Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-05-01 | CVE-2025-4100 | The Nautic Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'np_marinetraffic_map' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2025-05-01 | CVE-2025-4153 | Injection vulnerability in PHPgurukul Park Ticketing Management System 2.0 A vulnerability classified as critical was found in PHPGurukul Park Ticketing Management System 2.0. | 9.8 |
| 2025-05-01 | CVE-2025-4154 | Injection vulnerability in PHPgurukul Pre-School Enrollment System 1.0 A vulnerability, which was classified as critical, has been found in PHPGurukul Pre-School Enrollment System 1.0. | 8.8 |
| 2025-05-01 | CVE-2024-13381 | Cross-site Scripting vulnerability in Codepeople Calculated Fields Form The Calculated Fields Form WordPress plugin before 5.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 |
| 2025-05-01 | CVE-2025-3502 | Cross-site Scripting vulnerability in Weplugins WP Maps The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 |
| 2025-05-01 | CVE-2025-3503 | Cross-site Scripting vulnerability in Weplugins WP Maps The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 |
| 2025-05-01 | CVE-2025-3504 | Cross-site Scripting vulnerability in Weplugins WP Maps The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 |
| 2025-05-01 | CVE-2025-4151 | Injection vulnerability in PHPgurukul Curfew E-Pass Management System 1.0 A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. | 9.8 |
| 2025-05-01 | CVE-2025-4152 | Injection vulnerability in PHPgurukul Online Birth Certificate System 1.0 A vulnerability classified as critical has been found in PHPGurukul Online Birth Certificate System 1.0. | 9.8 |
| 2025-05-01 | CVE-2024-13845 | Server-Side Request Forgery (SSRF) vulnerability in Rocketgenius Gravity Forms Webhooks The Gravity Forms WebHooks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.0 via the 'process_feed' method of the GF_Webhooks class This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | 5.5 |