Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TrackShip TrackShip for WooCommerce trackship-for-woocommerce allows SQL Injection.This issue affects TrackShip for WooCommerce: from n/a through <= 1.9.1.

Cross-Site Request Forgery (CSRF) vulnerability in Roxnor FundEngine wp-fundraising-donation allows Cross Site Request Forgery.This issue affects FundEngine: from n/a through <= 1.7.3.

Missing Authorization vulnerability in dgamoni LocateAndFilter locateandfilter allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LocateAndFilter: from n/a through <= 1.6.16.

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks WP Gravity Forms Zendesk gf-zendesk allows Phishing.This issue affects WP Gravity Forms Zendesk: from n/a through <= 1.1.2.

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for WooCommerce and Salesforce woo-salesforce-plugin-crm-perks allows Phishing.This issue affects Integration for WooCommerce and Salesforce: from n/a through <= 1.7.5.

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks WP Gravity Forms Dynamics CRM gf-dynamics-crm allows Phishing.This issue affects WP Gravity Forms Dynamics CRM: from n/a through <= 1.1.4.

Cross-Site Request Forgery (CSRF) vulnerability in silverplugins217 Product Quantity Dropdown For Woocommerce product-quantity-dropdown-for-woocommerce allows Cross Site Request Forgery.This issue affects Product Quantity Dropdown For Woocommerce: from n/a through <= 1.2.

Missing Authorization vulnerability in Mitchell Bennis Simple File List simple-file-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple File List: from n/a through <= 6.1.13.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jordy Meow Meow Gallery meow-gallery allows Stored XSS.This issue affects Meow Gallery: from n/a through <= 5.2.7.

Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows Cross Site Request Forgery.This issue affects WP Hotel Booking: from n/a through <= 2.1.9.

Cross-Site Request Forgery (CSRF) vulnerability in Hossni Mubarak Cool Author Box hm-cool-author-box-widget allows Cross Site Request Forgery.This issue affects Cool Author Box: from n/a through <= 3.0.0.

Cross-Site Request Forgery (CSRF) vulnerability in listamester Listamester listamester allows Cross Site Request Forgery.This issue affects Listamester: from n/a through <= 2.3.6.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevart Widget Countdown widget-countdown allows Stored XSS.This issue affects Widget Countdown: from n/a through <= 2.7.4.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CC CC BMI Calculator cc-bmi-calculator allows Stored XSS.This issue affects CC BMI Calculator: from n/a through <= 2.1.0.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chris Reynolds Progress Bar progress-bar allows Stored XSS.This issue affects Progress Bar: from n/a through <= 2.2.3.

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Greg Winiarski WPAdverts wpadverts allows PHP Local File Inclusion.This issue affects WPAdverts: from n/a through <= 2.2.2.

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Chill Download Monitor download-monitor allows PHP Local File Inclusion.This issue affects Download Monitor: from n/a through <= 5.0.22.

Booking logic flaw in Easy!Appointments v1.5.1 allows unauthenticated attackers to create appointments with excessively long durations, causing a denial of service by blocking all future booking availability.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Stored XSS.This issue affects Royal Elementor Addons: from n/a through <= 1.7.1017.

Improper input validation in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows local attackers to access data within Samsung Gallery.

Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows remote attackers to access data and perform internal operations within Samsung Gallery.

Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows attackers to read and write arbitrary file with the privilege of Samsung Gallery.

Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows physical attackers to access data across multiple user profiles.

Improper export of android application components in Settings in Galaxy Watch prior to SMR May-2025 Release 1 allows physical attackers to access developer settings.

The AWS Amplify Studio UI component property expressions in the aws-amplify/amplify-codegen-ui package lack input validation. This could potentially allow an authenticated user who has access to create or modify components to run arbitrary JavaScript code during the component rendering and build process.