disclosure
-
8.8
HIGHCVE-2025-6366
The Event List plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.0.4. This is due to the plugin not properly validating a user's capabilities prior to updating their profile in the el_update_profile() funct... Read more
Affected Products : event_list- Published: Aug. 26, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Authorization
-
5.9
MEDIUMCVE-2025-49039
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mibuthu Link View allows Stored XSS.This issue affects Link View: from n/a through 0.8.0.... Read more
Affected Products :- Published: Aug. 27, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cross-Site Scripting
-
5.9
MEDIUMCVE-2025-49035
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in chaimchaikin Admin Menu Groups allows Stored XSS.This issue affects Admin Menu Groups: from n/a through 0.1.2.... Read more
Affected Products :- Published: Aug. 27, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Cross-Site Scripting