The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.
For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.
Legal Disclaimer:
Here is where you can read the NVD legal disclaimer.
-
CVE-2025-46226 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ferranfg MPL-Publisher allows Stored XSS. This issue affects MPL-Publisher: from n/a through 2.18.0.
Published: April 22, 2025; 6:15:15 AM -0400V3.1: 5.4 MEDIUM
-
CVE-2025-46227 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brecht Custom Related Posts allows Stored XSS. This issue affects Custom Related Posts: from n/a through 1.7.4.
Published: April 22, 2025; 6:15:15 AM -0400V3.1: 5.4 MEDIUM
-
CVE-2024-13326 - The iBuildApp WordPress plugin through 0.2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Published: February 04, 2025; 1:15:29 AM -0500 -
CVE-2024-13098 - The WordPress Email Newsletter WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
Published: February 01, 2025; 1:15:31 AM -0500 -
CVE-2024-13094 - The WP Triggers Lite WordPress plugin through 2.5.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
Published: January 27, 2025; 1:15:23 AM -0500 -
CVE-2024-12774 - The Altra Side Menu WordPress plugin through 2.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete arbitrary menu via a CSRF attack
Published: January 27, 2025; 1:15:22 AM -0500 -
CVE-2025-1453 - The Category Posts Widget WordPress plugin before 4.9.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capabilit... read CVE-2025-1453
Published: April 24, 2025; 2:15:43 AM -0400 -
CVE-2024-13057 - The Dyn Business Panel WordPress plugin through 1.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
Published: January 27, 2025; 1:15:23 AM -0500 -
CVE-2024-13056 - The Dyn Business Panel WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
Published: January 27, 2025; 1:15:23 AM -0500 -
CVE-2024-13055 - The Dyn Business Panel WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
Published: January 27, 2025; 1:15:23 AM -0500 -
CVE-2025-23044 - PwnDoc is a penetration test report generator. There is no CSRF protection in pwndoc, allowing attackers to send requests on a logged-in user's behalf. This includes GET and POST requests due to the missing SameSite= attribute on cookies and the a... read CVE-2025-23044
Published: January 20, 2025; 11:15:28 AM -0500V3.1: 8.1 HIGH
-
CVE-2024-12773 - The Altra Side Menu WordPress plugin through 2.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks
Published: January 27, 2025; 1:15:22 AM -0500 -
CVE-2025-3971 - A vulnerability classified as critical was found in PHPGurukul COVID19 Testing Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /add-phlebotomist.php. The manipulation of the argument empid leads to sql... read CVE-2025-3971
Published: April 27, 2025; 10:15:15 AM -0400V3.1: 9.8 CRITICAL
-
CVE-2025-3972 - A vulnerability, which was classified as critical, has been found in PHPGurukul COVID19 Testing Management System 1.0. Affected by this issue is some unknown functionality of the file /bwdates-report-result.php. The manipulation of the argument to... read CVE-2025-3972
Published: April 27, 2025; 10:15:16 AM -0400V3.1: 9.8 CRITICAL
-
CVE-2025-3973 - A vulnerability, which was classified as critical, was found in PHPGurukul COVID19 Testing Management System 1.0. This affects an unknown part of the file /check_availability.php. The manipulation of the argument mobnumber leads to sql injection. ... read CVE-2025-3973
Published: April 27, 2025; 11:15:15 AM -0400V3.1: 9.8 CRITICAL
-
CVE-2025-3974 - A vulnerability has been found in PHPGurukul COVID19 Testing Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /edit-phlebotomist.php?pid=11. The manipulation of the argument mobilenumber leads t... read CVE-2025-3974
Published: April 27, 2025; 11:15:15 AM -0400V3.1: 9.8 CRITICAL
-
CVE-2024-13325 - The Glossy WordPress plugin through 2.3.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Published: February 04, 2025; 1:15:29 AM -0500 -
CVE-2024-13115 - The WP Projects Portfolio with Client Testimonials WordPress plugin through 3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads v... read CVE-2024-13115
Published: February 04, 2025; 1:15:28 AM -0500 -
CVE-2024-13114 - The WP Projects Portfolio with Client Testimonials WordPress plugin through 3.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege ... read CVE-2024-13114
Published: February 04, 2025; 1:15:27 AM -0500 -
CVE-2025-3976 - A vulnerability was found in PHPGurukul COVID19 Testing Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /new-user-testing.php. The manipulation of the argument mobilenumber leads to sql inject... read CVE-2025-3976
Published: April 27, 2025; 12:15:15 PM -0400V3.1: 9.8 CRITICAL