Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-04-01 CVE-2025-1267 The Groundhogg plugin for Wordpress is vulnerable to Stored Cross-Site Scripting via the ‘label' parameter in versions up to, and including, 3.7.4.1 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
5.5
5.5
2025-04-01 CVE-2025-1512 The PowerPack Elementor Addons (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Cursor Extension in all versions up to, and including, 2.9.0 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-04-01 CVE-2024-13567 The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.3.1 via the 'awesome-support' directory.
network
low complexity
CWE-200
7.5
7.5
2025-04-01 CVE-2025-1665 The Avada (Fusion) Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes in all versions up to, and including, 3.11.14 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2025-04-01 CVE-2025-31084 Deserialization of Untrusted Data vulnerability in sunshinephotocart Sunshine Photo Cart allows Object Injection.
network
low complexity
CWE-502
critical
 9.8
9.8
2025-04-01 CVE-2025-2007 The Import Export Suite for CSV and XML Datafeed plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteImage() function in all versions up to, and including, 7.19.
network
low complexity
CWE-23
8.1
8.1
2025-04-01 CVE-2025-2008 The Import Export Suite for CSV and XML Datafeed plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import_single_post_as_csv() function in all versions up to, and including, 7.19.
network
low complexity
CWE-434
8.8
8.8
2025-04-01 CVE-2025-21384 An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network.
network
low complexity
CWE-693
8.3
8.3
2025-04-01 CVE-2025-3042 A vulnerability classified as critical was found in Project Worlds Online Time Table Generator 1.0.
network
low complexity
CWE-434
6.3
6.3
2025-04-01 CVE-2025-3043 A vulnerability, which was classified as critical, has been found in GuoMinJim PersonManage 1.0.
network
low complexity
CWE-22
5.3
5.3