CVE-2025-3870 - "1 Decembrie 1918 WordPress CSRF"
CVE ID : CVE-2025-3870
Published : April 25, 2025, 9:15 a.m. | 3 hours, 27 minutes ago
Description : The 1 Decembrie 1918 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.dec.2012. This is due to missing or incorrect nonce validation on the 1-decembrie-1918/1-decembrie-1918.php page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3870
Published : April 25, 2025, 9:15 a.m. | 3 hours, 27 minutes ago
Description : The 1 Decembrie 1918 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.dec.2012. This is due to missing or incorrect nonce validation on the 1-decembrie-1918/1-decembrie-1918.php page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-1565 - WordPress Mayosis Core Plugin Arbitrary File Read Vulnerability
CVE ID : CVE-2025-1565
Published : April 25, 2025, 10:15 a.m. | 2 hours, 27 minutes ago
Description : The Mayosis Core plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.4.1 via the library/wave-audio/peaks/remote_dl.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-1565
Published : April 25, 2025, 10:15 a.m. | 2 hours, 27 minutes ago
Description : The Mayosis Core plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.4.1 via the library/wave-audio/peaks/remote_dl.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-11917 - Xing and Google Vulnerability: Authentication Bypass in JobSearch WP Job Board Plugin
CVE ID : CVE-2024-11917
Published : April 25, 2025, 12:15 p.m. | 27 minutes ago
Description : The JobSearch WP Job Board plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.8.8. This is due to improper configurations in the 'jobsearch_xing_response_data_callback', 'set_access_tokes', and 'google_callback' functions. This makes it possible for unauthenticated attackers to log in as the first connected Xing user, or any connected Xing user if the Xing id is known. It is also possible for unauthenticated attackers to log in as the first connected Google user if the user has logged in, without subsequently logging out, in thirty days. The vulnerability was partially patched in version 2.8.4.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-11917
Published : April 25, 2025, 12:15 p.m. | 27 minutes ago
Description : The JobSearch WP Job Board plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.8.8. This is due to improper configurations in the 'jobsearch_xing_response_data_callback', 'set_access_tokes', and 'google_callback' functions. This makes it possible for unauthenticated attackers to log in as the first connected Xing user, or any connected Xing user if the Xing id is known. It is also possible for unauthenticated attackers to log in as the first connected Google user if the user has logged in, without subsequently logging out, in thirty days. The vulnerability was partially patched in version 2.8.4.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2470 - Nextend Social Login WordPress Plugin Privilege Escalation Vulnerability
CVE ID : CVE-2025-2470
Published : April 25, 2025, 12:15 p.m. | 27 minutes ago
Description : The Service Finder Bookings plugin for WordPress, used by the Service Finder - Directory and Job Board WordPress Theme, is vulnerable to privilege escalation in all versions up to, and including, 5.1. This is due to a lack of restriction on user role in the 'nsl_registration_store_extra_input' function. This makes it possible for unauthenticated attackers to register an account on the site with an arbitrary role, including Administrator, when registering via a social login. The Nextend Social Login plugin must be installed and configured to exploit the vulnerability.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2470
Published : April 25, 2025, 12:15 p.m. | 27 minutes ago
Description : The Service Finder Bookings plugin for WordPress, used by the Service Finder - Directory and Job Board WordPress Theme, is vulnerable to privilege escalation in all versions up to, and including, 5.1. This is due to a lack of restriction on user role in the 'nsl_registration_store_extra_input' function. This makes it possible for unauthenticated attackers to register an account on the site with an arbitrary role, including Administrator, when registering via a social login. The Nextend Social Login plugin must be installed and configured to exploit the vulnerability.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2986 - IBM Maximo Asset Management Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-2986
Published : April 25, 2025, 12:15 p.m. | 27 minutes ago
Description : IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2986
Published : April 25, 2025, 12:15 p.m. | 27 minutes ago
Description : IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3912 - WordPress WS Form LITE Unauthorized Data Access Vulnerability
CVE ID : CVE-2025-3912
Published : April 25, 2025, 12:15 p.m. | 27 minutes ago
Description : The WS Form LITE – Drag & Drop Contact Form Builder for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_config' function in all versions up to, and including, 1.10.35. This makes it possible for unauthenticated attackers to read the value of the plugin's settings, including API keys for integrated services.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3912
Published : April 25, 2025, 12:15 p.m. | 27 minutes ago
Description : The WS Form LITE – Drag & Drop Contact Form Builder for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_config' function in all versions up to, and including, 1.10.35. This makes it possible for unauthenticated attackers to read the value of the plugin's settings, including API keys for integrated services.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3625 - Moodle Authentication Bypass
CVE ID : CVE-2025-3625
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A security vulnerability was discovered in Moodle that can allow hackers to gain access to sensitive information about students and prevent them from logging into their accounts, even after they had completed two-factor authentication (2FA).
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3625
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A security vulnerability was discovered in Moodle that can allow hackers to gain access to sensitive information about students and prevent them from logging into their accounts, even after they had completed two-factor authentication (2FA).
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3627 - Moodle Information Disclosure Vulnerability
CVE ID : CVE-2025-3627
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A security vulnerability was discovered in Moodle that allows some users to access sensitive information about other students before they finish verifying their identities using two-factor authentication (2FA).
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3627
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A security vulnerability was discovered in Moodle that allows some users to access sensitive information about other students before they finish verifying their identities using two-factor authentication (2FA).
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3628 - Moodle Anonymous Assignment De-Anonymization Vulnerability
CVE ID : CVE-2025-3628
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A flaw has was found in Moodle where anonymous assignment submissions can be de-anonymized via search, revealing student identities.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3628
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A flaw has was found in Moodle where anonymous assignment submissions can be de-anonymized via search, revealing student identities.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3635 - Moodle CSRF Tour Duplicating Vulnerability
CVE ID : CVE-2025-3635
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A security vulnerability was discovered in Moodle that allows anyone to duplicate existing tours without needing to log in due to a lack of protection against cross-site request forgery (CSRF) attacks.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3635
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A security vulnerability was discovered in Moodle that allows anyone to duplicate existing tours without needing to log in due to a lack of protection against cross-site request forgery (CSRF) attacks.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3636 - Moodle RSS Feed Access Vulnerability
CVE ID : CVE-2025-3636
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A flaw was found in Moodle. This vulnerability allows unauthorized users to access and view RSS feeds due to insufficient capability checks.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3636
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A flaw was found in Moodle. This vulnerability allows unauthorized users to access and view RSS feeds due to insufficient capability checks.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3637 - Moodle CSRF Information Disclosure
CVE ID : CVE-2025-3637
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A security vulnerability was found in Moodle where confidential information that prevents cross-site request forgery (CSRF) attacks was shared publicly through the site's URL. This vulnerability occurred specifically on two types of pages within the mod_data module: edit and delete pages.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3637
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A security vulnerability was found in Moodle where confidential information that prevents cross-site request forgery (CSRF) attacks was shared publicly through the site's URL. This vulnerability occurred specifically on two types of pages within the mod_data module: edit and delete pages.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3638 - Moodle CSRF in Brickfield Tool
CVE ID : CVE-2025-3638
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A flaw was found in Moodle. The analysis request action in the Brickfield tool did not include the necessary token to prevent a Cross-site request forgery (CSRF) risk.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3638
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A flaw was found in Moodle. The analysis request action in the Brickfield tool did not include the necessary token to prevent a Cross-site request forgery (CSRF) risk.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3640 - Moodle Information Disclosure Vulnerability
CVE ID : CVE-2025-3640
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A flaw was found in Moodle. Insufficient capability checks made it possible for a user enrolled in a course to access some details, such as the full name and profile image URL, of other users they did not have permission to access.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3640
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A flaw was found in Moodle. Insufficient capability checks made it possible for a user enrolled in a course to access some details, such as the full name and profile image URL, of other users they did not have permission to access.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3641 - Moodle Dropbox Repository Remote Code Execution Vulnerability
CVE ID : CVE-2025-3641
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A flaw was found in Moodle. A remote code execution risk was identified in the Moodle LMS Dropbox repository. By default, this was only available to teachers and managers on sites with the Dropbox repository enabled.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3641
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A flaw was found in Moodle. A remote code execution risk was identified in the Moodle LMS Dropbox repository. By default, this was only available to teachers and managers on sites with the Dropbox repository enabled.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3642 - Moodle EQUELLA Remote Code Execution Vulnerability
CVE ID : CVE-2025-3642
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A flaw was found in Moodle. A remote code execution risk was identified in the Moodle LMS EQUELLA repository. By default, this was only available to teachers and managers on sites with the EQUELLA repository enabled.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3642
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A flaw was found in Moodle. A remote code execution risk was identified in the Moodle LMS EQUELLA repository. By default, this was only available to teachers and managers on sites with the EQUELLA repository enabled.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3643 - Moodle Reflected Cross-site Scripting Vulnerability
CVE ID : CVE-2025-3643
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A flaw was found in Moodle. The return URL in the policy tool required additional sanitizing to prevent a reflected Cross-site scripting (XSS) risk.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3643
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A flaw was found in Moodle. The return URL in the policy tool required additional sanitizing to prevent a reflected Cross-site scripting (XSS) risk.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3644 - Moodle Course Section Deletion Privilege Escalation Vulnerability
CVE ID : CVE-2025-3644
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A flaw was found in Moodle. Additional checks were required to prevent users from deleting course sections they did not have permission to modify.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3644
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A flaw was found in Moodle. Additional checks were required to prevent users from deleting course sections they did not have permission to modify.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3645 - Moodle Information Disclosure Vulnerability
CVE ID : CVE-2025-3645
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A flaw was found in Moodle. Insufficient capability checks in a messaging web service allowed users to view other users' names and online statuses.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3645
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A flaw was found in Moodle. Insufficient capability checks in a messaging web service allowed users to view other users' names and online statuses.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3647 - Moodle Information Disclosure
CVE ID : CVE-2025-3647
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A flaw was discovered in Moodle. Additional checks were required to ensure that users can only access cohort data they are authorized to retrieve.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3647
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A flaw was discovered in Moodle. Additional checks were required to ensure that users can only access cohort data they are authorized to retrieve.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43016 - JetBrains Rider Unvalidated Archive Unpacking Vulnerability
CVE ID : CVE-2025-43016
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : In JetBrains Rider before 2025.1.2 custom archive unpacker allowed arbitrary file overwrite during remote debug session
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43016
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : In JetBrains Rider before 2025.1.2 custom archive unpacker allowed arbitrary file overwrite during remote debug session
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...