Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-05-03 CVE-2025-4172 The VerticalResponse Newsletter Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'verticalresponse' shortcode in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2025-05-03 CVE-2025-4188 The Advanced Reorder Image Text Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.
network
low complexity
CWE-352
6.1
6.1
2025-05-03 CVE-2025-4198 The Alink Tap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.1.
network
low complexity
CWE-352
6.1
6.1
2025-05-03 CVE-2025-4199 The Abundatrade Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.02.
network
low complexity
CWE-352
6.1
6.1
2025-05-02 CVE-2025-4214 Injection vulnerability in PHPgurukul Online DJ Booking Management System 1.0
A vulnerability was found in PHPGuruku Online DJ Booking Management System 1.0 and classified as critical.
network
low complexity
phpgurukul CWE-74
critical
 9.8
9.8
2025-05-02 CVE-2025-4213 Injection vulnerability in PHPgurukul Online Birth Certificate System 1.0
A vulnerability has been found in PHPGurukul Online Birth Certificate System 1.0 and classified as critical.
network
low complexity
phpgurukul CWE-74
critical
 9.8
9.8
2025-05-02 CVE-2025-4210 A vulnerability classified as critical was found in Casdoor up to 1.811.0.
network
low complexity
CWE-639
7.3
7.3
2025-05-02 CVE-2025-2605 OS Command Injection vulnerability in Honeywell Mb-Secure Firmware and Mb-Secure PRO Firmware
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Honeywell MB-Secure allows Privilege Abuse.
network
low complexity
honeywell CWE-78
8.8
8.8
2025-05-02 CVE-2025-4204 The Ultimate Auction Pro plugin for WordPress is vulnerable to SQL Injection via the ‘auction_id’ parameter in all versions up to, and including, 1.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
7.5
7.5
2025-05-02 CVE-2025-2421 Code Injection vulnerability in Felisify Sambabox
Improper Control of Generation of Code ('Code Injection') vulnerability in Profelis Informatics SambaBox allows Code Injection.This issue affects SambaBox: before 5.1.
network
low complexity
felisify CWE-94
critical
 9.8
9.8