Tagged: Cybersecurity Alert

The Real Cookie Banner: GDPR & ePrivacy Cookie Consent plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.2.4. This is due to insufficient validation on the...

IBM App Connect Enterprise 13.0.1.0 through 13.0.4.2, and 12.0.1.0 through 12.0.12.17 could allow an authenticated user to perform unauthorized actions on customer defined resources due to missing authorization. More information : https://www.ibm.com/support/pages/node/7249061

SSRF and Reflected XSS Vulnerabilities exist in multiple WSO2 products within the deprecated Try-It feature, which was accessible only to administrative users. This feature accepted user-supplied URLs without proper validation, leading to server-side request...

OpenVPN 2.7_alpha1 through 2.7_beta1 on POSIX based platforms allows a remote authenticated server to inject shell commands via DNS variables when –dns-updown is in use More information : https://community.openvpn.net/Security%20Announcements/CVE-2025-10680

The VNPAY Payment gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘message’ parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This...

The IndieAuth plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4. This is due to missing nonce verification on the `login_form_indieauth()` function and the authorization endpoint...

The Disable Content Editor For Specific Template plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0. This is due to missing nonce validation on template configuration...

The Simple Excel Pricelist for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pricelist’ shortcode in all versions up to, and including, 1.13 due to insufficient input sanitization and output...

The AIO Forms – Craft Complex Forms Easily plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import functionality in all versions up to, and including,...

The Multi Item Responsive Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the ‘mioptions.php’...

The NGINX Cache Optimizer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘nginxcacheoptimizer-blacklist-update’ AJAX action in all versions up to, and including, 1.1. This...

The qnotsquiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘qnotsquiz_custom_start_text’ parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it...

The Supervisor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX functions in all versions up to, and including, 1.3.2. This makes it possible...

The Originality.ai AI Checker plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ‘ai_scan_result_remove’ function in all versions up to, and including, 1.0.12. This makes...