| 2025-04-12 | CVE-2025-32726 | Improper access control in Visual Studio Code allows an authorized attacker to elevate privileges locally. | 6.8 |
| 2025-04-12 | CVE-2025-2269 | The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘image_id’ parameter in all versions up to, and including, 1.8.34 due to insufficient input sanitization and output escaping. | 6.1 |
| 2025-04-11 | CVE-2024-11679 | An input validation weakness was reported in the TpmSetup module for some legacy System x server products that could allow a local attacker with elevated privileges to read the contents of memory. | 4.4 |
| 2025-04-11 | CVE-2025-3421 | Cross-site Scripting vulnerability in Wpeverest Everest Forms
The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'form_id' parameter in all versions up to, and including, 3.1.1 due to insufficient input sanitization and output escaping. | 6.1 |
| 2025-04-11 | CVE-2025-3422 | Code Injection vulnerability in Wpeverest Everest Forms
The The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.1.1. | 6.3 |
| 2025-04-11 | CVE-2025-3439 | Deserialization of Untrusted Data vulnerability in Wpeverest Everest Forms
The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.1 via deserialization of untrusted input from the 'field_value' parameter. | 9.8 |
| 2025-04-11 | CVE-2025-2541 | The WP Project Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.6.22 due to insufficient input sanitization and output escaping. | 6.4 |
| 2025-04-11 | CVE-2025-2575 | The Z Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. | 6.4 |
| 2025-04-11 | CVE-2025-2128 | The Cost Calculator Builder plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order_ids’ parameter in all versions up to, and including, 3.2.67 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 6.5 |
| 2025-04-11 | CVE-2025-3434 | The SMTP for Amazon SES – YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Email Logs in all versions up to, and including, 1.8 due to insufficient input sanitization and output escaping. | 7.2 |