Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-04-25 CVE-2025-3912 The WS Form LITE – Drag & Drop Contact Form Builder for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_config' function in all versions up to, and including, 1.10.35.
network
low complexity
CWE-862
5.3
2025-04-25 CVE-2025-1565 The Mayosis Core plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.4.1 via the library/wave-audio/peaks/remote_dl.php file.
network
low complexity
CWE-22
7.5
2025-04-25 CVE-2025-1279 The BM Content Builder plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ux_cb_tools_import_item_ajax AJAX action in all versions up to, and including, 3.16.2.1.
network
low complexity
CWE-862
8.8
2025-04-25 CVE-2025-3870 The 1 Decembrie 1918 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.dec.2012.
network
low complexity
CWE-79
6.1
2025-04-25 CVE-2025-2238 The Vikinger theme for WordPress is vulnerable to privilege in all versions up to, and including, 1.9.30.
network
low complexity
CWE-269
8.8
2025-04-25 CVE-2025-3743 The Upsell Funnel Builder for WooCommerce plugin for WordPress is vulnerable to order manipulation in all versions up to, and including, 3.0.0.
network
low complexity
CWE-472
5.3
2025-04-25 CVE-2025-3866 The Add Google +1 (Plus one) social share Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0.
network
low complexity
CWE-79
6.1
2025-04-25 CVE-2025-3867 The Ajax Comment Form CST plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.
network
low complexity
CWE-79
6.1
2025-04-25 CVE-2025-3868 The Custom Admin-Bar Favorites plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'menuObject' parameter in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
2025-04-25 CVE-2025-2580 The Contact Form by Bit Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.18.3 due to insufficient input sanitization and output escaping.
network
high complexity
CWE-79
4.9