NuytsTech Security

CVE-2025-4567

The Post Slider and Post Carousel with Post Vertical Scrolling Widget WordPress plugin before 3.2.10 does not validate and escape some of its Widget options before outputting them back in a page/post where the...

CVE-2025-3662

The FancyBox for WordPress plugin before 3.3.6 does not escape captions and titles attributes before using them to populate galleries’ caption fields. The issue was received as a Contributor+ Stored XSS, however one of...

CVE-2025-3584

The Newsletter WordPress plugin before 8.8.2 does not sanitise and escape some of its Subscription settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the...

CVE-2025-31712

In cplog service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. Assigner : security@unisoc.com...

CVE-2025-31711

In cplog service, there is a possible system crash due to null pointer dereference. This could lead to local denial of service with no additional execution privileges needed. Assigner : security@unisoc.com More information :...

CVE-2025-31710

In engineermode service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. Assigner : security@unisoc.com More information :...

CVE-2025-4797

The Golo – City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.7.0. This is due to the plugin not...

CVE-2025-4224

The wpForo + wpForo Advanced Attachments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via media upload names in all versions up to, and including, 3.1.3 due to insufficient input sanitization and output...