2025-04-17
2025-04-17 16:15Z
CRIT

CVE-2025-32665 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32665

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WebbyTemplate Office Locator office-locator allows SQL Injection.This issue affects Office Locator: from n/a through <= 1.3.0. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2025-04-17
2025-04-17 16:15Z
HIGH

CVE-2025-32662 — Deserialization: of Untrusted Data vulnerability in Stylemix uListing ulisting allows Object Injection.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32662

Deserialization of Untrusted Data vulnerability in Stylemix uListing ulisting allows Object Injection.This issue affects uListing: from n/a through <= 2.2.0. CVSSv3.1 8.8 (HIGH)

CWECWE 502TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-04-17
2025-04-17 16:15Z
CRIT

CVE-2025-32660 — Joomsky Js_job_manager: Unrestricted Upload of File with Dangerous Type vulnerability in JoomSky JS Job Manager js-jobs

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32660

Unrestricted Upload of File with Dangerous Type vulnerability in JoomSky JS Job Manager js-jobs allows Upload a Web Shell to a Web Server.This issue affects JS Job Manager: from n/a through <= 2.0.2. CVSSv3.1 10.0 (CRITICAL)

CWECWE 434VNDJoomskyTYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2025-04-17
2025-04-17 16:15Z
CRIT

CVE-2025-32658 — Deserialization: of Untrusted Data vulnerability in wpWax HelpGent helpgent allows Object Injection.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32658

Deserialization of Untrusted Data vulnerability in wpWax HelpGent helpgent allows Object Injection.This issue affects HelpGent: from n/a through <= 2.2.5. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-04-17
2025-04-17 16:15Z
CRIT

CVE-2025-32652 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in solacewp Solace Extra solace-extra allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32652

Unrestricted Upload of File with Dangerous Type vulnerability in solacewp Solace Extra solace-extra allows Using Malicious Files.This issue affects Solace Extra: from n/a through <= 1.3.1. CVSSv3.1 9.9 (CRITICAL)

CWECWE 434TYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2025-04-17
2025-04-17 16:15Z
CRIT

CVE-2025-32648 — Incorrect: Privilege Assignment vulnerability in Projectopia Projectopia projectopia-core allows Privilege Escalation.This issue affects Projectopia

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32648

Incorrect Privilege Assignment vulnerability in Projectopia Projectopia projectopia-core allows Privilege Escalation.This issue affects Projectopia: from n/a through <= 5.1.24. CVSSv3.1 9.8 (CRITICAL)

CWECWE 266TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-04-17
2025-04-17 16:15Z
HIGH

CVE-2025-32647 — Deserialization: of Untrusted Data vulnerability in PickPlugins Question Answer question-answer allows Object Injection.This issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32647

Deserialization of Untrusted Data vulnerability in PickPlugins Question Answer question-answer allows Object Injection.This issue affects Question Answer: from n/a through <= 1.2.73. CVSSv3.1 8.8 (HIGH)

CWECWE 502TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
728 × 90 / responsive · programmatic ad slot
2025-04-17
2025-04-17 16:15Z
CRIT

CVE-2025-32636 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32636

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in matthewrubin Local Magic local-magic allows SQL Injection.This issue affects Local Magic: from n/a through <= 2.9.0. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2025-04-17
2025-04-17 16:15Z
CRIT

CVE-2025-32626 — Joomsky Js_job_manager: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32626

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Job Manager js-jobs allows SQL Injection.This issue affects JS Job Manager: from n/a through <= 2.0.2. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89VNDJoomskyTYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2025-04-17
2025-04-17 16:15Z
HIGH

CVE-2025-32593 — Authorization: Missing Authorization vulnerability in Bytes Technolab Add Product Frontend for WooCommerce add-product-frontend-for-woocommerce allows Exploiting

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32593

Missing Authorization vulnerability in Bytes Technolab Add Product Frontend for WooCommerce add-product-frontend-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Add Product Frontend for WooCommerce: from n/a through <= 1.0.8. CVSSv3.1 8.2 (HIGH)

CWECWE 862TYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2025-04-17
2025-04-17 16:15Z
CRIT

CVE-2025-32583 — Control: Improper Control of Generation of Code ('Code Injection') vulnerability in termel PDF 2 Post

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32583

Improper Control of Generation of Code ('Code Injection') vulnerability in termel PDF 2 Post pdf2post allows Remote Code Inclusion.This issue affects PDF 2 Post: from n/a through <= 2.4.0. CVSSv3.1 9.9 (CRITICAL)

CWECWE 94TYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2025-04-17
2025-04-17 16:15Z
HIGH

CVE-2025-32573 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32573

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kiotviet KiotViet Sync kiotvietsync allows SQL Injection.This issue affects KiotViet Sync: from n/a through <= 1.8.4. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2025-04-17
2025-04-17 16:15Z
CRIT

CVE-2025-32572 — Deserialization: of Untrusted Data vulnerability in Climax Themes Kata Plus kata-plus allows Object Injection.This

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32572

Deserialization of Untrusted Data vulnerability in Climax Themes Kata Plus kata-plus allows Object Injection.This issue affects Kata Plus: from n/a through <= 1.5.3. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-04-17
2025-04-17 16:15Z
HIGH

CVE-2025-32571 — Deserialization: of Untrusted Data vulnerability in TuriTop TuriTop Booking System turitop-booking-system allows Object Injection.This

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32571

Deserialization of Untrusted Data vulnerability in TuriTop TuriTop Booking System turitop-booking-system allows Object Injection.This issue affects TuriTop Booking System: from n/a through <= 1.0.10. CVSSv3.1 8.8 (HIGH)

CWECWE 502TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-04-17
2025-04-17 16:15Z
CRIT

CVE-2025-31380 — Weak: Password Recovery Mechanism for Forgotten Password vulnerability in videowhisper Paid Videochat Turnkey Site

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-31380

Weak Password Recovery Mechanism for Forgotten Password vulnerability in videowhisper Paid Videochat Turnkey Site ppv-live-webcams allows Password Recovery Exploitation.This issue affects Paid Videochat Turnkey Site: from n/a through <= 7.3.11. CVSSv3.1 9.8 (CRITICAL)

CWECWE 640VNDWeakTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-04-17
2025-04-17 16:15Z
CRIT

CVE-2025-27302 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-27302

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Claudio Adrian Marrero CHATLIVE chatlive allows SQL Injection.This issue affects CHATLIVE: from n/a through <= 2.0.1. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2025-04-17
2025-04-17 16:15Z
CRIT

CVE-2025-27287 — Deserialization: of Untrusted Data vulnerability in ssvadim SS Quiz ssquiz allows Object Injection.This issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-27287

Deserialization of Untrusted Data vulnerability in ssvadim SS Quiz ssquiz allows Object Injection.This issue affects SS Quiz: from n/a through <= 2.0.5. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-04-17
2025-04-17 16:15Z
CRIT

CVE-2025-27286 — Deserialization: of Untrusted Data vulnerability in saoshyant1994 Saoshyant Slider saoshyant-slider allows Object Injection.This issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-27286

Deserialization of Untrusted Data vulnerability in saoshyant1994 Saoshyant Slider saoshyant-slider allows Object Injection.This issue affects Saoshyant Slider: from n/a through <= 3.0. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-04-17
2025-04-17 16:15Z
CRIT

CVE-2025-27282 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in rockgod100 Theme File Duplicator theme-file-duplicator

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-27282

Unrestricted Upload of File with Dangerous Type vulnerability in rockgod100 Theme File Duplicator theme-file-duplicator allows Using Malicious Files.This issue affects Theme File Duplicator: from n/a through <= 1.3. CVSSv3.1 9.9 (CRITICAL)

CWECWE 434TYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2025-04-17
2025-04-17 16:15Z
CRIT

CVE-2025-22655 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-22655

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Caio Web Dev CWD – Stealth Links cwd-stealth-links allows SQL Injection.This issue affects CWD – Stealth Links: from n/a through <= 1.3. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2025-04-17
2025-04-17 16:15Z
HIGH

CVE-2025-22636 — Neutralization: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vicente Ruiz

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-22636

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vicente Ruiz Gálvez VR-Frases vr-frases allows Reflected XSS.This issue affects VR-Frases: from n/a through <= 4.0.1. CVSSv3.1 8.2 (HIGH)

CWECWE 79TYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2025-04-16
2025-04-16 15:15Z
HIGH

CVE-2025-22040 — Linux Linux_kernel: In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix session use-after-free

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-22040

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix session use-after-free in multichannel connection There is a race condition between session setup and ksmbd_sessions_deregister. The session can be freed before the connection is added to channel list of session. This patch check reference count of session before freeing it. CVSSv3.1 8.8 (HIGH)

CWECWE 416TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-04-16
2025-04-16 13:15Z
CRIT

CVE-2025-39601 — Site: Cross-Site Request Forgery (CSRF) vulnerability in WPFactory Custom CSS, JS & PHP custom-css allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-39601

Cross-Site Request Forgery (CSRF) vulnerability in WPFactory Custom CSS, JS & PHP custom-css allows Remote Code Inclusion.This issue affects Custom CSS, JS & PHP: from n/a through <= 2.4.1. CVSSv3.1 9.6 (CRITICAL)

CWECWE 352TYPVulnerability
9.6
CVSS v3.1
98
Edit Score
2025-04-16
2025-04-16 13:15Z
HIGH

CVE-2025-39570 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-39570

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Lomu WPCOM Member wpcom-member allows PHP Local File Inclusion.This issue affects WPCOM Member: from n/a through <= 1.7.7. CVSSv3.1 8.8 (HIGH)

CWECWE 98TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-04-16
2025-04-16 13:15Z
CRIT

CVE-2025-39557 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in StellarWP Kadence WooCommerce Email Designer

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-39557

Unrestricted Upload of File with Dangerous Type vulnerability in StellarWP Kadence WooCommerce Email Designer kadence-woocommerce-email-designer allows Upload a Web Shell to a Web Server.This issue affects Kadence WooCommerce Email Designer: from n/a through <= 1.5.14. CVSSv3.1 9.1 (CRITICAL)

CWECWE 434TYPVulnerability
9.1
CVSS v3.1
96
Edit Score