Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-05-01 | CVE-2025-3503 | Cross-site Scripting vulnerability in Weplugins WP Maps The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 |
| 2025-05-01 | CVE-2025-3504 | Cross-site Scripting vulnerability in Weplugins WP Maps The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 |
| 2025-05-01 | CVE-2025-4151 | Injection vulnerability in PHPgurukul Curfew E-Pass Management System 1.0 A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. | 9.8 |
| 2025-05-01 | CVE-2025-4152 | Injection vulnerability in PHPgurukul Online Birth Certificate System 1.0 A vulnerability classified as critical has been found in PHPGurukul Online Birth Certificate System 1.0. | 9.8 |
| 2025-05-01 | CVE-2024-13845 | Server-Side Request Forgery (SSRF) vulnerability in Rocketgenius Gravity Forms Webhooks The Gravity Forms WebHooks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.0 via the 'process_feed' method of the GF_Webhooks class This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | 5.5 |
| 2025-05-01 | CVE-2025-3952 | Missing Authorization vulnerability in Projectopia The Projectopia – WordPress Project Management plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'pto_remove_logo' function in all versions up to, and including, 5.1.16. | 8.1 |
| 2025-05-01 | CVE-2025-4099 | Cross-site Scripting vulnerability in Sizeable List Children The List Children plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'list_children' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-05-01 | CVE-2025-4150 | Classic Buffer Overflow vulnerability in Netgear Ex6200 Firmware 1.0.3.94 A vulnerability was found in Netgear EX6200 1.0.3.94. | 9.8 |
| 2025-05-01 | CVE-2025-1304 | Missing Authorization vulnerability in Spicethemes Newsblogger The NewsBlogger theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the newsblogger_install_and_activate_plugin() function in all versions up to, and including, 0.2.5.1. | 8.8 |
| 2025-05-01 | CVE-2025-1305 | Cross-Site Request Forgery (CSRF) vulnerability in Spicethemes Newsblogger The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2.5.4. | 8.8 |