Total
304045 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-30949 | 2025-07-16 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in Guru Team Site Chat on Telegram allows Object Injection. This issue affects Site Chat on Telegram: from n/a through 1.0.4. | |||||
| CVE-2025-49884 | 2025-07-16 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in alexvtn Internal Linking of Related Contents allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Internal Linking of Related Contents: from n/a through 1.1.8. | |||||
| CVE-2025-53757 | 2025-07-16 | N/A | N/A | ||
| This vulnerability exists in Digisol DG-GR6821AC Router due to misconfiguration of both Secure and HttpOnly flags on session cookies associated with the router web interface. A remote attacker could exploit this vulnerability by capturing the session cookies transmitted over an unsecure HTTP connection. Successful exploitation of this vulnerability could allow the attacker to obtain sensitive information from the targeted device. | |||||
| CVE-2025-49319 | 2025-07-16 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in WPFactory Wishlist for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Wishlist for WooCommerce: from n/a through 3.2.3. | |||||
| CVE-2025-54041 | 2025-07-16 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in WP Swings Wallet System for WooCommerce allows Cross Site Request Forgery. This issue affects Wallet System for WooCommerce: from n/a through 2.6.7. | |||||
| CVE-2025-52803 | 2025-07-16 | N/A | 7.5 HIGH | ||
| Missing Authorization vulnerability in uxper Sala allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Sala: from n/a through 1.1.3. | |||||
| CVE-2025-30936 | 2025-07-16 | N/A | 9.3 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Torod Company for Information Technology Torod allows SQL Injection. This issue affects Torod: from n/a through 1.9. | |||||
| CVE-2025-48166 | 2025-07-16 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Bill Minozzi Stop and Block bots plugin Anti bots allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Stop and Block bots plugin Anti bots: from n/a through 1.48. | |||||
| CVE-2025-31070 | 2025-07-16 | N/A | 7.5 HIGH | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in LambertGroup HTML5 Radio Player - WPBakery Page Builder Addon allows Path Traversal. This issue affects HTML5 Radio Player - WPBakery Page Builder Addon: from n/a through 2.5. | |||||
| CVE-2025-47554 | 2025-07-16 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuanticaLabs CSS3 Compare Pricing Tables for WordPress allows Reflected XSS. This issue affects CSS3 Compare Pricing Tables for WordPress: from n/a through 11.6. | |||||
| CVE-2025-54024 | 2025-07-16 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Greg Winiarski WPAdverts allows DOM-Based XSS. This issue affects WPAdverts: from n/a through 2.2.5. | |||||
| CVE-2025-52777 | 2025-07-16 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cmsMinds Pay with Contact Form 7 allows Reflected XSS. This issue affects Pay with Contact Form 7: from n/a through 1.0.4. | |||||
| CVE-2025-53984 | 2025-07-16 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetTabs allows Stored XSS. This issue affects JetTabs: from n/a through 2.2.9. | |||||
| CVE-2025-52819 | 2025-07-16 | N/A | 8.5 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in pakkemx Pakke Envíos allows SQL Injection. This issue affects Pakke Envíos: from n/a through 1.0.2. | |||||
| CVE-2025-54022 | 2025-07-16 | N/A | 6.5 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Elliot Sowersby / RelyWP Coupon Affiliates allows Cross Site Request Forgery. This issue affects Coupon Affiliates: from n/a through 6.4.0. | |||||
| CVE-2025-54030 | 2025-07-16 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in GSheetConnector by WesternDeal WooCommerce Google Sheet Connector allows Cross Site Request Forgery. This issue affects WooCommerce Google Sheet Connector: from n/a through 1.3.20. | |||||
| CVE-2025-46500 | 2025-07-16 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ValvePress Wordpress Auto Spinner allows Reflected XSS. This issue affects Wordpress Auto Spinner: from n/a through 3.25.0. | |||||
| CVE-2025-54036 | 2025-07-16 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Webba Appointment Booking Webba Booking allows Cross Site Request Forgery. This issue affects Webba Booking: from n/a through 5.1.20. | |||||
| CVE-2025-3871 | 2025-07-16 | N/A | 5.3 MEDIUM | ||
| Broken access control in Fortra's GoAnywhere MFT prior to 7.8.1 allows an attacker to create a denial of service situation when configured to use GoAnywhere One-Time Password (GOTP) email two-factor authentication (2FA) and the user has not set an email address. In this scenario, the attacker may enter the email address of a known user when prompted and the user will be disabled if that user has configured GOTP. | |||||
| CVE-2025-54039 | 2025-07-16 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Toast Plugins Animator allows Cross Site Request Forgery. This issue affects Animator: from n/a through 3.0.16. | |||||