CVE-2025-64219
Missing Authorization vulnerability in Strategy11 Team Business Directory business-directory-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business Directory: from n/a through
Tagged: Cybersecurity Alert
CVE-2025-64208
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in TieLabs Jannah – Extensions jannah-extensions allows DOM-Based XSS.This issue affects Jannah – Extensions: from n/a through
CVE-2025-64210
Missing Authorization vulnerability in StylemixThemes Masterstudy Elementor Widgets masterstudy-elementor-widgets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Masterstudy Elementor Widgets: from n/a through
CVE-2025-64201
Cross-Site Request Forgery (CSRF) vulnerability in blubrry PowerPress Podcasting powerpress allows Cross Site Request Forgery.This issue affects PowerPress Podcasting: from n/a through
CVE-2025-64202
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in TieLabs Sahifa sahifa allows DOM-Based XSS.This issue affects Sahifa: from n/a through < 5.8.6. More information : https://vdp.patchstack.com/database/Wordpress/Theme/sahifa/vulnerability/wordpress-sahifa-theme-5-8-6-cross-site-scripting-xss-vulnerability
CVE-2025-64204
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ThemeSphere SmartMag smart-mag allows Stored XSS.This issue affects SmartMag: from n/a through
CVE-2025-64197
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in sizam Rehub rehub-theme allows Stored XSS.This issue affects Rehub: from n/a through < 19.9.9.1. More information : https://vdp.patchstack.com/database/Wordpress/Theme/rehub-theme/vulnerability/wordpress-rehub-theme-19-9-9-1-cross-site-scripting-xss-vulnerability
CVE-2025-64199
Missing Authorization vulnerability in WpEstate wpresidence wpresidence allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpresidence: from n/a through
CVE-2025-64200
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in VillaTheme Email Template Customizer for WooCommerce email-template-customizer-for-woo allows Stored XSS.This issue affects Email Template Customizer for WooCommerce: from n/a through
CVE-2025-60075
Cross-Site Request Forgery (CSRF) vulnerability in Allegro Marketing hpb seo plugin for WordPress hpbseo allows Reflected XSS.This issue affects hpb seo plugin for WordPress: from n/a through
CVE-2025-64194
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ThimPress Eduma eduma allows Stored XSS.This issue affects Eduma: from n/a through
CVE-2025-64195
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in ThimPress Eduma eduma allows PHP Local File Inclusion.This issue affects Eduma: from n/a through
CVE-2025-58711
Missing Authorization vulnerability in solwin Blog Designer PRO blog-designer-pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blog Designer PRO: from n/a through
CVE-2025-58939
Cross-Site Request Forgery (CSRF) vulnerability in highwarden Super Store Finder superstorefinder-wp allows Cross Site Request Forgery.This issue affects Super Store Finder: from n/a through