Total
307402 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-53564 | 2025-08-20 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup HTML5 Radio Player - WPBakery Page Builder Addon allows Reflected XSS. This issue affects HTML5 Radio Player - WPBakery Page Builder Addon: from n/a through 2.5. | ||||
| CVE-2025-49896 | 2025-08-20 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in wptasker WP Discord Post Plus – Supports Unlimited Channels allows Cross Site Request Forgery. This issue affects WP Discord Post Plus – Supports Unlimited Channels: from n/a through 1.0.2. | ||||
| CVE-2025-24364 | 1 Dani-garcia | 1 Vaultwarden | 2025-08-20 | 7.2 High |
| vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Attacker with authenticated access to the vaultwarden admin panel can execute arbitrary code in the system. The attacker could then change some settings to use sendmail as mail agent but adjust the settings in such a way that it would use a shell command. It then also needed to craft a special favicon image which would have the commands embedded to run during for example sending a test email. This vulnerability is fixed in 1.33.0. | ||||
| CVE-2025-24365 | 1 Dani-garcia | 1 Vaultwarden | 2025-08-20 | 8.1 High |
| vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Attacker can obtain owner rights of other organization. Hacker should know the ID of victim organization (in real case the user can be a part of the organization as an unprivileged user) and be the owner/admin of other organization (by default you can create your own organization) in order to attack. This vulnerability is fixed in 1.33.0. | ||||
| CVE-2020-1481 | 1 Microsoft | 1 Eslint | 2025-08-20 | 8.8 High |
| A remote code execution vulnerability exists in the ESLint extension for Visual Studio Code when it validates source code after opening a project, aka 'Visual Studio Code ESLint Extention Remote Code Execution Vulnerability'. | ||||
| CVE-2021-27081 | 1 Microsoft | 2 Eslint, Visual Studio Code Eslint Extension | 2025-08-20 | 7.8 High |
| Visual Studio Code ESLint Extension Remote Code Execution Vulnerability | ||||
| CVE-2014-1907 | 2 Videowhisper, Wordpress | 3 Live Streaming Integration Plugin, Videowhisper Live Streaming Integration, Wordpress | 2025-08-20 | N/A |
| Multiple directory traversal vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_login.php or (2) delete arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_logout.php. | ||||
| CVE-2022-3897 | 1 Tipsandtricks-hq | 1 Wp Affiliate Platform | 2025-08-20 | 5.5 Medium |
| The WP Affiliate Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 6.3.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2013-5714 | 2 Videowhisper, Wordpress | 3 Live Streaming Integration Plugin, Videowhisper Live Streaming Integration, Wordpress | 2025-08-20 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ls/htmlchat.php in the VideoWhisper Live Streaming Integration plugin 4.25.3 and possibly earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) message parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2014-1906 | 1 Videowhisper | 2 Live Streaming Integration Plugin, Videowhisper Live Streaming Integration | 2025-08-20 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) m parameter to lb_status.php; (2) msg parameter to vc_chatlog.php; n parameter to (3) channel.php, (4) htmlchat.php, (5) video.php, or (6) videotext.php; (7) message parameter to lb_logout.php; or ct parameter to (8) lb_status.php or (9) v_status.php in ls/. | ||||
| CVE-2022-3898 | 1 Tipsandtricks-hq | 1 Wp Affiliate Platform | 2025-08-20 | 8.8 High |
| The WP Affiliate Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.3.9. This is due to missing or incorrect nonce validation on various functions including the affiliates_menu method. This makes it possible for unauthenticated attackers to delete affiliate records, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2022-3896 | 1 Tipsandtricks-hq | 1 Wp Affiliate Platform | 2025-08-20 | 6.1 Medium |
| The WP Affiliate Platform plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_SERVER["REQUEST_URI"] in versions up to, and including, 6.3.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This is unlikely to work in modern browsers. | ||||
| CVE-2025-0145 | 1 Zoom | 6 Meeting Software Development Kit, Rooms, Rooms Controller and 3 more | 2025-08-20 | 4.6 Medium |
| Untrusted search path in the installer for some Zoom Workplace Apps for Windows may allow an authorized user to conduct an escalation of privilege via local access. | ||||
| CVE-2025-0144 | 1 Zoom | 7 Meeting Software Development Kit, Rooms, Rooms Controller and 4 more | 2025-08-20 | 3.1 Low |
| Out-of-bounds write in some Zoom Workplace Apps may allow an authorized user to conduct a loss of integrity via network access. | ||||
| CVE-2024-7122 | 1 Webtechstreet | 1 Elementor Addon Elements | 2025-08-20 | 6.4 Medium |
| The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.13.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-2092 | 1 Webtechstreet | 1 Elementor Addon Elements | 2025-08-20 | 5.4 Medium |
| The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Twitter Widget in all versions up to, and including, 1.13.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-4401 | 1 Webtechstreet | 1 Elementor Addon Elements | 2025-08-20 | 6.4 Medium |
| The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ and 'eae_slider_animation' parameters in all versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-6226 | 1 A17lab | 1 Wpstickybar | 2025-08-20 | 6.1 Medium |
| The WpStickyBar WordPress plugin through 2.1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2024-5765 | 1 A17lab | 1 Wpstickybar | 2025-08-20 | 9.8 Critical |
| The WpStickyBar WordPress plugin through 2.1.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection | ||||
| CVE-2024-9282 | 2 1234n, Bg5sbk | 2 Minicms, Minicms | 2025-08-20 | 4.3 Medium |
| A vulnerability was found in bg5sbk MiniCMS 1.11. It has been classified as problematic. Affected is an unknown function of the file page-edit.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions confusing version and file name information. The vendor was contacted early about this disclosure but did not respond in any way. | ||||