VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2025-04-25
CVE-2025-3912
The WS Form LITE – Drag & Drop Contact Form Builder for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_config' function in all versions up to, and including, 1.10.35.
network
low complexity
CWE-862
5.3
5.3
2025-04-25
CVE-2025-1565
The Mayosis Core plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.4.1 via the library/wave-audio/peaks/remote_dl.php file.
network
low complexity
CWE-22
7.5
7.5
2025-04-25
CVE-2025-1279
The BM Content Builder plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ux_cb_tools_import_item_ajax AJAX action in all versions up to, and including, 3.16.2.1.
network
low complexity
CWE-862
8.8
8.8
2025-04-25
CVE-2025-3870
The 1 Decembrie 1918 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.dec.2012.
network
low complexity
CWE-79
6.1
6.1
2025-04-25
CVE-2025-2238
The Vikinger theme for WordPress is vulnerable to privilege in all versions up to, and including, 1.9.30.
network
low complexity
CWE-269
8.8
8.8
2025-04-25
CVE-2025-3743
The Upsell Funnel Builder for WooCommerce plugin for WordPress is vulnerable to order manipulation in all versions up to, and including, 3.0.0.
network
low complexity
CWE-472
5.3
5.3
2025-04-25
CVE-2025-3866
The Add Google +1 (Plus one) social share Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0.
network
low complexity
CWE-79
6.1
6.1
2025-04-25
CVE-2025-3867
The Ajax Comment Form CST plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.
network
low complexity
CWE-79
6.1
6.1
2025-04-25
CVE-2025-3868
The Custom Admin-Bar Favorites plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'menuObject' parameter in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2025-04-25
CVE-2025-2580
The Contact Form by Bit Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.18.3 due to insufficient input sanitization and output escaping.
network
high complexity
CWE-79
4.9
4.9
«
Previous
1
2
3
(current)
4
5
...
16890
16891
»
Next