EUVD-2025-203265

A vulnerability was found in code-projects Student File Management System 1.0. Affected by this vulnerability is an unknown functionality of the file loginquery.php. Performing manipulation of the argument studno results in sql injection. The attack may be initiated remotely. The exploit has been...

Improper Access Control

mantisbt/mantisbt is vulnerable to improper access control. The vulnerability is due to insufficient access-level checks, which allows an attacker to exploit the Copy From functionality to retrieve column configurations from private projects without authorization...

CVE-2025-13366

The Rabbit Hole plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the plugin's reset functionality. This makes it possible for unauthenticated attackers to reset the plugin's settings...

CVE-2025-14571

A vulnerability has been found in projectworlds Advanced Library Management System 1.0. Affected by this issue is some unknown functionality of the file /borrowbook.php. Such manipulation of the argument rollnumber leads to sql injection. The attack may be launched remotely. The exploit has been...

CVE-2025-14537

A weakness has been identified in code-projects Class and Exam Timetable Management 1.0. Affected by this issue is some unknown functionality of the file /preview7.php. This manipulation of the argument courseyearsection/semester causes sql injection. Remote exploitation of the attack is possible...

CVE-2025-63067

Missing Authorization vulnerability in p-themes Porto Theme - Functionality porto-functionality allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Porto Theme - Functionality: from n/a through 3.7.3...

CVE-2025-63066

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in p-themes Porto Theme - Functionality porto-functionality allows Stored XSS.This issue affects Porto Theme - Functionality: from n/a through 3.7.3...

EUVD-2025-201963

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in p-themes Porto Theme - Functionality porto-functionality allows Stored XSS.This issue affects Porto Theme - Functionality: from n/a through = 3.6.2...

EUVD-2025-201889

A low privileged remote attacker can use the ssh feature to execute commands directly after login. The process stays open and uses resources which leads to a reduced performance of the management functions. Switching functionality is not affected...

CVE-2025-63066

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in p-themes Porto Theme - Functionality porto-functionality allows Stored XSS.This issue affects Porto Theme - Functionality: from n/a through 3.7.3...

CVE-2025-63067

Missing Authorization vulnerability in p-themes Porto Theme - Functionality porto-functionality allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Porto Theme - Functionality: from n/a through 3.7.3...

CVE-2025-63067 WordPress Porto Theme - Functionality plugin < 3.7.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in p-themes Porto Theme - Functionality porto-functionality allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Porto Theme - Functionality: from n/a through 3.7.3...

CVE-2025-63067

CVE-2025-63067 concerns a Missing Authorization vulnerability in the WordPress Porto Theme - Functionality plugin (portō-functionality) affecting versions up to 3.6.2. The underlying issue is Incorrectly Configured Access Control, resulting in a Broken Access Control vulnerability that can be exp...

CVE-2025-63067 WordPress Porto Theme - Functionality plugin < 3.7.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in p-themes Porto Theme - Functionality porto-functionality allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Porto Theme - Functionality: from n/a through 3.7.3...

CVE-2025-63066 WordPress Porto Theme - Functionality plugin < 3.7.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in p-themes Porto Theme - Functionality porto-functionality allows Stored XSS.This issue affects Porto Theme - Functionality: from n/a through 3.7.3...

CVE-2025-63066 WordPress Porto Theme - Functionality plugin < 3.7.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in p-themes Porto Theme - Functionality porto-functionality allows Stored XSS.This issue affects Porto Theme - Functionality: from n/a through 3.7.3...

CVE-2025-63066

CVE-2025-63066 affects WordPress Porto Theme - Functionality (porto-functionality) plugin versions

PT-2025-50066

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in p-themes Porto Theme - Functionality porto-functionality allows Stored XSS.This issue affects Porto Theme - Functionality: from n/a through = 3.6.2...

WordPress plugin Porto Theme - Functionality 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin... A security...

PT-2025-49578

Name of the Vulnerable Software and Affected Versions itsourcecode Student Management System version 1.0 Description A flaw exists in itsourcecode Student Management System 1.0, specifically within the file /newsubject.php. The sub argument is susceptible to SQL injection, allowing for remote...