U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2025-46226 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ferranfg MPL-Publisher allows Stored XSS. This issue affects MPL-Publisher: from n/a through 2.18.0.
    Published: April 22, 2025; 6:15:15 AM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2025-46227 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brecht Custom Related Posts allows Stored XSS. This issue affects Custom Related Posts: from n/a through 1.7.4.
    Published: April 22, 2025; 6:15:15 AM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2024-13326 - The iBuildApp WordPress plugin through 0.2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
    Published: February 04, 2025; 1:15:29 AM -0500

  • CVE-2024-13098 - The WordPress Email Newsletter WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
    Published: February 01, 2025; 1:15:31 AM -0500

  • CVE-2024-13094 - The WP Triggers Lite WordPress plugin through 2.5.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
    Published: January 27, 2025; 1:15:23 AM -0500

  • CVE-2024-12774 - The Altra Side Menu WordPress plugin through 2.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete arbitrary menu via a CSRF attack
    Published: January 27, 2025; 1:15:22 AM -0500

  • CVE-2025-1453 - The Category Posts Widget WordPress plugin before 4.9.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capabilit... read CVE-2025-1453
    Published: April 24, 2025; 2:15:43 AM -0400

  • CVE-2024-13057 - The Dyn Business Panel WordPress plugin through 1.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
    Published: January 27, 2025; 1:15:23 AM -0500

  • CVE-2024-13056 - The Dyn Business Panel WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
    Published: January 27, 2025; 1:15:23 AM -0500

  • CVE-2024-13055 - The Dyn Business Panel WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
    Published: January 27, 2025; 1:15:23 AM -0500

  • CVE-2025-23044 - PwnDoc is a penetration test report generator. There is no CSRF protection in pwndoc, allowing attackers to send requests on a logged-in user's behalf. This includes GET and POST requests due to the missing SameSite= attribute on cookies and the a... read CVE-2025-23044
    Published: January 20, 2025; 11:15:28 AM -0500

    V3.1: 8.1 HIGH

  • CVE-2024-12773 - The Altra Side Menu WordPress plugin through 2.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks
    Published: January 27, 2025; 1:15:22 AM -0500

  • CVE-2025-3971 - A vulnerability classified as critical was found in PHPGurukul COVID19 Testing Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /add-phlebotomist.php. The manipulation of the argument empid leads to sql... read CVE-2025-3971
    Published: April 27, 2025; 10:15:15 AM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2025-3972 - A vulnerability, which was classified as critical, has been found in PHPGurukul COVID19 Testing Management System 1.0. Affected by this issue is some unknown functionality of the file /bwdates-report-result.php. The manipulation of the argument to... read CVE-2025-3972
    Published: April 27, 2025; 10:15:16 AM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2025-3973 - A vulnerability, which was classified as critical, was found in PHPGurukul COVID19 Testing Management System 1.0. This affects an unknown part of the file /check_availability.php. The manipulation of the argument mobnumber leads to sql injection. ... read CVE-2025-3973
    Published: April 27, 2025; 11:15:15 AM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2025-3974 - A vulnerability has been found in PHPGurukul COVID19 Testing Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /edit-phlebotomist.php?pid=11. The manipulation of the argument mobilenumber leads t... read CVE-2025-3974
    Published: April 27, 2025; 11:15:15 AM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2024-13325 - The Glossy WordPress plugin through 2.3.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
    Published: February 04, 2025; 1:15:29 AM -0500

  • CVE-2024-13115 - The WP Projects Portfolio with Client Testimonials WordPress plugin through 3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads v... read CVE-2024-13115
    Published: February 04, 2025; 1:15:28 AM -0500

  • CVE-2024-13114 - The WP Projects Portfolio with Client Testimonials WordPress plugin through 3.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege ... read CVE-2024-13114
    Published: February 04, 2025; 1:15:27 AM -0500

  • CVE-2025-3976 - A vulnerability was found in PHPGurukul COVID19 Testing Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /new-user-testing.php. The manipulation of the argument mobilenumber leads to sql inject... read CVE-2025-3976
    Published: April 27, 2025; 12:15:15 PM -0400

    V3.1: 9.8 CRITICAL

Created September 20, 2022 , Updated August 27, 2024