Total
304758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-48149 | 2025-08-20 | N/A | N/A | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in dedalx Cook&Meal allows PHP Local File Inclusion. This issue affects Cook&Meal: from n/a through 1.2.3. | |||||
| CVE-2025-53567 | 2025-08-20 | N/A | N/A | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in nK Ghost Kit allows PHP Local File Inclusion. This issue affects Ghost Kit: from n/a through 3.4.1. | |||||
| CVE-2025-49889 | 2025-08-20 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in imaprogrammer Custom Comment allows Stored XSS. This issue affects Custom Comment: from n/a through 2.1.6. | |||||
| CVE-2025-54040 | 2025-08-20 | N/A | N/A | ||
| Missing Authorization vulnerability in Webba Appointment Booking Webba Booking allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Webba Booking: from n/a through 5.1.20. | |||||
| CVE-2025-49438 | 2025-08-20 | N/A | N/A | ||
| Deserialization of Untrusted Data vulnerability in Max Chirkov Simple Login Log allows Object Injection. This issue affects Simple Login Log: from n/a through 1.1.3. | |||||
| CVE-2025-53563 | 2025-08-20 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Youtube Vimeo Video Player and Slider allows Reflected XSS. This issue affects Youtube Vimeo Video Player and Slider: from n/a through 3.8. | |||||
| CVE-2025-49391 | 2025-08-20 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Fetch Designs Sign-up Sheets allows Cross Site Request Forgery. This issue affects Sign-up Sheets: from n/a through 2.3.3. | |||||
| CVE-2025-49894 | 2025-08-20 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rewish WP Emmet allows Stored XSS. This issue affects WP Emmet: from n/a through 0.3.4. | |||||
| CVE-2025-53198 | 2025-08-20 | N/A | N/A | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in favethemes Houzez allows PHP Local File Inclusion. This issue affects Houzez: from n/a through 4.0.4. | |||||
| CVE-2025-49399 | 2025-08-20 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms allows Cross Site Request Forgery. This issue affects NEX-Forms: from n/a through 9.1.3. | |||||
| CVE-2025-53196 | 2025-08-20 | N/A | N/A | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetEngine allows Retrieve Embedded Sensitive Data. This issue affects JetEngine: from n/a through 3.7.0. | |||||
| CVE-2025-48163 | 2025-08-20 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup SHOUT - HTML5 Radio Player With Ads - ShoutCast and IceCast Support allows Reflected XSS. This issue affects SHOUT - HTML5 Radio Player With Ads - ShoutCast and IceCast Support: from n/a through 3.5.4. | |||||
| CVE-2025-54726 | 2025-08-20 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Miguel Useche JS Archive List allows SQL Injection. This issue affects JS Archive List: from n/a through n/a. | |||||
| CVE-2025-48142 | 2025-08-20 | N/A | N/A | ||
| Incorrect Privilege Assignment vulnerability in Saad Iqbal Bookify allows Privilege Escalation. This issue affects Bookify: from n/a through 1.0.9. | |||||
| CVE-2025-48154 | 2025-08-20 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Multimedia Playlist Slider Addon for WPBakery Page Builder allows Reflected XSS. This issue affects Multimedia Playlist Slider Addon for WPBakery Page Builder: from n/a through 2.1. | |||||
| CVE-2025-54677 | 2025-08-20 | N/A | N/A | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita allows Using Malicious Files. This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through 4.5.3. | |||||
| CVE-2025-49436 | 2025-08-20 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thiudis Custom Menu allows Stored XSS. This issue affects Custom Menu: from n/a through 1.8. | |||||
| CVE-2025-49397 | 2025-08-20 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Colorbox Lightbox allows Stored XSS. This issue affects Colorbox Lightbox: from n/a through 1.1.5. | |||||
| CVE-2025-54055 | 2025-08-20 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Druco allows Reflected XSS. This issue affects Druco: from n/a through 1.5.2. | |||||
| CVE-2025-54670 | 2025-08-20 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bobbingwide oik allows Reflected XSS. This issue affects oik: from n/a through 4.15.2. | |||||