Skip to main content
CVE-2025-15526 MEDIUM This Month

The Fancy Product Designer plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 6.4.8. This is due to improper error handling in the PDF upload functionality that exposes server filesystem paths and stack traces in error messages. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulner...

WordPress PHP
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-24089 MEDIUM This Month

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and iPadOS 18.3. [CVSS 5.3 MEDIUM]

Apple iOS Iphone Os Ipados
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-14793 MEDIUM This Month

The DK PDF - WordPress PDF Generator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.3.0 via the 'addContentToMpdf' function. [CVSS 5.0 MEDIUM]

WordPress SSRF
NVD
CVSS 3.1
5.0
EPSS
0.0%
CVE-2025-51602 MEDIUM This Month

mmstu.c in VideoLAN VLC media player versions up to 3.0.22 is affected by out-of-bounds read (CVSS 4.8).

Denial Of Service Information Disclosure Buffer Overflow Suse
NVD VulDB
CVSS 3.1
4.8
EPSS
0.0%
CVE-2026-20894 MEDIUM This Month

Stored XSS in TOA Corporation TRIFORA 3 network cameras allows authenticated administrators to inject malicious scripts through configuration settings that execute in other administrators' browsers when accessing the settings interface. An attacker with administrative privileges could exploit this to compromise other admin sessions and potentially gain unauthorized access to camera management functions. No patch is currently available for this medium-severity vulnerability.

XSS
NVD
CVSS 3.0
4.8
EPSS
0.0%
CVE-2026-1003 MEDIUM This Month

Unauthorized post deletion in GetGenie for WordPress (versions up to 4.3.0) allows authenticated users with Author-level permissions or higher to delete any post on a site, regardless of authorship, due to insufficient authorization checks. Attackers with basic authenticated access can exploit this to remove content authored by other users without proper privilege verification. No patch is currently available.

WordPress
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-14982 MEDIUM This Month

The Booking Calendar plugin for WordPress is vulnerable to Missing Authorization leading to Sensitive Information Exposure in all versions up to, and including, 10.14.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view all booking records in the database, including personally identifiable information (PII) such as names, email addresses, phone numbers, physical addresses, payment status, booking costs, and booking hashes belonging to other u...

WordPress Information Disclosure PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-14853 MEDIUM This Month

LEAV Last Email Address Validator (WordPress plugin) is affected by cross-site request forgery (csrf) (CVSS 4.3).

WordPress CSRF PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-15527 MEDIUM This Month

WP Recipe Maker (WordPress plugin) versions up to 10.2.2 is affected by information exposure (CVSS 4.3).

WordPress Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-14384 MEDIUM This Month

The All in One SEO - Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the `/aioseo/v1/ai/credits` REST route in all versions up to, and including, 4.9.2. [CVSS 4.3 MEDIUM]

WordPress AI / ML PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-15370 MEDIUM This Month

and Prevents Security Breache versions up to 21.0.9 is affected by authorization bypass through user-controlled key (CVSS 4.3).

WordPress PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-43904 MEDIUM PATCH This Month

In SchedMD Slurm before 24.11.5, 24.05.8, and 23.11.11, the accounting system can allow a Coordinator to promote a user to Administrator. [CVSS 4.2 MEDIUM]

Authentication Bypass Suse
NVD
CVSS 3.1
4.2
EPSS
0.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy