CVE-2025-9983 - GALAYOU G2 Cameras RTSP Stream Authentication Bypass
CVE ID : CVE-2025-9983
Published : Sept. 22, 2025, 1:08 p.m. | 2 hours, 13 minutes ago
Description : GALAYOU G2 cameras stream video output via RTSP streams. By default these streams are protected by randomly generated credentials. However these credentials are not required to access the stream. Changing these values does not change camera's behavior. The vendor did not respond in any way. Only version 11.100001.01.28 was tested, other versions might also be vulnerable.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9983
Published : Sept. 22, 2025, 1:08 p.m. | 2 hours, 13 minutes ago
Description : GALAYOU G2 cameras stream video output via RTSP streams. By default these streams are protected by randomly generated credentials. However these credentials are not required to access the stream. Changing these values does not change camera's behavior. The vendor did not respond in any way. Only version 11.100001.01.28 was tested, other versions might also be vulnerable.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59568 - WordPress Zoho Flow Plugin <= 2.14.1 - Cross Site Request Forgery (CSRF) Vulnerability
CVE ID : CVE-2025-59568
Published : Sept. 22, 2025, 6:25 p.m. | 56 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Zoho Flow Zoho Flow allows Cross Site Request Forgery. This issue affects Zoho Flow: from n/a through 2.14.1.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59568
Published : Sept. 22, 2025, 6:25 p.m. | 56 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Zoho Flow Zoho Flow allows Cross Site Request Forgery. This issue affects Zoho Flow: from n/a through 2.14.1.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59567 - WordPress Coupon Affiliates Plugin <= 6.8.0 - Broken Access Control Vulnerability
CVE ID : CVE-2025-59567
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Missing Authorization vulnerability in Elliot Sowersby / RelyWP Coupon Affiliates allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Coupon Affiliates: from n/a through 6.8.0.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59567
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Missing Authorization vulnerability in Elliot Sowersby / RelyWP Coupon Affiliates allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Coupon Affiliates: from n/a through 6.8.0.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59565 - WordPress Upsell Order Bump Offer for WooCommerce Plugin <= 3.0.7 - Cross Site Scripting (XSS) Vulnerability
CVE ID : CVE-2025-59565
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Swings Upsell Order Bump Offer for WooCommerce allows Stored XSS. This issue affects Upsell Order Bump Offer for WooCommerce: from n/a through 3.0.7.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59565
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Swings Upsell Order Bump Offer for WooCommerce allows Stored XSS. This issue affects Upsell Order Bump Offer for WooCommerce: from n/a through 3.0.7.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59562 - WordPress Academy LMS Plugin <= 3.3.4 - Insecure Direct Object References (IDOR) Vulnerability
CVE ID : CVE-2025-59562
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Authorization Bypass Through User-Controlled Key vulnerability in Academy LMS Academy LMS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Academy LMS: from n/a through 3.3.4.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59562
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Authorization Bypass Through User-Controlled Key vulnerability in Academy LMS Academy LMS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Academy LMS: from n/a through 3.3.4.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59561 - WordPress Smart Blocks Plugin <= 2.4 - Broken Access Control Vulnerability
CVE ID : CVE-2025-59561
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Missing Authorization vulnerability in hashthemes Smart Blocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Smart Blocks: from n/a through 2.4.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59561
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Missing Authorization vulnerability in hashthemes Smart Blocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Smart Blocks: from n/a through 2.4.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59559 - WordPress Payrexx Payment Gateway for WooCommerce Plugin <= 3.1.5 - Broken Access Control Vulnerability
CVE ID : CVE-2025-59559
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Missing Authorization vulnerability in payrexx Payrexx Payment Gateway for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Payrexx Payment Gateway for WooCommerce: from n/a through 3.1.5.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59559
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Missing Authorization vulnerability in payrexx Payrexx Payment Gateway for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Payrexx Payment Gateway for WooCommerce: from n/a through 3.1.5.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59553 - WordPress Custom iFrame for Elementor Plugin <= 1.0.13 - Cross Site Scripting (XSS) Vulnerability
CVE ID : CVE-2025-59553
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Coderz Studio Custom iFrame for Elementor allows DOM-Based XSS. This issue affects Custom iFrame for Elementor: from n/a through 1.0.13.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59553
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Coderz Studio Custom iFrame for Elementor allows DOM-Based XSS. This issue affects Custom iFrame for Elementor: from n/a through 1.0.13.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59552 - WordPress Save as PDF Plugin <= 4.5.2 - Cross Site Scripting (XSS) Vulnerability
CVE ID : CVE-2025-59552
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pdfcrowd Dev Team Save as PDF allows Stored XSS. This issue affects Save as PDF: from n/a through 4.5.2.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59552
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pdfcrowd Dev Team Save as PDF allows Stored XSS. This issue affects Save as PDF: from n/a through 4.5.2.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59551 - WordPress Revive.so Plugin <= 2.0.6 - Broken Access Control Vulnerability
CVE ID : CVE-2025-59551
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Missing Authorization vulnerability in WP Chill Revive.so allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Revive.so: from n/a through 2.0.6.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59551
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Missing Authorization vulnerability in WP Chill Revive.so allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Revive.so: from n/a through 2.0.6.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59549 - WordPress GetResponse Forms Plugin <= 2.6.0 - Cross Site Scripting (XSS) Vulnerability
CVE ID : CVE-2025-59549
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fatcatapps GetResponse Forms allows Stored XSS. This issue affects GetResponse Forms: from n/a through 2.6.0.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59549
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fatcatapps GetResponse Forms allows Stored XSS. This issue affects GetResponse Forms: from n/a through 2.6.0.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58992 - WordPress Product Catalog Simple Plugin <= 1.8.2 - Cross Site Scripting (XSS) Vulnerability
CVE ID : CVE-2025-58992
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in impleCode Product Catalog Simple allows Stored XSS. This issue affects Product Catalog Simple: from n/a through 1.8.2.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58992
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in impleCode Product Catalog Simple allows Stored XSS. This issue affects Product Catalog Simple: from n/a through 1.8.2.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58974 - WordPress WPComplete Plugin <= 2.9.5.2 - Cross Site Scripting (XSS) Vulnerability
CVE ID : CVE-2025-58974
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StellarWP WPComplete allows Stored XSS. This issue affects WPComplete: from n/a through 2.9.5.2.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58974
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StellarWP WPComplete allows Stored XSS. This issue affects WPComplete: from n/a through 2.9.5.2.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58973 - WordPress Easy Elementor Addons Plugin <= 2.2.8 - Local File Inclusion Vulnerability
CVE ID : CVE-2025-58973
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in hashthemes Easy Elementor Addons allows PHP Local File Inclusion. This issue affects Easy Elementor Addons: from n/a through 2.2.8.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58973
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in hashthemes Easy Elementor Addons allows PHP Local File Inclusion. This issue affects Easy Elementor Addons: from n/a through 2.2.8.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58969 - WordPress Custom Login URL Plugin <= 1.0.2 - Broken Access Control Vulnerability
CVE ID : CVE-2025-58969
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Missing Authorization vulnerability in Greg Winiarski Custom Login URL allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Custom Login URL: from n/a through 1.0.2.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58969
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Missing Authorization vulnerability in Greg Winiarski Custom Login URL allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Custom Login URL: from n/a through 1.0.2.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58968 - WordPress MaxiBlocks Plugin <= 2.1.3 - Broken Access Control Vulnerability
CVE ID : CVE-2025-58968
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Missing Authorization vulnerability in Christiaan Pieterse MaxiBlocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MaxiBlocks: from n/a through 2.1.3.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58968
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Missing Authorization vulnerability in Christiaan Pieterse MaxiBlocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MaxiBlocks: from n/a through 2.1.3.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58965 - WordPress Fusion Page Builder : Extension – Gallery Plugin <= 1.7.6 - Cross Site Scripting (XSS) Vulnerability
CVE ID : CVE-2025-58965
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Agency Dominion Inc. Fusion Page Builder : Extension – Gallery allows Stored XSS. This issue affects Fusion Page Builder : Extension – Gallery: from n/a through 1.7.6.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58965
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Agency Dominion Inc. Fusion Page Builder : Extension – Gallery allows Stored XSS. This issue affects Fusion Page Builder : Extension – Gallery: from n/a through 1.7.6.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58962 - WordPress Publitio Plugin <= 2.2.1 - Server Side Request Forgery (SSRF) Vulnerability
CVE ID : CVE-2025-58962
Published : Sept. 22, 2025, 6:26 p.m. | 55 minutes ago
Description : Server-Side Request Forgery (SSRF) vulnerability in publitio Publitio allows Server Side Request Forgery. This issue affects Publitio: from n/a through 2.2.1.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58962
Published : Sept. 22, 2025, 6:26 p.m. | 55 minutes ago
Description : Server-Side Request Forgery (SSRF) vulnerability in publitio Publitio allows Server Side Request Forgery. This issue affects Publitio: from n/a through 2.2.1.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58960 - WordPress IP Based Login Plugin <= 2.4.3 - Cross Site Scripting (XSS) Vulnerability
CVE ID : CVE-2025-58960
Published : Sept. 22, 2025, 6:26 p.m. | 55 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brijeshk89 IP Based Login allows Stored XSS. This issue affects IP Based Login: from n/a through 2.4.3.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58960
Published : Sept. 22, 2025, 6:26 p.m. | 55 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brijeshk89 IP Based Login allows Stored XSS. This issue affects IP Based Login: from n/a through 2.4.3.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58957 - WordPress VPSUForm Plugin <= 3.2.20 - Broken Access Control Vulnerability
CVE ID : CVE-2025-58957
Published : Sept. 22, 2025, 6:26 p.m. | 55 minutes ago
Description : Missing Authorization vulnerability in Vikas Ratudi VPSUForm allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects VPSUForm: from n/a through 3.2.20.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58957
Published : Sept. 22, 2025, 6:26 p.m. | 55 minutes ago
Description : Missing Authorization vulnerability in Vikas Ratudi VPSUForm allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects VPSUForm: from n/a through 3.2.20.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58956 - WordPress WP Attractive Donations System Plugin < 1.29 - Cross Site Request Forgery (CSRF) Vulnerability
CVE ID : CVE-2025-58956
Published : Sept. 22, 2025, 6:26 p.m. | 55 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in loopus WP Attractive Donations System allows Stored XSS. This issue affects WP Attractive Donations System: from n/a through n/a.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58956
Published : Sept. 22, 2025, 6:26 p.m. | 55 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in loopus WP Attractive Donations System allows Stored XSS. This issue affects WP Attractive Donations System: from n/a through n/a.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...