| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon plugin for WordPress is vulnerable to arbitrary file read due to insufficient file path validation in the 'history.php' file in all versions up to, and including, 2.4. This makes it possible for unauthenticated attackers to read arbitrary files on the affected site's server, which may contain sensitive information including database credentials. The vulnerability was partially patched in version 2.4. |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Jiro Sasamoto Ray Enterprise Translation lingotek-translation allows PHP Local File Inclusion.This issue affects Ray Enterprise Translation: from n/a through <= 1.7.0. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Astoundify Job Colors for WP Job Manager wp-job-manager-colors allows Stored XSS.This issue affects Job Colors for WP Job Manager: from n/a through <= 1.0.4. |
| Cross-Site Request Forgery (CSRF) vulnerability in Pagopar - Grupo M S.A. Pagopar – WooCommerce Gateway pagopar-woocommerce-gateway allows Stored XSS.This issue affects Pagopar – WooCommerce Gateway: from n/a through <= 2.7.1. |
| Cross-Site Request Forgery (CSRF) vulnerability in Adam Nowak Buddypress Humanity buddypress-humanity allows Cross Site Request Forgery.This issue affects Buddypress Humanity: from n/a through <= 1.2. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in leadbi LeadBI Plugin for WordPress leadbi allows Stored XSS.This issue affects LeadBI Plugin for WordPress: from n/a through <= 1.7. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Benjamin Chris WP Editor.md – The Perfect WordPress Markdown Editor wp-editormd allows Stored XSS.This issue affects WP Editor.md – The Perfect WordPress Markdown Editor: from n/a through <= 10.2.1. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in favethemes Homey homey allows Reflected XSS.This issue affects Homey: from n/a through <= 2.4.5. |
| Improper Restriction of XML External Entity Reference vulnerability in pixelgrade Category Icon category-icon allows XML Entity Linking.This issue affects Category Icon: from n/a through <= 1.0.3. |
| Missing Authorization vulnerability in rtakao Sandwich Adsense firsth3tagadsense allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sandwich Adsense: from n/a through <= 4.0.2. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetSearch jet-search allows DOM-Based XSS.This issue affects JetSearch: from n/a through <= 3.5.7. |
| Cross-Site Request Forgery (CSRF) vulnerability in Oganro Oganro Travel Portal Search Widget for HotelBeds APITUDE API oganro-travel-portal-search-widget-for-hotelbeds-apitude-api allows Cross Site Request Forgery.This issue affects Oganro Travel Portal Search Widget for HotelBeds APITUDE API: from n/a through <= 1.0. |
| A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations. |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dokuzsoft Technology E-Commerce Web Design Product allows XSS Through HTTP Headers.This issue affects E-Commerce Web Design Product: before 11.08.2025. |
| Cross-Site Request Forgery (CSRF) vulnerability in marcusjansen Live Sports Streamthunder live-sports-streamthunder allows Cross Site Request Forgery.This issue affects Live Sports Streamthunder: from n/a through <= 2.1. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Revolution Video Player revolution_video_player allows Reflected XSS.This issue affects Revolution Video Player: from n/a through <= 2.9.2. |
| Cross-Site Request Forgery (CSRF) vulnerability in Themefy Bloggie allows Reflected XSS.This issue affects Bloggie: from n/a through 2.0.8. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in woobewoo WBW Product Table PRO woo-producttables-pro allows SQL Injection.This issue affects WBW Product Table PRO: from n/a through <= 2.2.6. |
| In the Linux kernel, the following vulnerability has been resolved:
i40e: add max boundary check for VF filters
There is no check for max filters that VF can request. Add it. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in redqteam Wishlist wishlist allows Reflected XSS.This issue affects Wishlist: from n/a through <= 2.1.0. |
