Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-05-07 | CVE-2025-47550 | Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Instantio Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Instantio allows Upload a Web Shell to a Web Server. This issue affects Instantio: from n/a through 3.3.16. | 7.2 |
| 2025-05-07 | CVE-2025-47612 | Missing Authorization vulnerability in Flowdee Clickwhale Missing Authorization vulnerability in flowdee ClickWhale allows Exploiting Incorrectly Configured Access Control Security Levels. | 8.8 |
| 2025-05-07 | CVE-2025-47623 | Cross-site Scripting vulnerability in Wpplugin Easy Paypal & Stripe BUY NOW Button Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scott Paterson Easy PayPal Buy Now Button allows Stored XSS. | 4.8 |
| 2025-05-07 | CVE-2025-47624 | Cross-Site Request Forgery (CSRF) vulnerability in Apasionados Dofollow Case BY Case Cross-Site Request Forgery (CSRF) vulnerability in apasionados DoFollow Case by Case allows Cross Site Request Forgery. | 8.8 |
| 2025-05-07 | CVE-2025-47625 | Cross-site Scripting vulnerability in Apasionados Dofollow Case BY Case Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in apasionados DoFollow Case by Case allows Stored XSS. | 4.8 |
| 2025-05-07 | CVE-2025-47626 | Cross-site Scripting vulnerability in Apasionados Submission DOM Tracking for Contact Form 7 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in apasionados Submission DOM tracking for Contact Form 7 allows Stored XSS. | 4.8 |
| 2025-05-07 | CVE-2025-47628 | Missing Authorization vulnerability in Quomodosoft QS Dark Mode Missing Authorization vulnerability in quomodosoft QS Dark Mode allows Exploiting Incorrectly Configured Access Control Security Levels. | 8.8 |
| 2025-05-07 | CVE-2025-47629 | Deserialization of Untrusted Data vulnerability in Wp-Crm System Deserialization of Untrusted Data vulnerability in Mario Peshev WP-CRM System allows Object Injection. | 7.2 |
| 2025-05-07 | CVE-2025-47630 | Cross-site Scripting vulnerability in Connekthq Ajax Load More Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Darren Cooney Ajax Load More allows Stored XSS. | 5.4 |
| 2025-05-07 | CVE-2025-47632 | Cross-site Scripting vulnerability in Raihancse Awesome Gallery 1.0 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Raihanul Islam Awesome Gallery allows Stored XSS. | 5.4 |