CVE-2025-39588 |
Description: Deserialization of Untrusted Data vulnerability in bdthemes Ultimate Store Kit Elementor Addons allows Object Injection. This issue affects Ultimate Store Kit Elementor Addons: from n/a through 2.4.0.
CVSS: CRITICAL (9.8)
April 17th, 2025 (about 3 hours ago)
|
CVE-2025-39587 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stylemix Cost Calculator Builder allows SQL Injection. This issue affects Cost Calculator Builder: from n/a through 3.2.65.
CVSS: CRITICAL (9.3)
April 17th, 2025 (about 3 hours ago)
|
CVE-2025-39586 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid allows SQL Injection. This issue affects ProfileGrid : from n/a through 5.9.4.8.
CVSS: HIGH (8.5)
April 17th, 2025 (about 3 hours ago)
|
CVE-2025-39583 |
Description: Missing Authorization vulnerability in berthaai BERTHA AI allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects BERTHA AI: from n/a through 1.12.10.2.
CVSS: HIGH (7.1)
April 17th, 2025 (about 3 hours ago)
|
CVE-2025-39580 |
Description: Missing Authorization vulnerability in jidaikobo Dashi allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Dashi: from n/a through 3.1.8.
CVSS: MEDIUM (5.8)
April 17th, 2025 (about 3 hours ago)
|
CVE-2025-39569 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in taskbuilder Taskbuilder allows Blind SQL Injection. This issue affects Taskbuilder: from n/a through 4.0.1.
CVSS: HIGH (8.5)
April 17th, 2025 (about 3 hours ago)
|
CVE-2025-39568 |
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Arture B.V. StoreContrl Woocommerce allows Path Traversal. This issue affects StoreContrl Woocommerce: from n/a through 4.1.3.
CVSS: HIGH (7.5)
April 17th, 2025 (about 3 hours ago)
|
CVE-2025-39567 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shamalli Web Directory Free allows Reflected XSS. This issue affects Web Directory Free: from n/a through 1.7.8.
CVSS: HIGH (7.1)
April 17th, 2025 (about 3 hours ago)
|
CVE-2025-39562 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople Payment Form for PayPal Pro allows Stored XSS. This issue affects Payment Form for PayPal Pro: from n/a through 1.1.72.
CVSS: MEDIUM (5.9)
April 17th, 2025 (about 3 hours ago)
|
CVE-2025-39559 |
Description: Missing Authorization vulnerability in Eivin Landa Bring Fraktguiden for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Bring Fraktguiden for WooCommerce: from n/a through 1.11.4.
CVSS: MEDIUM (6.5)
April 17th, 2025 (about 3 hours ago)
|