Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-04-05 CVE-2025-1233 The Lafka Plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'lafka_options_upload' AJAX function in all versions up to, and including, 7.1.0.
network
low complexity
CWE-862
4.3
4.3
2025-04-05 CVE-2025-2789 The MultiVendorX – Empower Your WooCommerce Store with a Dynamic Multivendor Marketplace – Build the Next Amazon, eBay, Etsy plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_table_rate_shipping_row function in all versions up to, and including, 4.2.19.
network
low complexity
CWE-862
5.3
5.3
2025-04-05 CVE-2024-13604 The KB Support – Customer Support Ticket & Helpdesk Plugin, Knowledge Base Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.4 via the 'kbs' directory.
network
low complexity
CWE-200
7.5
7.5
2025-04-05 CVE-2025-0810 The Read More & Accordion plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.5.
network
high complexity
CWE-352
7.5
7.5
2025-04-05 CVE-2025-2544 The AI Content Pipelines plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-04-05 CVE-2025-2933 The Email Notifications for Updates plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the awun_import_settings() function in all versions up to, and including, 1.1.6.
network
low complexity
CWE-862
8.8
8.8
2025-04-05 CVE-2025-1500 IBM Maximo Application Suite 9.0 could allow an authenticated user to upload a file with dangerous types that could be executed by another user if opened.
network
low complexity
CWE-434
5.5
5.5
2025-04-05 CVE-2025-2889 The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Link Additional Parameters in all versions up to, and including, 7.7.3 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-04-04 CVE-2025-3265 Injection vulnerability in PHPgurukul E-Diary Management System 1.0
A vulnerability classified as critical was found in PHPGurukul e-Diary Management System 1.0.
network
low complexity
phpgurukul CWE-74
critical
 9.8
9.8
2025-04-04 CVE-2025-3266 Stack-based Buffer Overflow vulnerability in Qinguoyi Tinywebserver 1.0
A vulnerability, which was classified as critical, has been found in qinguoyi TinyWebServer up to 1.0.
network
low complexity
qinguoyi CWE-121
critical
 9.8
9.8