Skip to main content
CVE-2025-10302 MEDIUM This Month

The Ultimate Viral Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on thesave_options() function. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CSRF WordPress PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-9630 MEDIUM This Month

The WP SinoType plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the sinotype_config function. This makes it possible for unauthenticated attackers to modify typography settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CSRF WordPress PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-8669 MEDIUM This Month

The Customify theme for WordPress is vulnerable to Cross-Site Request Forgery in version 0.4.11. This is due to missing or incorrect nonce validation on the reset_customize_section function. This makes it possible for unauthenticated attackers to reset theme customization settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CSRF WordPress
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-0876 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Isin Basi Advertisement Information Technologies Trade Inc.

XSS
NVD VulDB
CVSS 3.1
4.1
EPSS
0.0%
CVE-2025-10306 LOW Monitor

A arbitrary file access vulnerability in Backup Bolt (CVSS 3.8). Remediation should follow standard vulnerability management procedures.

Information Disclosure WordPress
NVD
CVSS 3.1
3.8
EPSS
0.0%
CVE-2025-52658 LOW Monitor

A security vulnerability in HCL MyXalytics (CVSS 3.5). Remediation should follow standard vulnerability management procedures.

Information Disclosure
NVD
CVSS 3.1
3.5
EPSS
0.1%
CVE-2025-61677 LOW PATCH Monitor

DataChain is a Python-based AI-data warehouse for transforming and analyzing unstructured data. Versions 0.34.1 and below allow for deseriaization of untrusted data because of the way the DataChain library reads serialized objects from environment variables (such as DATACHAIN__METASTORE and DATACHAIN__WAREHOUSE) in the loader.py module. An attacker with the ability to set these environment variables can trigger code execution when the application loads. This issue is fixed in version 0.34.2.

RCE Python Deserialization
NVD GitHub
CVSS 3.1
2.5
EPSS
0.1%
CVE-2025-61585 Awaiting Data

Rejected reason: Further research determined the issue is not an independent vulnerability as it originates from Apache Felix. No vendor patch available.

Apache Information Disclosure
NVD
CVE-2025-61671 Awaiting Data

Rejected reason: Further research determined the issue is not an open source vulnerability. No vendor patch available.

Information Disclosure
NVD
CVE-2025-61847 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
Prev Page 4 of 4

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy