CVE-2025-39558 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks CRM Perks allows Reflected XSS. This issue affects CRM Perks: from n/a through 1.1.7.
CVSS: HIGH (7.1)
April 17th, 2025 (about 3 hours ago)
|
CVE-2025-39554 |
Description: Missing Authorization vulnerability in Elliot Sowersby / RelyWP AI Text to Speech allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AI Text to Speech: from n/a through 3.0.3.
CVSS: MEDIUM (6.5)
April 17th, 2025 (about 3 hours ago)
|
CVE-2025-39551 |
Description: Deserialization of Untrusted Data vulnerability in Mahmudul Hasan Arif FluentBoards allows Object Injection. This issue affects FluentBoards: from n/a through 1.47.
CVSS: CRITICAL (9.8)
April 17th, 2025 (about 3 hours ago)
|
CVE-2025-39550 |
Description: Deserialization of Untrusted Data vulnerability in Shahjahan Jewel FluentCommunity allows Object Injection. This issue affects FluentCommunity: from n/a through 1.2.15.
CVSS: CRITICAL (9.8)
April 17th, 2025 (about 3 hours ago)
|
CVE-2025-39542 |
Description: Incorrect Privilege Assignment vulnerability in Jauhari Xelion Xelion Webchat allows Privilege Escalation. This issue affects Xelion Webchat: from n/a through 9.1.0.
CVSS: HIGH (8.8)
April 17th, 2025 (about 3 hours ago)
|
CVE-2025-39535 |
Description: Authentication Bypass Using an Alternate Path or Channel vulnerability in appsbd Vitepos allows Authentication Abuse. This issue affects Vitepos: from n/a through 3.1.7.
CVSS: HIGH (7.2)
April 17th, 2025 (about 3 hours ago)
|
CVE-2025-39533 |
Description: Missing Authorization vulnerability in Starfish Reviews Starfish Review Generation & Marketing allows Privilege Escalation. This issue affects Starfish Review Generation & Marketing: from n/a through 3.1.14.
CVSS: HIGH (8.8)
April 17th, 2025 (about 3 hours ago)
|
CVE-2025-39532 |
Description: Missing Authorization vulnerability in spicethemes Spice Blocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Spice Blocks: from n/a through 2.0.7.1.
CVSS: HIGH (7.5)
April 17th, 2025 (about 3 hours ago)
|
CVE-2025-39527 |
Description: Deserialization of Untrusted Data vulnerability in bestwebsoft Rating by BestWebSoft allows Object Injection. This issue affects Rating by BestWebSoft: from n/a through 1.7.
CVSS: HIGH (8.8)
April 17th, 2025 (about 3 hours ago)
|
CVE-2025-39526 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in nicdark Hotel Booking allows PHP Local File Inclusion. This issue affects Hotel Booking: from n/a through 3.6.
CVSS: HIGH (8.1)
April 17th, 2025 (about 3 hours ago)
|