Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-5759
PHPGurukul Local Services Search Engine Management System edit-person-detail.php sql injection
Description: A vulnerability classified as critical was found in PHPGurukul Local Services Search Engine Management System 2.1. This vulnerability affects unknown code of the file /admin/edit-person-detail.php?editid=2. The manipulation of the argument editid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. In PHPGurukul Local Services Search Engine Management System 2.1 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei /admin/edit-person-detail.php?editid=2. Mit der Manipulation des Arguments editid mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (6.9)

EPSS Score: 0.03%

Source: CVE
June 6th, 2025 (1 day ago)

CVE-2025-5758
SourceCodester Open Source Clinic Management System doctor.php sql injection
Description: A vulnerability classified as critical has been found in SourceCodester Open Source Clinic Management System 1.0. This affects an unknown part of the file /doctor.php. The manipulation of the argument doctorname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. Es wurde eine Schwachstelle in SourceCodester Open Source Clinic Management System 1.0 entdeckt. Sie wurde als kritisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Datei /doctor.php. Dank Manipulation des Arguments doctorname mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (6.9)

EPSS Score: 0.03%

Source: CVE
June 6th, 2025 (1 day ago)

CVE-2025-5239
Domain For Sale <= 3.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via class_name Parameter
Description: The Domain For Sale plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class_name’ parameter in all versions up to, and including, 3.0.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS: MEDIUM (6.4)

EPSS Score: 0.03%

Source: CVE
June 6th, 2025 (1 day ago)

CVE-2025-49077
WordPress Dynamic Pricing and Discount Rules plugin <= 2.2.9 - Cross Site Request Forgery (CSRF) vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in ThemeHigh Dynamic Pricing and Discount Rules allows Cross Site Request Forgery.This issue affects Dynamic Pricing and Discount Rules: from n/a through 2.2.9.

CVSS: MEDIUM (4.3)

EPSS Score: 0.03%

Source: CVE
June 6th, 2025 (1 day ago)

CVE-2025-49076
WordPress The Plus Addons for Elementor Page Builder Lite plugin <= 6.2.7 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH Innovations The Plus Addons for Elementor Page Builder Lite allows Stored XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through 6.2.7.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
June 6th, 2025 (1 day ago)

CVE-2025-49075
WordPress Wishlist plugin <= 1.0.43 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Wishlist allows Stored XSS.This issue affects Wishlist: from n/a through 1.0.43.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
June 6th, 2025 (1 day ago)

CVE-2025-49074
WordPress WidgetKit plugin <= 2.5.4 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemesGrove WidgetKit allows Stored XSS.This issue affects WidgetKit: from n/a through 2.5.4.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
June 6th, 2025 (1 day ago)

CVE-2025-49068
WordPress Ocean Extra plugin <= 2.4.8 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OceanWP Ocean Extra allows Stored XSS.This issue affects Ocean Extra: from n/a through 2.4.8.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
June 6th, 2025 (1 day ago)

CVE-2025-49067
WordPress Nasa Core plugin < 6.4.1 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NasaTheme Nasa Core allows Stored XSS.This issue affects Nasa Core: from n/a before 6.4.1.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
June 6th, 2025 (1 day ago)

CVE-2025-48337
WordPress QuickCab plugin <= 1.3.3 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in QuickcabWP QuickCab.This issue affects QuickCab: from n/a through 1.3.3.

CVSS: MEDIUM (5.3)

EPSS Score: 0.03%

Source: CVE
June 6th, 2025 (1 day ago)