The WooCommerce mobile phone registration plugin has an authentication bypass vulnerability allowing unauthenticated attackers to log in as any user, including administrators, with EPSS 0.42%.
The RegistrationMagic WordPress plugin up to version 6.0 allows unauthenticated privilege escalation, enabling attackers to create admin accounts and take over WordPress sites.
SQL injection in FeMiner Warehouse Management System's /src/chkuser.php endpoint allows unauthenticated remote attackers to manipulate the Username parameter and execute arbitrary database queries. Public exploit code exists for this vulnerability, and the vendor has not provided patches despite early notification. The flaw affects all versions up to commit 9cad1f1b179a98b9547fd003c23b07c7594775fa and enables attackers to potentially read, modify, or delete sensitive warehouse data.
A security flaw has been discovered in Open5GS up to 2.7.5. This issue affects some unknown processing of the component Timer Handler. [CVSS 5.3 MEDIUM]
A vulnerability was identified in Open5GS up to 2.7.5. This vulnerability affects the function sgwc_bearer_add of the file src/sgwc/context.c. [CVSS 5.3 MEDIUM]
A vulnerability was determined in Open5GS up to 2.7.6. This affects the function sgwc_s11_handle_create_indirect_data_forwarding_tunnel_request of the file /src/sgwc/s11-handler.c. [CVSS 5.3 MEDIUM]
Demo Importer Plus (WordPress plugin) is affected by improper restriction of xml external entity reference (CVSS 7.5).
Secure Access Server versions before 14.20 are vulnerable to a network-based denial-of-service attack where unauthenticated attackers can crash the server by sending specially crafted packets. This vulnerability requires no user interaction and is easily exploitable over the network, though no patch is currently available. Organizations running affected versions should implement network-level mitigations to restrict access to the vulnerable service.
The Gutenberg Thim Blocks - Page Builder, Gutenberg Blocks for the Block Editor plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 1.0.1. This is due to insufficient path validation in the server-side rendering of the thim-blocks/icon block. [CVSS 6.5 MEDIUM]
The Wallet System for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'change_wallet_fund_request_status_callback' function in all versions up to, and including, 2.7.2. [CVSS 6.5 MEDIUM]
Stored cross-site scripting in the Team Section Block plugin for WordPress through version 2.0.0 allows authenticated contributors and above to inject malicious scripts into pages by manipulating social network link URLs due to improper input sanitization and output escaping. When users visit affected pages, the injected scripts execute in their browsers, potentially compromising site security and user data. An unpatched WordPress installation with this plugin poses a persistent attack vector for authenticated users with lower privilege levels.
The CubeWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cubewp_shortcode_taxonomy shortcode in all versions up to, and including, 1.1.26 due to insufficient input sanitization and output escaping on user supplied attributes. [CVSS 6.4 MEDIUM]
Teamwork Management System versions up to 2.28.0. is affected by server-side request forgery (ssrf) (CVSS 6.3).
Unrestricted file upload in Teamwork Management System (TMS) versions up to 2.28.0 allows authenticated attackers to upload malicious files by manipulating the filename parameter in the FileController. Public exploit code exists for this vulnerability, and no patch is currently available, creating significant risk for organizations using affected versions.
A security vulnerability has been detected in LigeroSmart up to 6.1.26. The affected element is an unknown function of the file /otrs/index.pl. [CVSS 3.5 LOW]
A weakness has been identified in LigeroSmart up to 6.1.26. Impacted is an unknown function of the file /otrs/index.pl?Action=AgentTicketZoom. [CVSS 3.5 LOW]
Feeds for YouTube Pro (WordPress plugin) versions up to 2.6.0 is affected by path traversal (CVSS 5.9).
Quick Contact Form (WordPress plugin) versions up to 8.2.6. is affected by improper input validation (CVSS 5.8).
SQL injection in the REST authentication endpoint of risesoft-y9 Digital-Infrastructure up to version 9.6.7 allows unauthenticated remote attackers to manipulate input parameters and execute arbitrary SQL queries. Public exploit code exists for this vulnerability, and the vendor has not yet released a patch despite early notification. The attack requires no user interaction and can compromise data confidentiality, integrity, and availability.
The Payment Button for PayPal plugin for WordPress is vulnerable to unauthorized order creation in all versions up to, and including, 1.2.3.41. This is due to the plugin exposing a public AJAX endpoint (`wppaypalcheckout_ajax_process_order`) that processes checkout results without any authentication or server-side verification of the PayPal transaction. This makes it possible for unauthenticated attackers to create arbitrary orders on the site with any chosen transaction ID, payment status, p...
The PAYGENT for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.4.6. This is due to missing authorization checks on the paygent_check_webhook function combined with the paygent_permission_callback function unconditionally returning true on line 199. This makes it possible for unauthenticated attackers to manipulate payment callbacks and modify order statuses by sending forged payment notifications via the `/wp-json/paygent/v1/che...
The Community Events plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_admin_event_approval() function in all versions up to, and including, 1.5.6. [CVSS 5.3 MEDIUM]
The Spin Wheel WordPress plugin through version 2.1.0 fails to validate prize selection on the server side, allowing unauthenticated attackers to manipulate the 'prize_index' parameter and arbitrarily select high-value prizes. This input validation flaw enables attackers to bypass the intended randomization mechanism and consistently win premium rewards. No patch is currently available for affected installations.
User Registration Using Contact Form 7 (WordPress plugin) is affected by missing authorization (CVSS 5.3).
The WP Hotel Booking plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.7. This is due to the plugin exposing the 'hotel_booking_fetch_customer_info' AJAX action to unauthenticated users without proper capability checks, relying only on a nonce for protection. This makes it possible for unauthenticated attackers to retrieve sensitive customer information including full names, addresses, phone numbers, and email addresses by providing...
All-in-One Dynamic Content Framework versions up to 1.1.27 is affected by information exposure (CVSS 5.3).
The Advanced Ads - Ad Manager & AdSense plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 2.0.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. [CVSS 4.9 MEDIUM]
Secure Access versions before 14.20 contain a stored cross-site scripting vulnerability that allows administrators to inject malicious scripts into the console interface. An authenticated admin can exploit this to interfere with other administrators' sessions and potentially steal sensitive information through the compromised console. The vulnerability requires high privileges and user interaction but can impact multiple administrators due to its scope across the application.
Stored XSS in the Integrate Dynamics 365 CRM WordPress plugin through version 1.1.1 allows authenticated administrators to inject malicious scripts into plugin settings due to inadequate input sanitization. An attacker with admin privileges can execute arbitrary JavaScript that runs whenever users access affected pages. No patch is currently available.
The CM E-Mail Blacklist plugin for WordPress through version 1.6.2 contains a stored XSS vulnerability in the 'black_email' parameter due to inadequate input sanitization and output escaping. Authenticated administrators can inject arbitrary JavaScript that executes for all users accessing affected pages, though exploitation is limited to multi-site installations or those with unfiltered_html disabled. No patch is currently available.
The Filr - Secure document library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via unrestricted file upload in all versions up to, and including, 1.2.11 due to insufficient file type restrictions in the FILR_Uploader class. [CVSS 4.4 MEDIUM]
Authenticated attackers with Subscriber-level privileges can upload malicious signatures to arbitrary orders in the RepairBuddy WordPress plugin (versions up to 4.1116) due to missing capability checks, allowing them to modify order metadata and trigger unauthorized status changes. The vulnerability stems from insufficient access controls on the signature upload handler and requires only basic user authentication to exploit. Patch availability is not currently provided for this integrity-impacting vulnerability.
Phrase TMS Integration for WordPress (WordPress plugin) is affected by missing authorization (CVSS 4.3).
Secure Access versions up to 14.20 is affected by insertion of sensitive information into log file (CVSS 3.4).
The Church Admin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.28 due to insufficient validation of user-supplied URLs in the 'audio_url' parameter. [CVSS 2.2 LOW]
Kodbox versions up to 1.61.10 contain a command injection vulnerability in the compression handler component that allows authenticated remote attackers to execute arbitrary commands with network access. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor.
Bastillion up to version 4.0.1 contains a command injection vulnerability in the System Management Module that allows remote attackers with high privileges to execute arbitrary commands. Public exploit code exists for this vulnerability, and the vendor has not provided a patch. The impact is limited to low-level confidentiality, integrity, and availability compromise.
Command injection in Bastillion's public key management system (versions up to 4.0.1) allows remote attackers with high privileges to execute arbitrary commands through the AuthKeysKtrl.java component. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor. The attack requires network access and high-level authentication but carries minimal complexity once access is obtained.