CVE-2025-6335 - DedeCMS Template Handler Command Injection Vulnerability
CVE ID : CVE-2025-6335
Published : June 20, 2025, 11:15 a.m. | 58 minutes ago
Description : A vulnerability was found in DedeCMS up to 5.7.2 and classified as critical. This issue affects some unknown processing of the file /include/dedetag.class.php of the component Template Handler. The manipulation of the argument notes leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6335
Published : June 20, 2025, 11:15 a.m. | 58 minutes ago
Description : A vulnerability was found in DedeCMS up to 5.7.2 and classified as critical. This issue affects some unknown processing of the file /include/dedetag.class.php of the component Template Handler. The manipulation of the argument notes leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52710 - Ninja Team File Manager Pro Cross-site Scripting (XSS)
CVE ID : CVE-2025-52710
Published : June 20, 2025, 3:15 p.m. | 58 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ninja Team File Manager Pro allows Stored XSS. This issue affects File Manager Pro: from n/a through 1.8.8.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52710
Published : June 20, 2025, 3:15 p.m. | 58 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ninja Team File Manager Pro allows Stored XSS. This issue affects File Manager Pro: from n/a through 1.8.8.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52711 - BoldGrid Post and Page Builder CSRF
CVE ID : CVE-2025-52711
Published : June 20, 2025, 3:15 p.m. | 58 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor allows Cross Site Request Forgery. This issue affects Post and Page Builder by BoldGrid – Visual Drag and Drop Editor: from n/a through 1.27.8.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52711
Published : June 20, 2025, 3:15 p.m. | 58 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor allows Cross Site Request Forgery. This issue affects Post and Page Builder by BoldGrid – Visual Drag and Drop Editor: from n/a through 1.27.8.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52713 - BoldGrid Post and Page Builder SSRF
CVE ID : CVE-2025-52713
Published : June 20, 2025, 3:15 p.m. | 58 minutes ago
Description : Server-Side Request Forgery (SSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor allows Server Side Request Forgery. This issue affects Post and Page Builder by BoldGrid – Visual Drag and Drop Editor: from n/a through 1.27.8.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52713
Published : June 20, 2025, 3:15 p.m. | 58 minutes ago
Description : Server-Side Request Forgery (SSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor allows Server Side Request Forgery. This issue affects Post and Page Builder by BoldGrid – Visual Drag and Drop Editor: from n/a through 1.27.8.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52715 - RadiusTheme Classified Listing PHP Remote File Inclusion Vulnerability
CVE ID : CVE-2025-52715
Published : June 20, 2025, 3:15 p.m. | 58 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Classified Listing allows PHP Local File Inclusion. This issue affects Classified Listing: from n/a through 4.2.0.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52715
Published : June 20, 2025, 3:15 p.m. | 58 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Classified Listing allows PHP Local File Inclusion. This issue affects Classified Listing: from n/a through 4.2.0.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52719 - Metagauss ProfileGrid Information Exposure Vulnerability
CVE ID : CVE-2025-52719
Published : June 20, 2025, 3:15 p.m. | 58 minutes ago
Description : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Metagauss ProfileGrid allows Retrieve Embedded Sensitive Data. This issue affects ProfileGrid : from n/a through 5.9.5.2.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52719
Published : June 20, 2025, 3:15 p.m. | 58 minutes ago
Description : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Metagauss ProfileGrid allows Retrieve Embedded Sensitive Data. This issue affects ProfileGrid : from n/a through 5.9.5.2.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52733 - Anonform Ab ANON::form DOM-Based Cross-site Scripting Vulnerability
CVE ID : CVE-2025-52733
Published : June 20, 2025, 3:15 p.m. | 58 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Anonform Ab ANON::form embedded secure form allows DOM-Based XSS. This issue affects ANON::form embedded secure form: from n/a through 1.7.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52733
Published : June 20, 2025, 3:15 p.m. | 58 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Anonform Ab ANON::form embedded secure form allows DOM-Based XSS. This issue affects ANON::form embedded secure form: from n/a through 1.7.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52772 - Adnan Haque (a11n) Virtual Moderator CSRF/XSS
CVE ID : CVE-2025-52772
Published : June 20, 2025, 3:15 p.m. | 58 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Adnan Haque (a11n) Virtual Moderator allows Cross-Site Scripting (XSS). This issue affects Virtual Moderator: from n/a through 1.4.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52772
Published : June 20, 2025, 3:15 p.m. | 58 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Adnan Haque (a11n) Virtual Moderator allows Cross-Site Scripting (XSS). This issue affects Virtual Moderator: from n/a through 1.4.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52780 - Logo Manager For Samandehi CSRF Stored XSS
CVE ID : CVE-2025-52780
Published : June 20, 2025, 3:15 p.m. | 58 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Mohammad Parsa Logo Manager For Samandehi allows Stored XSS. This issue affects Logo Manager For Samandehi: from n/a through 0.5.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52780
Published : June 20, 2025, 3:15 p.m. | 58 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Mohammad Parsa Logo Manager For Samandehi allows Stored XSS. This issue affects Logo Manager For Samandehi: from n/a through 0.5.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52781 - Beee TinyNav CSRF Stored XSS
CVE ID : CVE-2025-52781
Published : June 20, 2025, 3:15 p.m. | 58 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Beee TinyNav allows Stored XSS. This issue affects TinyNav: from n/a through 1.4.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52781
Published : June 20, 2025, 3:15 p.m. | 58 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Beee TinyNav allows Stored XSS. This issue affects TinyNav: from n/a through 1.4.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52782 - King Rayhan Scroll UP Cross-site Scripting Vulnerability
CVE ID : CVE-2025-52782
Published : June 20, 2025, 3:15 p.m. | 58 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in King Rayhan Scroll UP allows Reflected XSS. This issue affects Scroll UP: from n/a through 2.0.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52782
Published : June 20, 2025, 3:15 p.m. | 58 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in King Rayhan Scroll UP allows Reflected XSS. This issue affects Scroll UP: from n/a through 2.0.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52783 - WooCommerce Change Cart Button Colors CSRF Stored XSS
CVE ID : CVE-2025-52783
Published : June 20, 2025, 3:15 p.m. | 58 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in themelocation Change Cart button Colors WooCommerce allows Stored XSS. This issue affects Change Cart button Colors WooCommerce: from n/a through 1.0.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52783
Published : June 20, 2025, 3:15 p.m. | 58 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in themelocation Change Cart button Colors WooCommerce allows Stored XSS. This issue affects Change Cart button Colors WooCommerce: from n/a through 1.0.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52784 - Hideoguchi Bluff Post CSRF Stored XSS
CVE ID : CVE-2025-52784
Published : June 20, 2025, 3:15 p.m. | 58 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in hideoguchi Bluff Post allows Stored XSS. This issue affects Bluff Post: from n/a through 1.1.1.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52784
Published : June 20, 2025, 3:15 p.m. | 58 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in hideoguchi Bluff Post allows Stored XSS. This issue affects Bluff Post: from n/a through 1.1.1.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52789 - Lewe ChordPress CSRF Stored XSS
CVE ID : CVE-2025-52789
Published : June 20, 2025, 3:15 p.m. | 58 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in George Lewe Lewe ChordPress allows Stored XSS. This issue affects Lewe ChordPress: from n/a through 3.9.7.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52789
Published : June 20, 2025, 3:15 p.m. | 58 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in George Lewe Lewe ChordPress allows Stored XSS. This issue affects Lewe ChordPress: from n/a through 3.9.7.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52790 - WP-DownloadCounter CSRF Stored XSS
CVE ID : CVE-2025-52790
Published : June 20, 2025, 3:15 p.m. | 58 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in r-win WP-DownloadCounter allows Stored XSS. This issue affects WP-DownloadCounter: from n/a through 1.01.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52790
Published : June 20, 2025, 3:15 p.m. | 58 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in r-win WP-DownloadCounter allows Stored XSS. This issue affects WP-DownloadCounter: from n/a through 1.01.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52791 - Devfelixmoira Knowledge Base Maker CSRF Stored XSS
CVE ID : CVE-2025-52791
Published : June 20, 2025, 3:15 p.m. | 58 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in devfelixmoira Knowledge Base – Knowledge Base Maker allows Stored XSS. This issue affects Knowledge Base – Knowledge Base Maker: from n/a through 1.1.8.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52791
Published : June 20, 2025, 3:15 p.m. | 58 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in devfelixmoira Knowledge Base – Knowledge Base Maker allows Stored XSS. This issue affects Knowledge Base – Knowledge Base Maker: from n/a through 1.1.8.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52792 - Vgstef WP User Stylesheet Switcher CSRF Stored XSS
CVE ID : CVE-2025-52792
Published : June 20, 2025, 3:15 p.m. | 58 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in vgstef WP User Stylesheet Switcher allows Stored XSS. This issue affects WP User Stylesheet Switcher: from n/a through v2.2.0.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52792
Published : June 20, 2025, 3:15 p.m. | 58 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in vgstef WP User Stylesheet Switcher allows Stored XSS. This issue affects WP User Stylesheet Switcher: from n/a through v2.2.0.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52793 - Esselink.nu CSRF and XSS
CVE ID : CVE-2025-52793
Published : June 20, 2025, 3:15 p.m. | 58 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Esselink.nu Esselink.nu Settings allows Reflected XSS. This issue affects Esselink.nu Settings: from n/a through 2.94.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52793
Published : June 20, 2025, 3:15 p.m. | 58 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Esselink.nu Esselink.nu Settings allows Reflected XSS. This issue affects Esselink.nu Settings: from n/a through 2.94.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52794 - Creative-Solutions Creative Contact Form CSRF Stored XSS
CVE ID : CVE-2025-52794
Published : June 20, 2025, 3:15 p.m. | 58 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Creative-Solutions Creative Contact Form allows Stored XSS. This issue affects Creative Contact Form: from n/a through 1.0.0.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52794
Published : June 20, 2025, 3:15 p.m. | 58 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Creative-Solutions Creative Contact Form allows Stored XSS. This issue affects Creative Contact Form: from n/a through 1.0.0.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52795 - Aharonyan WP Front User Submit/Front Editor CSRF
CVE ID : CVE-2025-52795
Published : June 20, 2025, 3:15 p.m. | 58 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in aharonyan WP Front User Submit / Front Editor allows Cross Site Request Forgery. This issue affects WP Front User Submit / Front Editor: from n/a through 4.9.4.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52795
Published : June 20, 2025, 3:15 p.m. | 58 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in aharonyan WP Front User Submit / Front Editor allows Cross Site Request Forgery. This issue affects WP Front User Submit / Front Editor: from n/a through 4.9.4.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52802 - EnguerranWS Import YouTube videos as WP Posts Missing Authorization Vulnerability
CVE ID : CVE-2025-52802
Published : June 20, 2025, 3:15 p.m. | 58 minutes ago
Description : Missing Authorization vulnerability in enguerranws Import YouTube videos as WP Posts allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Import YouTube videos as WP Posts: from n/a through 2.1.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52802
Published : June 20, 2025, 3:15 p.m. | 58 minutes ago
Description : Missing Authorization vulnerability in enguerranws Import YouTube videos as WP Posts allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Import YouTube videos as WP Posts: from n/a through 2.1.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...