Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-05-01 | CVE-2025-4158 | A vulnerability was found in PCMan FTP Server up to 2.0.7. | 7.3 |
| 2025-05-01 | CVE-2025-4155 | Injection vulnerability in PHPgurukul Boat Booking System 1.0 A vulnerability, which was classified as critical, was found in PHPGurukul Boat Booking System 1.0. | 8.8 |
| 2025-05-01 | CVE-2025-4156 | Injection vulnerability in PHPgurukul Boat Booking System 1.0 A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. | 8.8 |
| 2025-05-01 | CVE-2025-3521 | The Team Members – Best WordPress Team Plugin with Team Slider, Team Showcase & Team Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Social Link icons in all versions up to, and including, 3.4.0 due to insufficient input sanitization and output escaping. | 6.4 |
| 2025-05-01 | CVE-2025-4100 | The Nautic Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'np_marinetraffic_map' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2025-05-01 | CVE-2025-4153 | Injection vulnerability in PHPgurukul Park Ticketing Management System 2.0 A vulnerability classified as critical was found in PHPGurukul Park Ticketing Management System 2.0. | 9.8 |
| 2025-05-01 | CVE-2025-4154 | Injection vulnerability in PHPgurukul Pre-School Enrollment System 1.0 A vulnerability, which was classified as critical, has been found in PHPGurukul Pre-School Enrollment System 1.0. | 8.8 |
| 2025-05-01 | CVE-2024-13381 | Cross-site Scripting vulnerability in Codepeople Calculated Fields Form The Calculated Fields Form WordPress plugin before 5.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 |
| 2025-05-01 | CVE-2025-3502 | Cross-site Scripting vulnerability in Weplugins WP Maps The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 |
| 2025-05-01 | CVE-2025-3503 | Cross-site Scripting vulnerability in Weplugins WP Maps The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 |