CVE-2024-49655

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in reputeinfosystems ARPrice arprice allows SQL Injection.This issue affects ARPrice: from n/a through = 4.1.3...

CVE-2024-49300

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NotFound Hero Mega Menu - Responsive WordPress Menu Plugin allows Reflected XSS. This issue affects Hero Mega Menu - Responsive WordPress Menu Plugin: from n/a through 1.16.5...

CVE-2024-51818

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in radykal Fancy Product Designer fancy-product-designer.This issue affects Fancy Product Designer: from n/a through = 6.4.3...

CVE-2024-53740

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPSwings WooCommerce Ultimate Gift Card woocommerce-ultimate-gift-card allows Reflected XSS.This issue affects WooCommerce Ultimate Gift Card: from n/a through 2.9.1...

CVE-2025-22700

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in shinetheme Traveler Code traveler-code.This issue affects Traveler Code: from n/a through 3.1.3...

CVE-2025-22699

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in shinetheme Traveler Code traveler-code.This issue affects Traveler Code: from n/a through 3.1.2...

PT-2025-4633 · Unknown · Notfound Traveler Code

Name of the Vulnerable Software and Affected Versions: NotFound Traveler Code versions n/a through 3.1.0 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows malicious SQL commands to be executed...

CVE-2025-24781

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NotFound WPJobBoard allows Reflected XSS. This issue affects WPJobBoard: from n/a through 5.10.1...

CVE-2025-24620

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hkharpreetkumar1 AIO Shortcodes aio-shortcodes allows Stored XSS.This issue affects AIO Shortcodes: from n/a through = 1.3...

CVE-2025-23923

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wackey Lockets lockets allows Reflected XSS.This issue affects Lockets: from n/a through = 0.999...

CVE-2025-23819

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Marco Milesi WP Cloud cloud allows Absolute Path Traversal.This issue affects WP Cloud: from n/a through = 1.4.3...

CVE-2025-23599

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aarvansh Infotech eMarksheet emarksheet allows Reflected XSS.This issue affects eMarksheet: from n/a through = 5.4.3...

CVE-2025-23755

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tosend.it PAFacile pafacile allows Reflected XSS.This issue affects PAFacile: from n/a through = 2.6.1...

CVE-2025-23685

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WebTechGlobal RomanCart romancart-on-wordpress allows Reflected XSS.This issue affects RomanCart: from n/a through = 0.0.2...

CVE-2025-23561

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in robertkay MLL Audio Player MP3 Ajax music-let-loose-mp3-audio-player allows Stored XSS.This issue affects MLL Audio Player MP3 Ajax: from n/a through = 0.7...

CVE-2025-22701

Server-Side Request Forgery SSRF vulnerability in shinetheme Traveler Layout Essential For Elementor traveler-layout-essential-for-elementor.This issue affects Traveler Layout Essential For Elementor: from n/a through 1.4...

CVE-2024-43333

Incorrect Privilege Assignment vulnerability in NotFound Admin and Site Enhancements ASE Pro allows Privilege Escalation. This issue affects Admin and Site Enhancements ASE Pro: from n/a through 7.6.2.1...

PT-2025-5202 · Unknown · Notfound Lockets

Name of the Vulnerable Software and Affected Versions: NotFound Lockets versions n/a through 0.999 Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows Reflected XSS. Recommendations: For versions n/a...

PT-2025-5117 · WordPress · Notfound Wp Cloud

Name of the Vulnerable Software and Affected Versions: NotFound WP Cloud versions 1.4.3 and earlier Description: The issue is related to an improper limitation of a pathname to a restricted directory, also known as 'Path Traversal', allowing Absolute Path Traversal. This enables unauthorized acce...

PT-2025-5450 · Unknown · Notfound Aio Shortcodes

Name of the Vulnerable Software and Affected Versions: NotFound AIO Shortcodes versions 1.3 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for Stored XSS. This means that an attacker can inject malicious scripts into the...