Common Vulnerabilities and Exposures (CVEs)

CVE ID : CVE-2024-5878

Published : May 20, 2025, 8:15 a.m. | 20 minutes ago

Description : Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin’s bundled SimpleLightbox JavaScript library (version 2.1.5) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4322

Published : May 20, 2025, 6:15 a.m. | 1 hour, 46 minutes ago

Description : The Motors theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.6.67. This is due to the theme not properly validating a user’s identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user passwords, including those of administrators, and leverage that to gain access to their account.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-2929

Published : May 20, 2025, 6:15 a.m. | 1 hour, 46 minutes ago

Description : The Order Delivery Date WordPress plugin before 12.4.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3078

Published : May 20, 2025, 12:15 a.m. | 19 minutes ago

Description : A passback vulnerability which relates to production printers and office multifunction printers.

Severity: 8.7 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4971

Published : May 20, 2025, 12:15 a.m. | 19 minutes ago

Description : Broadcom Automic
Automation Agent Unix versions
Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3079

Published : May 20, 2025, 12:15 a.m. | 19 minutes ago

Description : A passback vulnerability which relates to office/small office multifunction printers and laser printers.

Severity: 8.7 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-32924

Published : May 19, 2025, 8:15 p.m. | 3 hours, 59 minutes ago

Description : Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in roninwp Revy allows SQL Injection.This issue affects Revy: from n/a through 2.1.

Severity: 8.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-32925

Published : May 19, 2025, 8:15 p.m. | 3 hours, 59 minutes ago

Description : Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in FantasticPlugins SUMO Reward Points allows PHP Local File Inclusion.This issue affects SUMO Reward Points: from n/a through 30.7.0.

Severity: 8.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-32926

Published : May 19, 2025, 8:15 p.m. | 3 hours, 59 minutes ago

Description : Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in ThemeGoods Grand Restaurant WordPress allows Path Traversal.This issue affects Grand Restaurant WordPress: from n/a through 7.0.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-32927

Published : May 19, 2025, 8:15 p.m. | 3 hours, 59 minutes ago

Description : Deserialization of Untrusted Data vulnerability in Chimpstudio FoodBakery allows Object Injection.This issue affects FoodBakery: from n/a through 3.3.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-32928

Published : May 19, 2025, 8:15 p.m. | 3 hours, 59 minutes ago

Description : Deserialization of Untrusted Data vulnerability in ThemeGoods Altair allows Object Injection.This issue affects Altair: from n/a through 5.2.2.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-39348

Published : May 19, 2025, 8:15 p.m. | 3 hours, 59 minutes ago

Description : Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Restaurant WordPress allows Object Injection.This issue affects Grand Restaurant WordPress: from n/a through 7.0.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-39349

Published : May 19, 2025, 8:15 p.m. | 3 hours, 59 minutes ago

Description : Deserialization of Untrusted Data vulnerability in Potenzaglobalsolutions CiyaShop allows Object Injection.This issue affects CiyaShop: from n/a through 4.18.0.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-39354

Published : May 19, 2025, 8:15 p.m. | 2 hours, 33 minutes ago

Description : Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Conference allows Object Injection.This issue affects Grand Conference: from n/a through 5.2.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-39356

Published : May 19, 2025, 8:15 p.m. | 3 hours, 59 minutes ago

Description : Deserialization of Untrusted Data vulnerability in Chimpstudio Foodbakery Sticky Cart allows Object Injection.This issue affects Foodbakery Sticky Cart: from n/a through 3.2.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-39350

Published : May 19, 2025, 8:15 p.m. | 3 hours, 59 minutes ago

Description : Missing Authorization vulnerability in Rocket Apps wProject.This issue affects wProject: from n/a before 5.8.0.

Severity: 8.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-39357

Published : May 19, 2025, 8:15 p.m. | 3 hours, 59 minutes ago

Description : Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in mojoomla Hospital Management System allows SQL Injection.This issue affects Hospital Management System: from n/a through 47.0(20-11-2023).

Severity: 8.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-39365

Published : May 19, 2025, 8:15 p.m. | 2 hours, 33 minutes ago

Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Rocket Apps wProject allows Reflected XSS.This issue affects wProject: from n/a before 5.8.0.

Severity: 7.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-39352

Published : May 19, 2025, 8:15 p.m. | 2 hours, 33 minutes ago

Description : Missing Authorization vulnerability in ThemeGoods Grand Restaurant WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grand Restaurant WordPress: from n/a through 7.0.

Severity: 8.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-39355

Published : May 19, 2025, 8:15 p.m. | 3 hours, 59 minutes ago

Description : Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in roninwp FAT Services Booking allows SQL Injection.This issue affects FAT Services Booking: from n/a through 5.6.

Severity: 8.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…