Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-03-26 CVE-2025-1784 The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the uagb block in all versions up to, and including, 2.19.0 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-03-26 CVE-2025-1490 The Smart Maintenance Mode plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘setstatus’ parameter in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2025-03-26 CVE-2025-2165 The SH Email Alert plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'mid' parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2025-03-26 CVE-2025-2573 The Amazing service box Addons For WPBakery Page Builder (formerly Visual Composer) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-03-26 CVE-2025-2576 The Ayyash Studio — The kick-start kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-03-26 CVE-2024-47516 A vulnerability was found in Pagure.
network
low complexity
CWE-88
critical
 9.8
9.8
2025-03-26 CVE-2025-2276 The Ultimate Dashboard – Custom WordPress Dashboard plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_module_actions function in all versions up to, and including, 3.8.7.
network
low complexity
CWE-862
4.3
4.3
2025-03-26 CVE-2025-2302 The Advanced Woo Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aws_search_terms shortcode in all versions up to, and including, 3.28 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2025-03-25 CVE-2024-31896 IBM SPSS Statistics 26.0, 27.0.1, 28.0.1, and 29.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
high complexity
CWE-327
5.9
5.9
2025-03-25 CVE-2025-2109 The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.30.15 via the init() function.
network
low complexity
CWE-918
5.8
5.8