Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-04-16 CVE-2025-3104 The WP STAGING Pro WordPress Backup Plugin for WordPress is vulnerable to Information Exposure in all versions up to and including 6.1.2 due to missing capability checks on the getOutdatedPluginsRequest() function.
network
low complexity
CWE-200
5.3
2025-04-16 CVE-2025-3677 A vulnerability classified as critical was found in lm-sys fastchat up to 0.2.36.
local
low complexity
CWE-502
5.3
2025-04-16 CVE-2025-3678 A vulnerability, which was classified as critical, has been found in PCMan FTP Server 2.0.7.
network
low complexity
CWE-120
7.3
2025-04-16 CVE-2025-0101 A low privileged user can set the date of the devices to the 19th of January 2038 an therefore exceed the 32-Bit time limit.
network
low complexity
CWE-190
6.5
2025-04-16 CVE-2025-3077 The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button shortcode and Custom CSS field in all versions up to, and including, 28.0.3 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
2025-04-16 CVE-2025-3676 SQL Injection vulnerability in Xxyopen Novel-Plus 3.5.0
A vulnerability classified as critical has been found in xxyopen Novel-Plus 3.5.0.
network
low complexity
xxyopen CWE-89
critical
9.8
2025-04-16 CVE-2025-3675 A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513.
network
low complexity
CWE-266
5.3
2025-04-16 CVE-2025-3247 The Contact Form 7 plugin for WordPress is vulnerable to Order Replay in all versions up to, and including, 6.0.5 via the 'wpcf7_stripe_skip_spam_check' function due to insufficient validation on a user controlled key.
network
low complexity
CWE-354
5.3
2025-04-16 CVE-2025-3667 A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513.
network
low complexity
CWE-266
5.3
2025-04-16 CVE-2025-3668 A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513.
network
low complexity
CWE-266
5.3