CVE-2025-31452 - Mindshare Labs, Inc. WP Ultimate Search Cross-site Scripting
CVE ID : CVE-2025-31452
Published : March 28, 2025, 12:15 p.m. | 1 hour, 44 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mindshare Labs, Inc. WP Ultimate Search allows Stored XSS. This issue affects WP Ultimate Search: from n/a through 2.0.3.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31452
Published : March 28, 2025, 12:15 p.m. | 1 hour, 44 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mindshare Labs, Inc. WP Ultimate Search allows Stored XSS. This issue affects WP Ultimate Search: from n/a through 2.0.3.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31453 - YouTube SimpleGallery Cross-Site Scripting (XSS)
CVE ID : CVE-2025-31453
Published : March 28, 2025, 12:15 p.m. | 1 hour, 44 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stian Andreassen YouTube SimpleGallery allows Stored XSS. This issue affects YouTube SimpleGallery: from n/a through 2.0.6.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31453
Published : March 28, 2025, 12:15 p.m. | 1 hour, 44 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stian Andreassen YouTube SimpleGallery allows Stored XSS. This issue affects YouTube SimpleGallery: from n/a through 2.0.6.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31456 - BSNDev Ultimate Security Checker CSRF Vulnerability
CVE ID : CVE-2025-31456
Published : March 28, 2025, 12:15 p.m. | 1 hour, 44 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in bsndev Ultimate Security Checker allows Cross Site Request Forgery. This issue affects Ultimate Security Checker: from n/a through 4.2.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31456
Published : March 28, 2025, 12:15 p.m. | 1 hour, 44 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in bsndev Ultimate Security Checker allows Cross Site Request Forgery. This issue affects Ultimate Security Checker: from n/a through 4.2.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31457 - Aurélien LWS LWS SMS CSRF Vulnerability
CVE ID : CVE-2025-31457
Published : March 28, 2025, 12:15 p.m. | 1 hour, 44 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Aurélien LWS LWS SMS allows Cross Site Request Forgery. This issue affects LWS SMS: from n/a through 2.4.1.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31457
Published : March 28, 2025, 12:15 p.m. | 1 hour, 44 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Aurélien LWS LWS SMS allows Cross Site Request Forgery. This issue affects LWS SMS: from n/a through 2.4.1.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31458 - Forsgren Video Embedder CSRF Stored XSS Vulnerability
CVE ID : CVE-2025-31458
Published : March 28, 2025, 12:15 p.m. | 1 hour, 44 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in forsgren Video Embedder allows Stored XSS. This issue affects Video Embedder: from n/a through 1.7.1.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31458
Published : March 28, 2025, 12:15 p.m. | 1 hour, 44 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in forsgren Video Embedder allows Stored XSS. This issue affects Video Embedder: from n/a through 1.7.1.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31459 - PasqualePuzio Login Alert CSRF Stored XSS
CVE ID : CVE-2025-31459
Published : March 28, 2025, 12:15 p.m. | 1 hour, 44 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in PasqualePuzio Login Alert allows Stored XSS. This issue affects Login Alert: from n/a through 0.2.1.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31459
Published : March 28, 2025, 12:15 p.m. | 1 hour, 44 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in PasqualePuzio Login Alert allows Stored XSS. This issue affects Login Alert: from n/a through 0.2.1.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31460 - OmniLeads Scripts and Tags Manager CSRF Stored XSS
CVE ID : CVE-2025-31460
Published : March 28, 2025, 12:15 p.m. | 1 hour, 44 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in danielmuldernl OmniLeads Scripts and Tags Manager allows Stored XSS. This issue affects OmniLeads Scripts and Tags Manager: from n/a through 1.3.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31460
Published : March 28, 2025, 12:15 p.m. | 1 hour, 44 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in danielmuldernl OmniLeads Scripts and Tags Manager allows Stored XSS. This issue affects OmniLeads Scripts and Tags Manager: from n/a through 1.3.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31463 - TGG WP Optimizer Cross-site Scripting (XSS)
CVE ID : CVE-2025-31463
Published : March 28, 2025, 12:15 p.m. | 1 hour, 44 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Preetinder Singh TGG WP Optimizer allows Stored XSS. This issue affects TGG WP Optimizer: from n/a through 1.22.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31463
Published : March 28, 2025, 12:15 p.m. | 1 hour, 44 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Preetinder Singh TGG WP Optimizer allows Stored XSS. This issue affects TGG WP Optimizer: from n/a through 1.22.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31464 - Nazmur Rahman Text Selection Color Stored Cross-site Scripting
CVE ID : CVE-2025-31464
Published : March 28, 2025, 12:15 p.m. | 1 hour, 44 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nazmur Rahman Text Selection Color allows Stored XSS. This issue affects Text Selection Color: from n/a through 1.6.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31464
Published : March 28, 2025, 12:15 p.m. | 1 hour, 44 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nazmur Rahman Text Selection Color allows Stored XSS. This issue affects Text Selection Color: from n/a through 1.6.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31465 - "CornerShop Better Section Navigation Widget Stored XSS"
CVE ID : CVE-2025-31465
Published : March 28, 2025, 12:15 p.m. | 1 hour, 44 minutes ago
Description : Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in cornershop Better Section Navigation Widget allows Stored XSS. This issue affects Better Section Navigation Widget: from n/a through 1.6.1.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31465
Published : March 28, 2025, 12:15 p.m. | 1 hour, 44 minutes ago
Description : Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in cornershop Better Section Navigation Widget allows Stored XSS. This issue affects Better Section Navigation Widget: from n/a through 1.6.1.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31466 - Falcon Solutions Duplicate Page and Post SQL Injection Vulnerability
CVE ID : CVE-2025-31466
Published : March 28, 2025, 12:15 p.m. | 1 hour, 44 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Falcon Solutions Duplicate Page and Post allows Blind SQL Injection. This issue affects Duplicate Page and Post: from n/a through 1.0.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31466
Published : March 28, 2025, 12:15 p.m. | 1 hour, 44 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Falcon Solutions Duplicate Page and Post allows Blind SQL Injection. This issue affects Duplicate Page and Post: from n/a through 1.0.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31469 - Webrangers Clear Sucuri Cache Missing Authorization Vulnerability
CVE ID : CVE-2025-31469
Published : March 28, 2025, 12:15 p.m. | 1 hour, 44 minutes ago
Description : Missing Authorization vulnerability in webrangers Clear Sucuri Cache allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Clear Sucuri Cache: from n/a through 1.4.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31469
Published : March 28, 2025, 12:15 p.m. | 1 hour, 44 minutes ago
Description : Missing Authorization vulnerability in webrangers Clear Sucuri Cache allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Clear Sucuri Cache: from n/a through 1.4.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31470 - FancyThemes Page Takeover Stored Cross-site Scripting Vulnerability
CVE ID : CVE-2025-31470
Published : March 28, 2025, 12:15 p.m. | 1 hour, 44 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FancyThemes Page Takeover allows Stored XSS. This issue affects Page Takeover: from n/a through 1.1.6.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31470
Published : March 28, 2025, 12:15 p.m. | 1 hour, 44 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FancyThemes Page Takeover allows Stored XSS. This issue affects Page Takeover: from n/a through 1.1.6.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31471 - Falcon Solutions Duplicate Page and Post Stored Cross-site Scripting Vulnerability
CVE ID : CVE-2025-31471
Published : March 28, 2025, 12:15 p.m. | 1 hour, 44 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Falcon Solutions Duplicate Page and Post allows Stored XSS. This issue affects Duplicate Page and Post: from n/a through 1.0.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31471
Published : March 28, 2025, 12:15 p.m. | 1 hour, 44 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Falcon Solutions Duplicate Page and Post allows Stored XSS. This issue affects Duplicate Page and Post: from n/a through 1.0.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31472 - Flatty Stored Cross-Site Scripting
CVE ID : CVE-2025-31472
Published : March 28, 2025, 12:15 p.m. | 1 hour, 44 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michele Marri Flatty allows Stored XSS. This issue affects Flatty: from n/a through 2.0.0.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31472
Published : March 28, 2025, 12:15 p.m. | 1 hour, 44 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michele Marri Flatty allows Stored XSS. This issue affects Flatty: from n/a through 2.0.0.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31473 - WordPress Database Optimizer Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-31473
Published : March 28, 2025, 12:15 p.m. | 1 hour, 44 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in matthewprice1178 WP Database Optimizer allows Stored XSS. This issue affects WP Database Optimizer: from n/a through 1.2.1.3.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31473
Published : March 28, 2025, 12:15 p.m. | 1 hour, 44 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in matthewprice1178 WP Database Optimizer allows Stored XSS. This issue affects WP Database Optimizer: from n/a through 1.2.1.3.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31474 - Matthewprice1178 WP Database Optimizer CSRF Vulnerability
CVE ID : CVE-2025-31474
Published : March 28, 2025, 12:15 p.m. | 1 hour, 44 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in matthewprice1178 WP Database Optimizer allows Cross Site Request Forgery. This issue affects WP Database Optimizer: from n/a through 1.2.1.3.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31474
Published : March 28, 2025, 12:15 p.m. | 1 hour, 44 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in matthewprice1178 WP Database Optimizer allows Cross Site Request Forgery. This issue affects WP Database Optimizer: from n/a through 1.2.1.3.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-11504 - Streamsoft Prestiż SQL Injection
CVE ID : CVE-2024-11504
Published : March 28, 2025, 1:15 p.m. | 44 minutes ago
Description : Input from multiple fields in Streamsoft Prestiż is not sanitized properly, leading to an SQL injection vulnerability, which might be exploited by an authenticated remote attacker. This issue was fixed in 18.1.376.37 version of the software.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-11504
Published : March 28, 2025, 1:15 p.m. | 44 minutes ago
Description : Input from multiple fields in Streamsoft Prestiż is not sanitized properly, leading to an SQL injection vulnerability, which might be exploited by an authenticated remote attacker. This issue was fixed in 18.1.376.37 version of the software.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-7407 - Streamsoft Prestiż Password Encoding Algorithm Weakness
CVE ID : CVE-2024-7407
Published : March 28, 2025, 1:15 p.m. | 44 minutes ago
Description : Use of a custom password encoding algorithm in Streamsoft Prestiż software allows straightforward decoding of passwords using their encoded forms, which are stored in the application's database. One has to know the encoding algorithm, but it can be deduced by observing how password are transformed. This issue was fixed in 18.2.377 version of the software.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-7407
Published : March 28, 2025, 1:15 p.m. | 44 minutes ago
Description : Use of a custom password encoding algorithm in Streamsoft Prestiż software allows straightforward decoding of passwords using their encoded forms, which are stored in the application's database. One has to know the encoding algorithm, but it can be deduced by observing how password are transformed. This issue was fixed in 18.2.377 version of the software.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2908 - MeetMe Credentials Exposure
CVE ID : CVE-2025-2908
Published : March 28, 2025, 1:15 p.m. | 44 minutes ago
Description : The exposure of credentials in the call forwarding configuration module in MeetMe products in versions prior to 2024-09 allows an attacker to gain access to some important assets via configuration files.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2908
Published : March 28, 2025, 1:15 p.m. | 44 minutes ago
Description : The exposure of credentials in the call forwarding configuration module in MeetMe products in versions prior to 2024-09 allows an attacker to gain access to some important assets via configuration files.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2909 - DuoxMe Insecure Binary Decryption
CVE ID : CVE-2025-2909
Published : March 28, 2025, 1:15 p.m. | 44 minutes ago
Description : The lack of encryption in the DuoxMe (formerly Blue) application binary in versions prior to 3.3.1 for iOS devices allows an attacker to gain unauthorised access to the application code and discover sensitive information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2909
Published : March 28, 2025, 1:15 p.m. | 44 minutes ago
Description : The lack of encryption in the DuoxMe (formerly Blue) application binary in versions prior to 3.3.1 for iOS devices allows an attacker to gain unauthorised access to the application code and discover sensitive information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...