Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-05-03 CVE-2025-4237 A vulnerability was found in PCMan FTP Server 2.0.7 and classified as critical.
network
low complexity
CWE-120
7.3
7.3
2025-05-03 CVE-2025-4236 A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as critical.
network
low complexity
CWE-120
7.3
7.3
2025-05-03 CVE-2025-3815 The SurveyJS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.12.32 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-05-03 CVE-2024-13738 The The Motors - Car Dealer, Rental & Listing WordPress theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.6.65.
network
low complexity
CWE-94
7.3
7.3
2025-05-03 CVE-2025-3779 The Personizely plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘widgetId’ parameter in all versions up to, and including, 0.10 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-05-03 CVE-2025-3918 The Job Listings plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization within the register_action() function in versions 0.1 to 0.1.1.
network
low complexity
CWE-285
critical
 9.8
9.8
2025-05-03 CVE-2025-4168 The Subpage List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'subpages' shortcode in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-80
6.4
6.4
2025-05-03 CVE-2025-4170 The Xavin's Review Ratings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'xrr' shortcode in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2025-05-03 CVE-2025-4172 The VerticalResponse Newsletter Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'verticalresponse' shortcode in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2025-05-03 CVE-2025-4188 The Advanced Reorder Image Text Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.
network
low complexity
CWE-352
6.1
6.1