CVE-2024-13807 - Xagio SEO Plugin for WordPress Sensitive Information Exposure
CVE ID : CVE-2024-13807
Published : Aug. 28, 2025, 6:15 a.m. | 27 minutes ago
Description : The Xagio SEO plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.1.0.5 via the backup functionality due to weak filename structure and lack of protection in the directory. This makes it possible for unauthenticated attackers to extract sensitive data from backups which can include the entire database and site's files.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-13807
Published : Aug. 28, 2025, 6:15 a.m. | 27 minutes ago
Description : The Xagio SEO plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.1.0.5 via the backup functionality due to weak filename structure and lack of protection in the directory. This makes it possible for unauthenticated attackers to extract sensitive data from backups which can include the entire database and site's files.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7955 - RingCentral Communications WordPress Authentication Bypass
CVE ID : CVE-2025-7955
Published : Aug. 28, 2025, 6:15 a.m. | 27 minutes ago
Description : The RingCentral Communications plugin for WordPress is vulnerable to Authentication Bypass due to improper validation within the ringcentral_admin_login_2fa_verify() function in versions 1.5 to 1.6.8. This makes it possible for unauthenticated attackers to log in as any user simply by supplying identical bogus codes.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7955
Published : Aug. 28, 2025, 6:15 a.m. | 27 minutes ago
Description : The RingCentral Communications plugin for WordPress is vulnerable to Authentication Bypass due to improper validation within the ringcentral_admin_login_2fa_verify() function in versions 1.5 to 1.6.8. This makes it possible for unauthenticated attackers to log in as any user simply by supplying identical bogus codes.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7956 - Apache Ajax Search Lite Information Exposure Vulnerability
CVE ID : CVE-2025-7956
Published : Aug. 28, 2025, 6:15 a.m. | 27 minutes ago
Description : The Ajax Search Lite plugin for WordPress is vulnerable to Basic Information Exposure due to missing authorization in its AJAX search handler in all versions up to, and including, 4.13.1. This makes it possible for unauthenticated attackers to issue repeated AJAX requests to leak the content of any protected post in rolling 100‑character windows.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7956
Published : Aug. 28, 2025, 6:15 a.m. | 27 minutes ago
Description : The Ajax Search Lite plugin for WordPress is vulnerable to Basic Information Exposure due to missing authorization in its AJAX search handler in all versions up to, and including, 4.13.1. This makes it possible for unauthenticated attackers to issue repeated AJAX requests to leak the content of any protected post in rolling 100‑character windows.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6255 - WooCommerce Dynamic AJAX Product Filters Stored Cross-Site Scripting
CVE ID : CVE-2025-6255
Published : Aug. 28, 2025, 7:15 a.m. | 3 hours, 27 minutes ago
Description : The Dynamic AJAX Product Filters for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6255
Published : Aug. 28, 2025, 7:15 a.m. | 3 hours, 27 minutes ago
Description : The Dynamic AJAX Product Filters for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8073 - WooCommerce Dynamic AJAX Product Filters Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-8073
Published : Aug. 28, 2025, 7:15 a.m. | 3 hours, 27 minutes ago
Description : The Dynamic AJAX Product Filters for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8073
Published : Aug. 28, 2025, 7:15 a.m. | 3 hours, 27 minutes ago
Description : The Dynamic AJAX Product Filters for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58322 - NAVER MYBOX Explorer Local Privilege Escalation Vulnerability
CVE ID : CVE-2025-58322
Published : Aug. 28, 2025, 8:15 a.m. | 2 hours, 28 minutes ago
Description : NAVER MYBOX Explorer for Windows before 3.0.8.133 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM by executing arbitrary commands due to improper privilege checks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58322
Published : Aug. 28, 2025, 8:15 a.m. | 2 hours, 28 minutes ago
Description : NAVER MYBOX Explorer for Windows before 3.0.8.133 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM by executing arbitrary commands due to improper privilege checks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-53588 - UKR Solution UPC/EAN/GTIN Code Generator Path Traversal
CVE ID : CVE-2025-53588
Published : Aug. 28, 2025, 1:16 p.m. | 1 hour, 28 minutes ago
Description : Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Dmitry V. (CEO of "UKR Solution") UPC/EAN/GTIN Code Generator allows Path Traversal. This issue affects UPC/EAN/GTIN Code Generator: from n/a through 2.0.2.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-53588
Published : Aug. 28, 2025, 1:16 p.m. | 1 hour, 28 minutes ago
Description : Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Dmitry V. (CEO of "UKR Solution") UPC/EAN/GTIN Code Generator allows Path Traversal. This issue affects UPC/EAN/GTIN Code Generator: from n/a through 2.0.2.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54029 - WooCommerce CSV Import Export Path Traversal
CVE ID : CVE-2025-54029
Published : Aug. 28, 2025, 1:16 p.m. | 1 hour, 28 minutes ago
Description : Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in extendons WooCommerce csv import export allows Path Traversal. This issue affects WooCommerce csv import export: from n/a through 2.0.6.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54029
Published : Aug. 28, 2025, 1:16 p.m. | 1 hour, 28 minutes ago
Description : Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in extendons WooCommerce csv import export allows Path Traversal. This issue affects WooCommerce csv import export: from n/a through 2.0.6.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54710 - Tiktok Feed Missing Authorization Vulnerability
CVE ID : CVE-2025-54710
Published : Aug. 28, 2025, 1:16 p.m. | 1 hour, 28 minutes ago
Description : Missing Authorization vulnerability in bPlugins Tiktok Feed allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Tiktok Feed: from n/a through 1.0.21.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54710
Published : Aug. 28, 2025, 1:16 p.m. | 1 hour, 28 minutes ago
Description : Missing Authorization vulnerability in bPlugins Tiktok Feed allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Tiktok Feed: from n/a through 1.0.21.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54714 - Zephyr Project Manager Missing Authorization Vulnerability
CVE ID : CVE-2025-54714
Published : Aug. 28, 2025, 1:16 p.m. | 1 hour, 28 minutes ago
Description : Missing Authorization vulnerability in Dylan James Zephyr Project Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Zephyr Project Manager: from n/a through 3.3.201.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54714
Published : Aug. 28, 2025, 1:16 p.m. | 1 hour, 28 minutes ago
Description : Missing Authorization vulnerability in Dylan James Zephyr Project Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Zephyr Project Manager: from n/a through 3.3.201.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54716 - Ovatheme Ireca PHP Remote File Inclusion Vulnerability
CVE ID : CVE-2025-54716
Published : Aug. 28, 2025, 1:16 p.m. | 1 hour, 28 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme Ireca allows PHP Local File Inclusion. This issue affects Ireca: from n/a through 1.8.5.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54716
Published : Aug. 28, 2025, 1:16 p.m. | 1 hour, 28 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme Ireca allows PHP Local File Inclusion. This issue affects Ireca: from n/a through 1.8.5.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54720 - SteelThemes Nest Addons SQL Injection
CVE ID : CVE-2025-54720
Published : Aug. 28, 2025, 1:16 p.m. | 1 hour, 28 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SteelThemes Nest Addons allows SQL Injection. This issue affects Nest Addons: from n/a through 1.6.3.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54720
Published : Aug. 28, 2025, 1:16 p.m. | 1 hour, 28 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SteelThemes Nest Addons allows SQL Injection. This issue affects Nest Addons: from n/a through 1.6.3.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54724 - Golo Cross-site Scripting (XSS)
CVE ID : CVE-2025-54724
Published : Aug. 28, 2025, 1:16 p.m. | 1 hour, 28 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxper Golo allows Reflected XSS. This issue affects Golo: from n/a through 1.7.1.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54724
Published : Aug. 28, 2025, 1:16 p.m. | 1 hour, 28 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxper Golo allows Reflected XSS. This issue affects Golo: from n/a through 1.7.1.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54725 - Uxper Golo Authentication Bypass
CVE ID : CVE-2025-54725
Published : Aug. 28, 2025, 1:16 p.m. | 1 hour, 28 minutes ago
Description : Authentication Bypass Using an Alternate Path or Channel vulnerability in uxper Golo allows Authentication Abuse. This issue affects Golo: from n/a through 1.7.0.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54725
Published : Aug. 28, 2025, 1:16 p.m. | 1 hour, 28 minutes ago
Description : Authentication Bypass Using an Alternate Path or Channel vulnerability in uxper Golo allows Authentication Abuse. This issue affects Golo: from n/a through 1.7.0.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54731 - YouTube Showcase Object Injection Vulnerability
CVE ID : CVE-2025-54731
Published : Aug. 28, 2025, 1:16 p.m. | 1 hour, 28 minutes ago
Description : Improper Control of Generation of Code ('Code Injection') vulnerability in emarket-design YouTube Showcase allows Object Injection. This issue affects YouTube Showcase: from n/a through 3.5.1.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54731
Published : Aug. 28, 2025, 1:16 p.m. | 1 hour, 28 minutes ago
Description : Improper Control of Generation of Code ('Code Injection') vulnerability in emarket-design YouTube Showcase allows Object Injection. This issue affects YouTube Showcase: from n/a through 3.5.1.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54733 - Miles All Bootstrap Blocks Authentication Bypass
CVE ID : CVE-2025-54733
Published : Aug. 28, 2025, 1:16 p.m. | 1 hour, 28 minutes ago
Description : Missing Authorization vulnerability in Miles All Bootstrap Blocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects All Bootstrap Blocks: from n/a through 1.3.28.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54733
Published : Aug. 28, 2025, 1:16 p.m. | 1 hour, 28 minutes ago
Description : Missing Authorization vulnerability in Miles All Bootstrap Blocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects All Bootstrap Blocks: from n/a through 1.3.28.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54734 - BPlugins B Slider Missing Authorization Vulnerability
CVE ID : CVE-2025-54734
Published : Aug. 28, 2025, 1:16 p.m. | 1 hour, 28 minutes ago
Description : Missing Authorization vulnerability in bPlugins B Slider allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects B Slider: from n/a through 1.1.30.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54734
Published : Aug. 28, 2025, 1:16 p.m. | 1 hour, 28 minutes ago
Description : Missing Authorization vulnerability in bPlugins B Slider allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects B Slider: from n/a through 1.1.30.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54738 - NooTheme Jobmonster Authentication Bypass
CVE ID : CVE-2025-54738
Published : Aug. 28, 2025, 1:16 p.m. | 1 hour, 28 minutes ago
Description : Authentication Bypass Using an Alternate Path or Channel vulnerability in NooTheme Jobmonster allows Authentication Abuse. This issue affects Jobmonster: from n/a through 4.7.9.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54738
Published : Aug. 28, 2025, 1:16 p.m. | 1 hour, 28 minutes ago
Description : Authentication Bypass Using an Alternate Path or Channel vulnerability in NooTheme Jobmonster allows Authentication Abuse. This issue affects Jobmonster: from n/a through 4.7.9.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54742 - Magepeopleteam WpEvently Untrusted Data Deserialization Object Injection Vulnerability
CVE ID : CVE-2025-54742
Published : Aug. 28, 2025, 1:16 p.m. | 1 hour, 28 minutes ago
Description : Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently allows Object Injection. This issue affects WpEvently: from n/a through 4.4.8.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54742
Published : Aug. 28, 2025, 1:16 p.m. | 1 hour, 28 minutes ago
Description : Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently allows Object Injection. This issue affects WpEvently: from n/a through 4.4.8.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58123 - Checkmk Exchange Plugin SSL/TLS Certificate Validation Vulnerability
CVE ID : CVE-2025-58123
Published : Aug. 28, 2025, 1:16 p.m. | 1 hour, 28 minutes ago
Description : Improper Certificate Validation in Checkmk Exchange plugin BGP Monitoring allows attackers in MitM position to intercept traffic.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58123
Published : Aug. 28, 2025, 1:16 p.m. | 1 hour, 28 minutes ago
Description : Improper Certificate Validation in Checkmk Exchange plugin BGP Monitoring allows attackers in MitM position to intercept traffic.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58124 - Checkmk Exchange Certificate Validation Bypass
CVE ID : CVE-2025-58124
Published : Aug. 28, 2025, 1:16 p.m. | 1 hour, 28 minutes ago
Description : Improper Certificate Validation in Checkmk Exchange plugin check-mk-api allows attackers in MitM position to intercept traffic.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58124
Published : Aug. 28, 2025, 1:16 p.m. | 1 hour, 28 minutes ago
Description : Improper Certificate Validation in Checkmk Exchange plugin check-mk-api allows attackers in MitM position to intercept traffic.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...