Security Vulnerabilities - CVEs Published In May 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aptivadadev Aptivada for WP allows DOM-Based XSS. This issue affects Aptivada for WP: from n/a through 2.0.0.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-05-16
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Estatik Mortgage Calculator Estatik allows PHP Local File Inclusion. This issue affects Mortgage Calculator Estatik: from n/a through 2.0.12.
CVSS Score
7.5
EPSS Score
0.002
Published
2025-05-16
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in proxymis Interview allows SQL Injection. This issue affects Interview: from n/a through 1.01.
CVSS Score
8.5
EPSS Score
0.0
Published
2025-05-16
Missing Authorization vulnerability in berthaai BERTHA AI allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects BERTHA AI: from n/a through 1.12.11.
CVSS Score
4.3
EPSS Score
0.001
Published
2025-05-16
Cross-Site Request Forgery (CSRF) vulnerability in sidngr Import Export For WooCommerce allows Stored XSS. This issue affects Import Export For WooCommerce: from n/a through 1.6.2.
CVSS Score
7.1
EPSS Score
0.0
Published
2025-05-16
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pencilwp X Addons for Elementor allows Stored XSS. This issue affects X Addons for Elementor: from n/a through 1.0.14.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-05-16
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeNcode TNC FlipBook allows Stored XSS. This issue affects TNC FlipBook: from n/a through 12.1.0.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-05-16
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in imithemes Eventer allows Blind SQL Injection. This issue affects Eventer: from n/a through 3.9.6.
CVSS Score
9.3
EPSS Score
0.0
Published
2025-05-16
Missing Authorization vulnerability in imithemes Eventer allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Eventer: from n/a through 3.9.6.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-05-16
Missing Authorization vulnerability in ValvePress Rankie allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Rankie: from n/a through 1.8.0.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-05-16