Rejected reason: Not used. No vendor patch available.
Rejected reason: Not used. No vendor patch available.
The Widgets for Tiktok Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'trustindex-feed' shortcode in all versions up to, and including, 1.7.3 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Mega Elements - Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown Timer widget in all versions up to, and including, 1.3.2 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The OAuth Single Sign On - SSO (OAuth Client) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.26.12. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The CM Business Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cmbd_featured_image' shortcode in all versions up to, and including, 1.5.2 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Unitree Go2, G1, H1, and B2 devices through 2025-09-20 accept any handshake secret with the unitree substring. Rated medium severity (CVSS 5.0), this vulnerability is no authentication required. No vendor patch available.
Unitree Go2, G1, H1, and B2 devices through 2025-09-20 decrypt BLE packet data by using the df98b715d5c6ed2b25817b6f2554124a key and the 2841ae97419c2973296a0d4bdfe19a4f IV. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Unitree Go2, G1, H1, and B2 devices through 2025-09-20 allow root OS command injection via the hostapd_restart.sh wifi_ssid or wifi_pass parameter (within restart_wifi_ap and restart_wifi_sta). Rated high severity (CVSS 8.2), this vulnerability is no authentication required. No vendor patch available.