Medium - CVE-2024-13758 - The CP Contact Form with PayPal plugin for...
The CP Contact Form with PayPal plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.52. This is due to missing or incorrect nonce validation...
NA - CVE-2025-0834 - Privilege escalation vulnerability has been...
Privilege escalation vulnerability has been found in Wondershare Dr.Fone version 13.5.21. This vulnerability could allow an attacker to escalate privileges by replacing the binary...
Medium - CVE-2025-0860 - The VR-Frases (collect & share quotes) plugin...
The VR-Frases (collect & share quotes) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters in all versions up to, and including, 3.0.1 due to insufficient...
Medium - CVE-2025-0861 - The VR-Frases (collect & share quotes) plugin...
The VR-Frases (collect & share quotes) plugin for WordPress is vulnerable to SQL Injection via several parameters in all versions up to, and including, 3.0.1 due to insufficient escaping on the...
NA - CVE-2025-21107 - Dell NetWorker, version(s) prior to 19.11.0.3,...
Dell NetWorker, version(s) prior to 19.11.0.3, all versions of 19.10 & prior versions contain(s) an Unquoted Search Path or Element vulnerability. A low privileged attacker with local access could...
NA - CVE-2025-23007 - A vulnerability in the NetExtender Windows...
A vulnerability in the NetExtender Windows client log export function allows unauthorized access to sensitive Windows system files, potentially leading to privilege escalation.
NA - CVE-2024-12409 - The Simple:Press Forum plugin for WordPress is...
The Simple:Press Forum plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 6.10.11 due to insufficient input...
Medium - CVE-2024-12524 - The Clinked Client Portal plugin for WordPress...
The Clinked Client Portal plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'clinked-login-button' shortcode in all versions up to, and including,...
NA - CVE-2024-13453 - The The Contact Form & SMTP Plugin for...
The The Contact Form & SMTP Plugin for WordPress by PirateForms plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.6.0. This is due to the...
NA - CVE-2024-13706 - The WP Image Uploader plugin for WordPress is...
The WP Image Uploader plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'file' parameter in all versions up to, and including, 1.0.1 due to insufficient input...