Total
276617 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-25793 | 1 Link Juice Keeper Project | 1 Link Juice Keeper | 2025-01-09 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in George Pattihis Link Juice Keeper plugin <= 2.0.2 versions. | ||||
| CVE-2023-25461 | 1 Smartlogix | 1 Wp-insert | 2025-01-09 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in namithjawahar Wp-Insert plugin <= 2.5.0 versions. | ||||
| CVE-2025-0335 | 2025-01-09 | 6.3 Medium | ||
| A vulnerability was found in code-projects Online Bike Rental System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the component Change Image Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other endpoints might be affected as well. | ||||
| CVE-2023-23995 | 1 Tinymce Custom Styles Project | 1 Tinymce Custom Styles | 2025-01-09 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tim Reeves & David Stöckl TinyMCE Custom Styles plugin <= 1.1.2 versions. | ||||
| CVE-2023-23889 | 1 Fullworksplugins | 1 Quick Paypal Payments | 2025-01-09 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25 versions. | ||||
| CVE-2023-23866 | 1 Interactive Geo Maps Project | 1 Interactive Geo Maps | 2025-01-09 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Carlos Moreira Interactive Geo Maps plugin <= 1.5.8 versions. | ||||
| CVE-2023-24005 | 1 Winwar | 1 Inline Tweet Sharer | 2025-01-09 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Winwar Media Inline Tweet Sharer – Twitter Sharing Plugin plugin <= 2.5.3 versions. | ||||
| CVE-2023-23723 | 1 Winwar | 1 Wp Email Capture | 2025-01-09 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Winwar Media WP Email Capture plugin <= 3.9.3 versions. | ||||
| CVE-2023-22691 | 1 Tipsandtricks-hq | 1 Category Specific Rss Feed Subscription | 2025-01-09 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Tips and Tricks HQ, Ruhul Amin Category Specific RSS feed Subscription plugin <= v2.1 versions. | ||||
| CVE-2024-6324 | 1 Gitlab | 1 Gitlab | 2025-01-09 | 4.3 Medium |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 15.7 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. It was possible to trigger a DoS by creating cyclic references between epics. | ||||
| CVE-2023-23790 | 1 Podsfoundation | 1 Pods | 2025-01-09 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Pods Framework Team Pods – Custom Content Types and Fields plugin <= 2.9.10.2 versions. | ||||
| CVE-2023-25784 | 1 Sticky Ad Bar Project | 1 Sticky Ad Bar | 2025-01-09 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bon Plan Gratos Sticky Ad Bar plugin <= 1.3.1 versions. | ||||
| CVE-2025-0336 | 2025-01-09 | 6.3 Medium | ||
| A vulnerability was found in Codezips Project Management System 1.0. It has been classified as critical. This affects an unknown part of the file /pages/forms/teacher.php. The manipulation of the argument name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-25787 | 1 Wp Resource Download Management Project | 1 Wp Resource Download Management | 2025-01-09 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wbolt team WP资源下载管理 plugin <= 1.3.9 versions. | ||||
| CVE-2023-25783 | 1 Firecask Like \& Share Button Project | 1 Firecask Like \& Share Button | 2025-01-09 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex Moss FireCask Like & Share Button plugin <= 1.1.5 versions. | ||||
| CVE-2023-25786 | 1 Eyes Only User Access Shortcode Project | 1 Eyes Only User Access Shortcode | 2025-01-09 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Thom Stark Eyes Only: User Access Shortcode plugin <= 1.8.2 versions. | ||||
| CVE-2023-25798 | 1 Olevmedia | 1 Olevmedia Shortcodes | 2025-01-09 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Olevmedia Olevmedia Shortcodes plugin <= 1.1.9 versions. | ||||
| CVE-2023-23820 | 1 Properfraction | 1 Profilepress | 2025-01-09 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ProfilePress Membership Team ProfilePress plugin <= 4.5.4 versions. | ||||
| CVE-2021-47039 | 1 Linux | 1 Linux Kernel | 2025-01-09 | 7.1 High |
| In the Linux kernel, the following vulnerability has been resolved: ataflop: potential out of bounds in do_format() The function uses "type" as an array index: q = unit[drive].disk[type]->queue; Unfortunately the bounds check on "type" isn't done until later in the function. Fix this by moving the bounds check to the start. | ||||
| CVE-2023-23874 | 1 Metaphorcreations | 1 Ditty | 2025-01-09 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Metaphor Creations Ditty plugin <= 3.0.32 versions. | ||||