CVE Schwachstellen

CVE-Datenbank angereichert mit CISA KEV und NVD Daten

Gesamt: 328,838 CVEs

CVE ID	CVSS	Schweregrad	KEV	Veroffentlicht
CVE-2025-49885 Unrestricted Upload of File with Dangerous Type vulnerability in HaruTheme Drag and Drop Multiple File Upload (Pro) - WooCommerce drag-and-drop-file-upload-wc-pro allows Upload a Web Shell to a Web Se...	N/A	NONE	—	6/27/2025
CVE-2025-49886 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WebGeniusLab Zikzag Core zikzag-core allows PHP Local File Inclusion.This issue...	N/A	NONE	—	6/27/2025
CVE-2025-50052 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in flexostudio Flexo Counter flexo-countdown allows Reflected XSS.This issue affects Flexo Counter: f...	N/A	NONE	—	6/27/2025
CVE-2025-52811 Path Traversal: '.../...//' vulnerability in Creanncy Davenport - Versatile Blog and Magazine WordPress Theme davenport allows PHP Local File Inclusion.This issue affects Davenport - Versatile Blog an...	N/A	NONE	—	6/27/2025
CVE-2025-52717 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in chrisbadgett LifterLMS lifterlms allows SQL Injection.This issue affects LifterLMS: from n/a throu...	9.8	CRITICAL	—	6/27/2025
CVE-2025-52722 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoinWebs Classiera classiera allows SQL Injection.This issue affects Classiera: from n/a through <...	N/A	NONE	—	6/27/2025
CVE-2025-52723 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in codesupplyco Networker networker allows PHP Local File Inclusion.This issue aff...	N/A	NONE	—	6/27/2025
CVE-2025-52724 Deserialization of Untrusted Data vulnerability in BoldThemes Amwerk amwerk allows Object Injection.This issue affects Amwerk: from n/a through <= 1.2.0.	N/A	NONE	—	6/27/2025
CVE-2025-52725 Deserialization of Untrusted Data vulnerability in pebas CouponXxL couponxxl allows Object Injection.This issue affects CouponXxL: from n/a through <= 3.0.0.	N/A	NONE	—	6/27/2025
CVE-2025-52726 Incorrect Privilege Assignment vulnerability in pebas CouponXxL Custom Post Types couponxxl-cpt allows Privilege Escalation.This issue affects CouponXxL Custom Post Types: from n/a through <= 3.0.	N/A	NONE	—	6/27/2025
CVE-2025-52727 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuanticaLabs CSS3 Vertical Web Pricing Tables css3_vertical_web_pricing_tables allows Reflected XS...	N/A	NONE	—	6/27/2025
CVE-2025-52729 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Diza diza allows PHP Local File Inclusion.This issue affects Diza: from...	N/A	NONE	—	6/27/2025
CVE-2025-52774 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Infility Infility Global infility-global allows Reflected XSS.This issue affects Infility Global: ...	N/A	NONE	—	6/27/2025
CVE-2025-52778 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michel - xiligroup dev xili-dictionary xili-dictionary allows Reflected XSS.This issue affects xil...	N/A	NONE	—	6/27/2025
CVE-2025-52799 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes LMS lms allows Reflected XSS.This issue affects LMS: from n/a through <= 9.2.	N/A	NONE	—	6/27/2025
CVE-2025-52808 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in real-web RealtyElite realtyelite allows PHP Local File Inclusion.This issue aff...	N/A	NONE	—	6/27/2025
CVE-2025-52809 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in John Russell National Weather Service Alerts national-weather-service-alerts al...	N/A	NONE	—	6/27/2025
CVE-2025-52816 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themehunk Zita zita allows PHP Local File Inclusion.This issue affects Zita: fr...	9.8	CRITICAL	—	6/27/2025
CVE-2025-52817 Missing Authorization vulnerability in ZealousWeb Abandoned Contact Form 7 abandoned-contact-form-7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Abandoned...	N/A	NONE	—	6/27/2025
CVE-2025-52818 Missing Authorization vulnerability in Dejan Jasnic Trusty Whistleblowing trusty-whistleblowing-solution allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trus...	N/A	NONE	—	6/27/2025
CVE-2025-52824 Missing Authorization vulnerability in MDJM Mobile DJ Manager mobile-dj-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mobile DJ Manager: from n/a t...	N/A	NONE	—	6/27/2025
CVE-2025-52827 Deserialization of Untrusted Data vulnerability in uxper Nuss nuss allows Object Injection.This issue affects Nuss: from n/a through <= 1.3.3.	N/A	NONE	—	6/27/2025
CVE-2025-52829 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in DirectIQ DirectIQ Email Marketing directiq-wp allows SQL Injection.This issue affects DirectIQ Ema...	N/A	NONE	—	6/27/2025
CVE-2025-52834 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in favethemes Homey homey allows SQL Injection.This issue affects Homey: from n/a through <= 2.4.7.	N/A	NONE	—	6/27/2025
CVE-2025-53193 Cross-Site Request Forgery (CSRF) vulnerability in Burst Statistics B.V. Burst Statistics burst-statistics allows Cross Site Request Forgery.This issue affects Burst Statistics: from n/a through <= 2....	N/A	NONE	—	6/27/2025
CVE-2025-53197 Cross-Site Request Forgery (CSRF) vulnerability in cookiebot Cookiebot cookiebot allows Cross Site Request Forgery.This issue affects Cookiebot: from n/a through <= 4.5.8.	N/A	NONE	—	6/27/2025
CVE-2025-53199 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HT Plugins HT Slider For Elementor ht-slider-for-elementor allows DOM-Based XSS.This issue affects...	N/A	NONE	—	6/27/2025
CVE-2025-53200 Missing Authorization vulnerability in QuantumCloud ChatBot chatbot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ChatBot: from n/a through <= 6.7.3.	N/A	NONE	—	6/27/2025
CVE-2025-53202 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CyberChimps Responsive Blocks responsive-block-editor-addons allows DOM-Based XSS.This issue affec...	N/A	NONE	—	6/27/2025
CVE-2025-53203 Cross-Site Request Forgery (CSRF) vulnerability in EDGARROJAS WooCommerce PDF Invoice Builder woo-pdf-invoice-builder allows Cross Site Request Forgery.This issue affects WooCommerce PDF Invoice Build...	N/A	NONE	—	6/27/2025
CVE-2025-53206 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HT Plugins HT Mega – Absolute Addons for WPBakery Page Builder ht-mega-for-wpbakery allows Stored ...	N/A	NONE	—	6/27/2025
CVE-2025-53211 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Roland Beaussant Audio Editor & Recorder audio-editor-recorder allows Retrieve Embedded Sensitive Data.T...	N/A	NONE	—	6/27/2025
CVE-2025-53253 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Josh WP Edit wp-edit allows Stored XSS.This issue affects WP Edit: from n/a through <= 4.0.4.	N/A	NONE	—	6/27/2025
CVE-2025-53254 Cross-Site Request Forgery (CSRF) vulnerability in Themeisle Cyrlitera cyrlitera allows Cross Site Request Forgery.This issue affects Cyrlitera: from n/a through <= 1.3.0.	N/A	NONE	—	6/27/2025
CVE-2025-53255 Missing Authorization vulnerability in Nabil Lemsieh HurryTimer hurrytimer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HurryTimer: from n/a through <= 2....	N/A	NONE	—	6/27/2025
CVE-2025-53256 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce YaySMTP yaysmtp allows SQL Injection.This issue affects YaySMTP: from n/a through <= 2...	N/A	NONE	—	6/27/2025
CVE-2025-53257 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Serhii Pasyuk Gmedia Photo Gallery grand-media allows PHP Local File Inclusion....	N/A	NONE	—	6/27/2025
CVE-2025-53258 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wow-Company Hover Effects hover-effects allows SQL Injection.This issue affects Hover Effects: fro...	N/A	NONE	—	6/27/2025
CVE-2025-53259 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in nicdark Hotel Booking nd-booking allows PHP Local File Inclusion.This issue aff...	N/A	NONE	—	6/27/2025
CVE-2025-53260 Unrestricted Upload of File with Dangerous Type vulnerability in getredhawkstudio File Manager Plugin For Wordpress file-manager-plugin-for-wordpress allows Upload a Web Shell to a Web Server.This iss...	N/A	NONE	—	6/27/2025
CVE-2025-53261 Cross-Site Request Forgery (CSRF) vulnerability in macbookandrew WP YouTube Live wp-youtube-live allows Cross Site Request Forgery.This issue affects WP YouTube Live: from n/a through <= 1.10.0.	N/A	NONE	—	6/27/2025
CVE-2025-53262 Cross-Site Request Forgery (CSRF) vulnerability in Writesonic Writesonic writesonic allows Cross Site Request Forgery.This issue affects Writesonic: from n/a through <= 1.0.5.	N/A	NONE	—	6/27/2025
CVE-2025-53263 Cross-Site Request Forgery (CSRF) vulnerability in PluginsCafe Address Autocomplete via Google for Gravity Forms gf-google-address-autocomplete allows Cross Site Request Forgery.This issue affects Add...	N/A	NONE	—	6/27/2025
CVE-2025-53271 Cross-Site Request Forgery (CSRF) vulnerability in Anton Bond Additional Order Filters for WooCommerce additional-order-filters-for-woocommerce allows Stored XSS.This issue affects Additional Order Fi...	N/A	NONE	—	6/27/2025
CVE-2025-53272 Cross-Site Request Forgery (CSRF) vulnerability in opicron Image Cleanup image-cleanup allows Cross Site Request Forgery.This issue affects Image Cleanup: from n/a through <= 1.9.2.	N/A	NONE	—	6/27/2025
CVE-2025-53273 Cross-Site Request Forgery (CSRF) vulnerability in Slickstream Slickstream slick-engagement allows Cross Site Request Forgery.This issue affects Slickstream: from n/a through <= 2.0.3.	N/A	NONE	—	6/27/2025
CVE-2025-53274 Cross-Site Request Forgery (CSRF) vulnerability in Hossin Asaadi WP Permalink Translator wp-permalink-translator allows Stored XSS.This issue affects WP Permalink Translator: from n/a through <= 1.7.6...	N/A	NONE	—	6/27/2025
CVE-2025-53275 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VaultDweller Leyka leyka allows DOM-Based XSS.This issue affects Leyka: from n/a through <= 3.32.1...	N/A	NONE	—	6/27/2025
CVE-2025-53276 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in omnipressteam Omnipress omnipress allows DOM-Based XSS.This issue affects Omnipress: from n/a thro...	N/A	NONE	—	6/27/2025
CVE-2025-46484 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nasir179125 Image Hover Effects For WPBakery Page Builder image-hover-effects-for-visual-composer ...	N/A	NONE	—	4/24/2025

Seite 15 von 6577

Zuruck Weiter

This product uses data from the NVD API but is not endorsed or certified by the NVD.