A remote code execution vulnerability in IDF (CVSS 5.3). Remediation should follow standard vulnerability management procedures.
A security vulnerability in for WordPress is vulnerable to Full Path Disclosure in all (CVSS 5.3). Remediation should follow standard vulnerability management procedures.
Insertion of Sensitive Information Into Sent Data vulnerability in CodeRevolution Crawlomatic Multisite Scraper Post Generator allows Retrieve Embedded Sensitive Data. This issue affects Crawlomatic Multisite Scraper Post Generator: from n/a through 2.6.8.2.
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in whassan KI Live Video Conferences allows Retrieve Embedded Sensitive Data. This issue affects KI Live Video Conferences: from n/a through 5.5.15.
Missing Authorization vulnerability in WP Map Plugins Interactive Regional Map of Florida allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Interactive Regional Map of Florida: from n/a through 1.0.
Missing Authorization vulnerability in PickPlugins Job Board Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Job Board Manager: from n/a through 2.1.60.
A remote code execution vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures.
Missing Authorization vulnerability in Mario Peshev WP-CRM System allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WP-CRM System: from n/a through 3.4.2.
Missing Authorization vulnerability in Soft8Soft LLC Verge3D allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Verge3D: from n/a through 4.9.4.
A security vulnerability in Missing Authorization vulnerability in bobbingwide oik (CVSS 5.3). Remediation should follow standard vulnerability management procedures.
A security vulnerability in raychat Raychat allows Accessing Functionality Not Properly Constrained by ACLs (CVSS 5.3) that allows accessing functionality not properly constrained. Remediation should follow standard vulnerability management procedures.
Missing Authorization vulnerability in Miguel Fuentes Payment QR WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Payment QR WooCommerce: from n/a through 1.1.6.
A security vulnerability in Missing Authorization vulnerability in taskbuilder Taskbuilder (CVSS 5.3) that allows accessing functionality not properly constrained. Remediation should follow standard vulnerability management procedures.
Missing Authorization vulnerability in OLIVESYSTEM 診断ジェネレータ作成プラグイン allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects 診断ジェネレータ作成プラグイン: from n/a through 1.4.16.
A remote code execution vulnerability (CVSS 5.3) that allows accessing functionality not properly constrained. Remediation should follow standard vulnerability management procedures.
Missing Authorization vulnerability in EXEIdeas International WP AutoKeyword allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP AutoKeyword: from n/a through 1.0.
A security vulnerability in Missing Authorization vulnerability in viralloops Viral Loops WP Integration (CVSS 5.3). Remediation should follow standard vulnerability management procedures.
Missing Authorization vulnerability in Pascal Casier bbPress API allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects bbPress API: from n/a through 1.0.14.
A security vulnerability in Missing Authorization vulnerability in whassan KI Live Video Conferences (CVSS 5.3). Remediation should follow standard vulnerability management procedures.
Missing Authorization vulnerability in QuickcabWP QuickCab.This issue affects QuickCab: from n/a through 1.3.3.
Stored Cross-Site Scripting (XSS) vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious JavaScript payload in software that will run in the victim's browser. Exploiting this vulnerability requires authenticating to the device and executing certain commands that can be executed with view permission.
Code injection vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious payload in software that will run in the victim's browser. Exploiting this vulnerability requires authenticating to the device and executing certain commands that can be executed only with permissions higher than the view permission.
A remote code execution vulnerability in IDF (CVSS 5.1). Remediation should follow standard vulnerability management procedures.
The wallet has an authentication bypass vulnerability that allows access to specific pages.
A security vulnerability in add-ons (CVSS 5.0). Remediation should follow standard vulnerability management procedures.
A flaw was found in Samba. The smbd service daemon does not pick up group membership changes when re-authenticating an expired SMB session. This issue can expose file shares until clients disconnect and then connect again.
The Simple History plugin for WordPress is vulnerable to sensitive data exposure via Detective Mode due to improper sanitization within the append_debug_info_to_context() function in versions prior to 5.8.1. When Detective Mode is enabled, the plugin’s logger captures the entire contents of $_POST (and sometimes raw request bodies or $_GET) without redacting any password‐related keys. As a result, whenever a user submits a login form, whether via native wp_login or a third‐party login widget, their actual password is written in clear text into the logs. An authenticated attacker or any user whose actions generate a login event will have their password recorded; an administrator (or anyone with database read access) can then read those logs and retrieve every captured password.
The WP Online Users Stats plugin for WordPress is vulnerable to time-based SQL Injection via the ‘table_name’ parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Editor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Server-Side Request Forgery (SSRF) vulnerability in wpdive Nexa Blocks allows Server Side Request Forgery. This issue affects Nexa Blocks: from n/a through 1.1.0.
Server-Side Request Forgery (SSRF) vulnerability in ShawonPro SocialMark allows Server Side Request Forgery. This issue affects SocialMark: from n/a through 2.0.7.
Stored Cross-Site Scripting (XSS) vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious JavaScript payload in software that will run in the victim's browser. Exploiting this vulnerability requires authenticating to the device and executing certain commands that can only be executed with permissions higher than the view permission.
A security vulnerability in SystemUI (CVSS 4.8) that allows access. Remediation should follow standard vulnerability management procedures.
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Automattic Newspack Newsletters allows Phishing. This issue affects Newspack Newsletters: from n/a through 3.13.0.
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks WP Gravity Forms Constant Contact Plugin allows Phishing. This issue affects WP Gravity Forms Constant Contact Plugin: from n/a through 1.1.0.
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks WP Gravity Forms Salesforce allows Phishing. This issue affects WP Gravity Forms Salesforce: from n/a through 1.4.7.
CVE-2025-48904 is a security vulnerability (CVSS 4.4). Remediation should follow standard vulnerability management procedures.
A security vulnerability in A vulnerability (CVSS 3.8). Risk factors: public PoC available.
Missing Authorization vulnerability in Dor Zuberi Slack Notifications by dorzki allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Slack Notifications by dorzki: from n/a through 2.0.7.
A security vulnerability in Cozmoslabs Profile Builder allows Phishing (CVSS 4.3). Remediation should follow standard vulnerability management procedures.
IBM Verify Identity Access Digital Credentials 24.06 could allow an authenticated user to crash the service with a specially crafted POST request.
A security vulnerability in all (CVSS 4.3). Remediation should follow standard vulnerability management procedures.
Missing Authorization vulnerability in Akhtarujjaman Shuvo Post Grid Master allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Post Grid Master: from n/a through 3.4.13.
Improper Control of Generation of Code ('Code Injection') vulnerability in cmoreira Team Showcase allows Code Injection. This issue affects Team Showcase: from n/a through n/a.
Missing Authorization vulnerability in CodeRevolution Crawlomatic Multisite Scraper Post Generator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Crawlomatic Multisite Scraper Post Generator: from n/a through 2.6.8.2.
Missing Authorization vulnerability in WebToffee Product Feed for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Product Feed for WooCommerce: from n/a through 2.2.8.
A security vulnerability in Missing Authorization vulnerability in sergiotrinity Trinity Audio (CVSS 4.3). Remediation should follow standard vulnerability management procedures.
A security vulnerability in Missing Authorization vulnerability in cmoreira Team Showcase (CVSS 4.3). Remediation should follow standard vulnerability management procedures.
A security vulnerability in Missing Authorization vulnerability in cmoreira Testimonials Showcase (CVSS 4.3). Remediation should follow standard vulnerability management procedures.
Missing Authorization vulnerability in WordLift WordLift allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordLift: from n/a through 3.54.4.
A security vulnerability in Missing Authorization vulnerability in eleopard Behance Portfolio Manager (CVSS 4.3). Remediation should follow standard vulnerability management procedures.