Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-04-12 CVE-2025-32726 Improper access control in Visual Studio Code allows an authorized attacker to elevate privileges locally.
local
low complexity
CWE-284
6.8
2025-04-12 CVE-2025-2269 The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘image_id’ parameter in all versions up to, and including, 1.8.34 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
2025-04-11 CVE-2024-11679 An input validation weakness was reported in the TpmSetup module for some legacy System x server products that could allow a local attacker with elevated privileges to read the contents of memory.
local
low complexity
4.4
2025-04-11 CVE-2025-3421 Cross-site Scripting vulnerability in Wpeverest Everest Forms
The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'form_id' parameter in all versions up to, and including, 3.1.1 due to insufficient input sanitization and output escaping.
network
low complexity
wpeverest CWE-79
6.1
2025-04-11 CVE-2025-3422 Code Injection vulnerability in Wpeverest Everest Forms
The The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.1.1.
network
low complexity
wpeverest CWE-94
6.3
2025-04-11 CVE-2025-3439 Deserialization of Untrusted Data vulnerability in Wpeverest Everest Forms
The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.1 via deserialization of untrusted input from the 'field_value' parameter.
network
low complexity
wpeverest CWE-502
critical
9.8
2025-04-11 CVE-2025-2541 The WP Project Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.6.22 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
2025-04-11 CVE-2025-2575 The Z Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
2025-04-11 CVE-2025-2128 The Cost Calculator Builder plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order_ids’ parameter in all versions up to, and including, 3.2.67 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
6.5
2025-04-11 CVE-2025-3434 The SMTP for Amazon SES – YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Email Logs in all versions up to, and including, 1.8 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
7.2