| 2025-02-19 | CVE-2025-1024 | Cross-site Scripting vulnerability in Churchcrm
A vulnerability exists in ChurchCRM 5.13.0 that allows an attacker to execute arbitrary JavaScript in a victim's browser via Reflected Cross-Site Scripting (XSS) in the EditEventAttendees.php page. | 4.8 |
| 2025-02-19 | CVE-2025-1132 | SQL Injection vulnerability in Churchcrm
A time-based blind SQL Injection vulnerability exists in the ChurchCRM 5.13.0 and prior EditEventAttendees.php within the EN_tyid parameter. | 8.8 |
| 2025-02-19 | CVE-2025-1133 | SQL Injection vulnerability in Churchcrm
A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based blind SQL Injection vulnerability in the EditEventAttendees functionality. | 7.2 |
| 2025-02-19 | CVE-2025-1134 | SQL Injection vulnerability in Churchcrm
A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based and time-based blind SQL Injection vulnerability in the DonatedItemEditor functionality. | 7.2 |
| 2025-02-19 | CVE-2025-1135 | SQL Injection vulnerability in Churchcrm
A vulnerability exists in ChurchCRM 5.13.0. | 7.2 |
| 2025-02-19 | CVE-2024-11335 | The UltraEmbed – Advanced Iframe Plugin For WordPress with Gutenberg Block Included plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'iframe' shortcode in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2025-02-19 | CVE-2024-11753 | The UMich OIDC Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'umich_oidc_button' shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2025-02-19 | CVE-2024-11778 | The CanadaHelps Embedded Donation Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'embedcdn' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2025-02-19 | CVE-2024-12069 | The Lexicata plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.16. | 6.1 |
| 2025-02-19 | CVE-2024-12339 | The Digihood HTML Sitemap plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘channel' parameter in all versions up to, and including, 3.1.1 due to insufficient input sanitization and output escaping. | 6.1 |