Total
299023 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-7197 | 1 Corbyboy | 1 Marketing Twitter Bot | 2025-06-11 | N/A | 7.1 HIGH |
| The Marketing Twitter Bot WordPress plugin through 1.11 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | |||||
| CVE-2024-0852 | 1 Dev4press | 1 Coreactivity | 2025-06-11 | N/A | 6.1 MEDIUM |
| The coreActivity: Activity Logging for WordPress plugin before 1.8.1 does not escape some request data when outputting it back in the admin dashboard, allowing unauthenticated users to perform Stored XSS attack against high privilege users such as admin | |||||
| CVE-2024-10009 | 1 Melapress | 1 Melapress File Monitor | 2025-06-11 | N/A | 4.1 MEDIUM |
| The Melapress File Monitor WordPress plugin before 2.1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks | |||||
| CVE-2023-2334 | 2 Gsheetconnector, Westerndeal | 2 Edd Gsheetconnector, Easy Digital Downloads Google Sheet Connector | 2025-06-11 | N/A | 5.4 MEDIUM |
| The edd-google-sheet-connector-pro WordPress plugin before 1.4, Easy Digital Downloads Google Sheet Connector WordPress plugin before 1.6.6 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack | |||||
| CVE-2023-6030 | 1 Deryckoe | 1 Logdash Activity Log | 2025-06-11 | N/A | 5.4 MEDIUM |
| The LogDash Activity Log WordPress plugin before 1.1.4 hooks the wp_login_failed function (from src/Hooks/Users.php) in order to log failed login attempts to the database but it doesn't escape the username when it perform some SQL request leading to a SQL injection vulnerability which can be exploited using time-based technique by unauthenticated attacker | |||||
| CVE-2023-6541 | 1 Wphelpline | 1 Allow Svg | 2025-06-11 | N/A | 6.1 MEDIUM |
| The Allow SVG WordPress plugin before 1.2.0 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. | |||||
| CVE-2023-6783 | 1 Wolfnettech | 1 Wolfnet Idx For Wordpress | 2025-06-11 | N/A | 4.8 MEDIUM |
| The WolfNet IDX for WordPress plugin through 1.19.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2024-45510 | 1 Synacor | 1 Zimbra Collaboration Suite | 2025-06-11 | N/A | 5.4 MEDIUM |
| An issue was discovered in Zimbra Collaboration (ZCS) through 10.0. Zimbra Webmail (Modern UI) is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper sanitization of user input. This allows an attacker to inject malicious code into specific fields of an e-mail message. When the victim adds the attacker to their contacts, the malicious code is stored and executed when viewing the contact list. This can lead to unauthorized actions such as arbitrary mail sending, mailbox exfiltration, profile picture alteration, and other malicious actions. Proper sanitization and escaping of input fields are necessary to mitigate this vulnerability. | |||||
| CVE-2023-6786 | 1 Hkdigitalagency | 1 Payment Gateway For Telcell | 2025-06-11 | N/A | 6.1 MEDIUM |
| The Payment Gateway for Telcell WordPress plugin through 2.0.1 does not validate the api_url parameter before redirecting the user to its value, leading to an Open Redirect issue | |||||
| CVE-2025-43925 | 1 Unicomsi | 1 Focal Point | 2025-06-11 | N/A | 4.6 MEDIUM |
| An issue was discovered in Unicom Focal Point 7.6.1. The database is encrypted with a hardcoded key, making it easier to recover the cleartext data. | |||||
| CVE-2025-23095 | 1 Samsung | 10 Exynos 1280, Exynos 1280 Firmware, Exynos 1380 and 7 more | 2025-06-11 | N/A | 6.5 MEDIUM |
| An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400. A Double Free in the mobile processor leads to privilege escalation. | |||||
| CVE-2025-23096 | 1 Samsung | 10 Exynos 1280, Exynos 1280 Firmware, Exynos 1380 and 7 more | 2025-06-11 | N/A | 6.5 MEDIUM |
| An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400. A Double Free in the mobile processor leads to privilege escalation. | |||||
| CVE-2025-23101 | 1 Samsung | 2 Exynos 1380, Exynos 1380 Firmware | 2025-06-11 | N/A | 6.5 MEDIUM |
| An issue was discovered in Samsung Mobile Processor Exynos 1380. A Use-After-Free in the mobile processor leads to privilege escalation. | |||||
| CVE-2025-23106 | 1 Samsung | 6 Exynos 1480, Exynos 1480 Firmware, Exynos 2200 and 3 more | 2025-06-11 | N/A | 6.5 MEDIUM |
| An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. A Use-After-Free in the mobile processor leads to privilege escalation. | |||||
| CVE-2025-29093 | 1 Motivian | 1 Content Management System | 2025-06-11 | N/A | 8.2 HIGH |
| File Upload vulnerability in Motivian Content Mangment System v.41.0.0 allows a remote attacker to execute arbitrary code via the Content/Gallery/Images component. | |||||
| CVE-2025-29094 | 1 Motivian | 1 Content Management System | 2025-06-11 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in Motivian Content Mangment System v.41.0.0 allows a remote attacker to execute arbitrary code via the Marketing/Forms, Marketing/Offers and Content/Pages components. | |||||
| CVE-2022-3836 | 1 Seedwebs | 1 Seed Social | 2025-06-11 | N/A | 4.8 MEDIUM |
| The Seed Social WordPress plugin before 2.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2022-1617 | 1 Usabilitydynamics | 1 Wp-invoice | 2025-06-11 | N/A | 6.1 MEDIUM |
| The WP-Invoice WordPress plugin through 4.3.1 does not have CSRF check in place when updating its settings, and is lacking sanitisation as well as escaping in some of them, allowing attacker to make a logged in admin change them and add XSS payload in them | |||||
| CVE-2023-44487 | 32 Akka, Amazon, Apache and 29 more | 313 Http Server, Opensearch Data Prepper, Apisix and 310 more | 2025-06-11 | N/A | 7.5 HIGH |
| The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | |||||
| CVE-2024-12722 | 1 Mohsinrasool | 1 Twitter Bootstrap Collapse Aka Accordian Shortcode | 2025-06-11 | N/A | 5.4 MEDIUM |
| The Twitter Bootstrap Collapse aka Accordian Shortcode WordPress plugin through 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||