Security Vulnerabilities - CVEs Published In June 2025
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-countdown attribute of Countdown widget in all versions up to, and including, 4.11.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS Score
6.4
EPSS Score
0.001
Published
2025-06-10
The Ultimate Blocks – WordPress Blocks Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS Score
6.4
EPSS Score
0.002
Published
2025-06-10
Absolute path disclosure vulnerability in DM Corporative CMS. This vulnerability allows an attacker to view the contents of webroot/file, if navigating to a non-existent file.
CVSS Score
6.9
EPSS Score
0.003
Published
2025-06-10
A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the codform parameter in /modules/forms/collectform.asp.
CVSS Score
9.3
EPSS Score
0.002
Published
2025-06-10
An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/framesSelection.asp.
CVSS Score
6.9
EPSS Score
0.003
Published
2025-06-10
An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/framesSelectionNetworks.asp.
CVSS Score
6.9
EPSS Score
0.003
Published
2025-06-10
An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/select node/data.asp?mode=catalogue&id1=1&id2=1session=&cod=1&networks=0.
CVSS Score
6.9
EPSS Score
0.003
Published
2025-06-10
An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/selection.asp.
CVSS Score
6.9
EPSS Score
0.003
Published
2025-06-10
A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the name parameter in /antcatalogue.asp.
CVSS Score
9.3
EPSS Score
0.002
Published
2025-06-10
A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the cod parameter in /administer/node-selection/data.asp.
CVSS Score
9.3
EPSS Score
0.002
Published
2025-06-10