CVE-2025-57931 - WordPress Popup box plugin <= 5.5.4 - Cross Site Request Forgery (CSRF) vulnerability
CVE ID : CVE-2025-57931
Published : Oct. 29, 2025, 4:15 a.m. | 2 hours, 33 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Popup box allows Cross Site Request Forgery.This issue affects Popup box: from n/a through 5.5.4.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57931
Published : Oct. 29, 2025, 4:15 a.m. | 2 hours, 33 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Popup box allows Cross Site Request Forgery.This issue affects Popup box: from n/a through 5.5.4.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64158 - Apache HTTP Server Unvalidated User Input
CVE ID : CVE-2025-64158
Published : Oct. 29, 2025, 4:16 a.m. | 2 hours, 33 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64158
Published : Oct. 29, 2025, 4:16 a.m. | 2 hours, 33 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64159 - Apache HTTP Server Unvalidated User Input
CVE ID : CVE-2025-64159
Published : Oct. 29, 2025, 4:16 a.m. | 2 hours, 33 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64159
Published : Oct. 29, 2025, 4:16 a.m. | 2 hours, 33 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64160 - Facebook Authentication Bypass
CVE ID : CVE-2025-64160
Published : Oct. 29, 2025, 4:16 a.m. | 2 hours, 33 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64160
Published : Oct. 29, 2025, 4:16 a.m. | 2 hours, 33 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64161 - Apache HTTP Server Cross-Site Request Forgery
CVE ID : CVE-2025-64161
Published : Oct. 29, 2025, 4:16 a.m. | 2 hours, 33 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64161
Published : Oct. 29, 2025, 4:16 a.m. | 2 hours, 33 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64162 - Apache HTTP Server Remote Code Execution
CVE ID : CVE-2025-64162
Published : Oct. 29, 2025, 4:16 a.m. | 2 hours, 33 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64162
Published : Oct. 29, 2025, 4:16 a.m. | 2 hours, 33 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64296 - WordPress Facebook for WooCommerce plugin <= 3.5.7 - Broken Access Control to Notice Dismissal vulnerability
CVE ID : CVE-2025-64296
Published : Oct. 29, 2025, 4:16 a.m. | 2 hours, 33 minutes ago
Description : Missing Authorization vulnerability in Facebook Facebook for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Facebook for WooCommerce: from n/a through 3.5.7.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64296
Published : Oct. 29, 2025, 4:16 a.m. | 2 hours, 33 minutes ago
Description : Missing Authorization vulnerability in Facebook Facebook for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Facebook for WooCommerce: from n/a through 3.5.7.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11705 - Anti-Malware Security and Brute-Force Firewall <= 4.23.81 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Read
CVE ID : CVE-2025-11705
Published : Oct. 29, 2025, 5:15 a.m. | 1 hour, 34 minutes ago
Description : The Anti-Malware Security and Brute-Force Firewall plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 4.23.81 due to a missing capability check combined with an information exposure in several GOTMLS_* AJAX actions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11705
Published : Oct. 29, 2025, 5:15 a.m. | 1 hour, 34 minutes ago
Description : The Anti-Malware Security and Brute-Force Firewall plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 4.23.81 due to a missing capability check combined with an information exposure in several GOTMLS_* AJAX actions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-49042 - WordPress WooCommerce plugin <= 10.0.2 - Cross Site Scripting (XSS) vulnerability
CVE ID : CVE-2025-49042
Published : Oct. 29, 2025, 5:15 a.m. | 1 hour, 34 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooCommerce woocommerce allows Stored XSS.This issue affects WooCommerce: from n/a through 10.0.2.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-49042
Published : Oct. 29, 2025, 5:15 a.m. | 1 hour, 34 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooCommerce woocommerce allows Stored XSS.This issue affects WooCommerce: from n/a through 10.0.2.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62776 - WTW EAGLE DLL Loading Vulnerability (Arbitrary Code Execution)
CVE ID : CVE-2025-62776
Published : Oct. 29, 2025, 5:15 a.m. | 1 hour, 34 minutes ago
Description : The installer of WTW EAGLE (for Windows) 3.0.8.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running application.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62776
Published : Oct. 29, 2025, 5:15 a.m. | 1 hour, 34 minutes ago
Description : The installer of WTW EAGLE (for Windows) 3.0.8.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running application.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9544 - Doppler Forms <= 2.5.1 - Subscriber+ Limited Plugin Installation
CVE ID : CVE-2025-9544
Published : Oct. 29, 2025, 6:15 a.m. | 34 minutes ago
Description : The Doppler Forms WordPress plugin through 2.5.1 registers an AJAX action install_extension without verifying user capabilities or using a nonce. As a result, any authenticated user — including those with the Subscriber role — can install and activate additional Doppler Forms WordPress plugin through 2.5.1 (limited to those whitelisted by the main Doppler Forms WordPress plugin through 2.5.1).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9544
Published : Oct. 29, 2025, 6:15 a.m. | 34 minutes ago
Description : The Doppler Forms WordPress plugin through 2.5.1 registers an AJAX action install_extension without verifying user capabilities or using a nonce. As a result, any authenticated user — including those with the Subscriber role — can install and activate additional Doppler Forms WordPress plugin through 2.5.1 (limited to those whitelisted by the main Doppler Forms WordPress plugin through 2.5.1).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64201 - WordPress PowerPress Podcasting plugin <= 11.13.12 - Cross Site Request Forgery (CSRF) vulnerability
CVE ID : CVE-2025-64201
Published : 2025年10月29日 09:15 | 1 小时,34 分钟 ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in blubrry PowerPress Podcasting powerpress allows Cross Site Request Forgery.This issue affects PowerPress Podcasting: from n/a through <= 11.13.12.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64201
Published : 2025年10月29日 09:15 | 1 小时,34 分钟 ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in blubrry PowerPress Podcasting powerpress allows Cross Site Request Forgery.This issue affects PowerPress Podcasting: from n/a through <= 11.13.12.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64202 - WordPress Sahifa theme < 5.8.6 - Cross Site Scripting (XSS) vulnerability
CVE ID : CVE-2025-64202
Published : 2025年10月29日 09:15 | 1 小时,34 分钟 ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TieLabs Sahifa sahifa allows DOM-Based XSS.This issue affects Sahifa: from n/a through < 5.8.6.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64202
Published : 2025年10月29日 09:15 | 1 小时,34 分钟 ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TieLabs Sahifa sahifa allows DOM-Based XSS.This issue affects Sahifa: from n/a through < 5.8.6.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64204 - WordPress SmartMag theme <= 10.3.1 - Cross Site Scripting (XSS) vulnerability
CVE ID : CVE-2025-64204
Published : 2025年10月29日 09:15 | 1 小时,34 分钟 ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeSphere SmartMag smart-mag allows Stored XSS.This issue affects SmartMag: from n/a through <= 10.3.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64204
Published : 2025年10月29日 09:15 | 1 小时,34 分钟 ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeSphere SmartMag smart-mag allows Stored XSS.This issue affects SmartMag: from n/a through <= 10.3.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64208 - WordPress Jannah - Extensions plugin <= 1.1.4 - Cross Site Scripting (XSS) vulnerability
CVE ID : CVE-2025-64208
Published : 2025年10月29日 09:15 | 1 小时,34 分钟 ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TieLabs Jannah - Extensions jannah-extensions allows DOM-Based XSS.This issue affects Jannah - Extensions: from n/a through <= 1.1.4.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64208
Published : 2025年10月29日 09:15 | 1 小时,34 分钟 ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TieLabs Jannah - Extensions jannah-extensions allows DOM-Based XSS.This issue affects Jannah - Extensions: from n/a through <= 1.1.4.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64210 - WordPress Masterstudy Elementor Widgets plugin <= 1.2.4 - Broken Access Control vulnerability
CVE ID : CVE-2025-64210
Published : 2025年10月29日 09:15 | 1 小时,34 分钟 ago
Description : Missing Authorization vulnerability in StylemixThemes Masterstudy Elementor Widgets masterstudy-elementor-widgets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Masterstudy Elementor Widgets: from n/a through <= 1.2.4.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64210
Published : 2025年10月29日 09:15 | 1 小时,34 分钟 ago
Description : Missing Authorization vulnerability in StylemixThemes Masterstudy Elementor Widgets masterstudy-elementor-widgets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Masterstudy Elementor Widgets: from n/a through <= 1.2.4.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64211 - WordPress Masterstudy Elementor Widgets plugin <= 1.2.4 - Broken Access Control vulnerability
CVE ID : CVE-2025-64211
Published : 2025年10月29日 09:15 | 1 小时,34 分钟 ago
Description : Missing Authorization vulnerability in StylemixThemes Masterstudy Elementor Widgets masterstudy-elementor-widgets allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Masterstudy Elementor Widgets: from n/a through <= 1.2.4.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64211
Published : 2025年10月29日 09:15 | 1 小时,34 分钟 ago
Description : Missing Authorization vulnerability in StylemixThemes Masterstudy Elementor Widgets masterstudy-elementor-widgets allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Masterstudy Elementor Widgets: from n/a through <= 1.2.4.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64212 - WordPress MasterStudy LMS Pro plugin < 4.7.16 - Broken Access Control vulnerability
CVE ID : CVE-2025-64212
Published : 2025年10月29日 09:15 | 1 小时,34 分钟 ago
Description : Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MasterStudy LMS Pro: from n/a through < 4.7.16.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64212
Published : 2025年10月29日 09:15 | 1 小时,34 分钟 ago
Description : Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MasterStudy LMS Pro: from n/a through < 4.7.16.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64216 - WordPress SmartMag theme <= 10.3.0 - Local File Inclusion vulnerability
CVE ID : CVE-2025-64216
Published : 2025年10月29日 09:15 | 1 小时,34 分钟 ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeSphere SmartMag smart-mag allows PHP Local File Inclusion.This issue affects SmartMag: from n/a through <= 10.3.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64216
Published : 2025年10月29日 09:15 | 1 小时,34 分钟 ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeSphere SmartMag smart-mag allows PHP Local File Inclusion.This issue affects SmartMag: from n/a through <= 10.3.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64219 - WordPress Business Directory plugin <= 6.4.18 - Broken Access Control vulnerability
CVE ID : CVE-2025-64219
Published : 2025年10月29日 09:15 | 1 小时,34 分钟 ago
Description : Missing Authorization vulnerability in Strategy11 Team Business Directory business-directory-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business Directory: from n/a through <= 6.4.18.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64219
Published : 2025年10月29日 09:15 | 1 小时,34 分钟 ago
Description : Missing Authorization vulnerability in Strategy11 Team Business Directory business-directory-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business Directory: from n/a through <= 6.4.18.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64220 - WordPress Rey Core plugin <= 3.1.8 - Cross Site Scripting (XSS) vulnerability
CVE ID : CVE-2025-64220
Published : 2025年10月29日 09:15 | 1 小时,34 分钟 ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ReyCommerce Rey Core rey-core allows Stored XSS.This issue affects Rey Core: from n/a through <= 3.1.8.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64220
Published : 2025年10月29日 09:15 | 1 小时,34 分钟 ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ReyCommerce Rey Core rey-core allows Stored XSS.This issue affects Rey Core: from n/a through <= 3.1.8.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...