CVE-2024-37308 - The Cooked Pro recipe plugin for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the `_recipe_settings[post_title]` parameter in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escapin... read CVE-2024-37308
Published: June 13, 2024; 10:15:12 AM -0400

V3.1: 5.4 MEDIUM

CVE-2024-31378 - Cross-Site Request Forgery (CSRF) vulnerability in MailMunch MailChimp Forms by MailMunch.This issue affects MailChimp Forms by MailMunch: from n/a through 3.2.1.
Published: April 15, 2024; 7:15:09 AM -0400

V3.1: 8.8 HIGH

CVE-2024-8787 - The Smart Online Order for Clover plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.5.7. This mak... read CVE-2024-8787
Published: October 15, 2024; 10:15:06 PM -0400

V3.1: 6.1 MEDIUM

CVE-2024-7624 - The Zephyr Project Manager plugin for WordPress is vulnerable to limited privilege escalation in all versions up to, and including, 3.3.101. This is due to the plugin not properly checking a users capabilities before allowing them to enable access... read CVE-2024-7624
Published: August 14, 2024; 11:15:05 PM -0400

CVE-2024-7356 - The Zephyr Project Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘filename’ parameter in all versions up to, and including, 3.3.100 due to insufficient input sanitization and output escaping. This makes it possi... read CVE-2024-7356
Published: August 03, 2024; 6:15:51 AM -0400

V3.1: 5.4 MEDIUM

CVE-2024-1860 - The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the antihacker_add_whitelist() function in ... read CVE-2024-1860
Published: February 28, 2024; 5:15:09 AM -0500

V3.1: 5.3 MEDIUM

CVE-2018-19873 - An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.
Published: December 26, 2018; 4:29:02 PM -0500

V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH

CVE-2024-1516 - The WP eCommerce plugin for WordPress is vulnerable to unauthorized arbitrary post creation due to a missing capability check on the check_for_saas_push() function in all versions up to, and including, 3.15.1. This makes it possible for unauthenti... read CVE-2024-1516
Published: February 28, 2024; 4:15:43 AM -0500

CVE-2025-24596 - Missing Authorization vulnerability in WC Product Table WooCommerce Product Table Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooCommerce Product Table Lite: from n/a through 3.8.7.
Published: January 24, 2025; 1:15:36 PM -0500

V3.1: 9.8 CRITICAL

CVE-2025-24644 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels allows Stored XSS. This issue affects WooCommerce PDF Invoi... read CVE-2025-24644
Published: January 24, 2025; 1:15:38 PM -0500

V3.1: 4.8 MEDIUM

CVE-2025-0803 - A vulnerability, which was classified as critical, has been found in Codezips Gym Management System 1.0. Affected by this issue is some unknown functionality of the file /dashboard/admin/submit_plan_new.php. The manipulation of the argument planid... read CVE-2025-0803
Published: January 28, 2025; 9:15:27 PM -0500

V3.1: 9.8 CRITICAL

CVE-2025-0806 - A vulnerability was found in code-projects Job Recruitment 1.0. It has been rated as problematic. This issue affects some unknown processing of the file _call_job_search_ajax.php. The manipulation of the argument job_type leads to cross site scrip... read CVE-2025-0806
Published: January 28, 2025; 10:15:06 PM -0500

V3.1: 6.1 MEDIUM

CVE-2024-1368 - The Page Duplicator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the duplicate_dat_page() function in all versions up to, and including, 0.1.1. This makes it possible for unauthentica... read CVE-2024-1368
Published: February 28, 2024; 4:15:42 AM -0500

CVE-2022-21882 - Win32k Elevation of Privilege Vulnerability
Published: January 11, 2022; 4:15:11 PM -0500

V3.1: 7.8 HIGH
V2.0: 7.2 HIGH

CVE-2025-24598 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brandtoss WP Mailster allows Reflected XSS. This issue affects WP Mailster: from n/a through 1.8.17.0.
Published: February 04, 2025; 10:15:23 AM -0500

V3.1: 6.1 MEDIUM

CVE-2025-24559 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brandtoss WP Mailster allows Reflected XSS. This issue affects WP Mailster: from n/a through 1.8.15.0.
Published: February 03, 2025; 10:15:25 AM -0500

V3.1: 6.1 MEDIUM

CVE-2025-22303 - Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster allows Retrieve Embedded Sensitive Data.This issue affects WP Mailster: from n/a through 1.8.17.0.
Published: January 07, 2025; 6:15:14 AM -0500

V3.1: 7.5 HIGH

CVE-2025-21408 - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Published: February 06, 2025; 6:15:09 PM -0500

V3.1: 8.8 HIGH

CVE-2024-49311 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WisdmLabs Edwiser Bridge allows Stored XSS.This issue affects Edwiser Bridge: from n/a through 3.0.7.
Published: October 17, 2024; 3:15:24 PM -0400

V3.1: 5.4 MEDIUM

CVE-2024-49312 - Server-Side Request Forgery (SSRF) vulnerability in WisdmLabs Edwiser Bridge.This issue affects Edwiser Bridge: from n/a through 3.0.7.
Published: October 17, 2024; 2:15:14 PM -0400

V3.1: 8.6 HIGH