CVE-2025-24756 CVSS:7.1
Cross-Site Request Forgery (CSRF) vulnerability in mgplugin Roi Calculator allows Stored XSS. This issue affects Roi Calculator: from n/a through 1.0. (Last Update:2025-01-24 18:15:49) (Publish Update:2025-01-24 17:25:19)
CVE-2025-24755 CVSS:6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in add-ons.org PDF Invoices for WooCommerce + Drag and Drop Template Builder allows Stored XSS. This issue affects PDF Invoices for WooCommerce + Drag and Drop Template Builder: from n/a through 4.6.0. (Last Update:2025-01-24 18:15:49) (Publish Update:2025-01-24 17:25:22)
CVE-2025-24753 CVSS:4.3
Missing Authorization vulnerability in Kadence WP Gutenberg Blocks by Kadence Blocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Gutenberg Blocks by Kadence Blocks: from n/a through 3.3.1. (Last Update:2025-01-24 18:15:49) (Publish Update:2025-01-24 17:25:22)
CVE-2025-24751 CVSS:4.3
Missing Authorization vulnerability in GoDaddy CoBlocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CoBlocks: from n/a through 3.1.13. (Last Update:2025-01-24 18:15:49) (Publish Update:2025-01-24 17:25:21)
CVE-2025-24750 CVSS:5.4
Missing Authorization vulnerability in ExactMetrics ExactMetrics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ExactMetrics: from n/a through 8.1.0. (Last Update:2025-01-24 18:15:49) (Publish Update:2025-01-24 17:25:20)
CVE-2025-24746 CVSS:6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Popup Maker Popup Maker allows Stored XSS. This issue affects Popup Maker: from n/a through 1.20.2. (Last Update:2025-01-24 18:15:48) (Publish Update:2025-01-24 17:25:23)
CVE-2025-24739 CVSS:4.3
Cross-Site Request Forgery (CSRF) vulnerability in FluentSMTP & WPManageNinja Team FluentSMTP allows Cross Site Request Forgery. This issue affects FluentSMTP: from n/a through 2.2.80. (Last Update:2025-01-24 18:15:48) (Publish Update:2025-01-24 17:25:10)
CVE-2025-24738 CVSS:4.3
Cross-Site Request Forgery (CSRF) vulnerability in NowButtons.com Call Now Button allows Cross Site Request Forgery. This issue affects Call Now Button: from n/a through 1.4.13. (Last Update:2025-01-24 18:15:48) (Publish Update:2025-01-24 17:25:15)
CVE-2025-24736 CVSS:4.3
Missing Authorization vulnerability in Metaphor Creations Post Duplicator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Post Duplicator: from n/a through 2.35. (Last Update:2025-01-24 18:15:48) (Publish Update:2025-01-24 17:25:24)
CVE-2025-24733 CVSS:6.5
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AddonMaster Post Grid Master allows PHP Local File Inclusion. This issue affects Post Grid Master: from n/a through 3.4.12. (Last Update:2025-01-24 18:15:48) (Publish Update:2025-01-24 17:25:17)
This vulnerability list widget is provided by www.cvedetails.com. CVEdetails.com is updated! Visit www.cvedetails.com to see what's new in the new version!