General-Purpose System Vulnerabilities
Vulnerabilities related to traditional IT systems, servers, and desktop applications.
| CVE ID | Description | Severity | Published | Type |
|---|---|---|---|---|
| CVE-2025-4219 | The DPEPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dpe' shortcode in all … | Medium (6.4) | 2025-05-21 | General-Purpose |
| CVE-2025-4217 | The WP YouTube Video Optimizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ib_y… | Medium (6.4) | 2025-05-21 | General-Purpose |
| CVE-2025-4105 | The Splitit plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on… | Medium (5.4) | 2025-05-21 | General-Purpose |
| CVE-2025-48414 | There are several scripts in the web interface that are accessible via undocumented hard-coded credentials. The scripts… | Medium (6.5) | 2025-05-21 | General-Purpose |
| CVE-2025-48413 | The `/etc/passwd` and `/etc/shadow` files reveal hard-coded password hashes for the operating system "root" user. The c… | High (7.7) | 2025-05-21 | General-Purpose |