The WP Scraper plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.8.1 via the wp_scraper_extract_content function. This makes it possible for authenticated attackers, with Administrator-level access...
The GSheetConnector For Gravity Forms plugin for WordPress is vulnerable to authorization bypass in versions less than, or equal to, 1.3.27. This is due to a missing capability check on the ‘install_plugin’ function. This...
The GSheetConnector For Gravity Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions less than, or equal to, 1.3.23. This is due to missing or incorrect nonce validation on the activate_plugin...
The Newsup theme for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the newsup_admin_info_install_plugin() function in all versions up to, and including, 5.0.10. This makes it possible for...
The WidgetPack Comment System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.1. This is due to missing or incorrect nonce validation on the wpcmt_sync action...
The Page Blocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validation on the admin_process_widget_page_change function. This...
The Custom 404 Pro plugin for WordPress is vulnerable to time-based SQL Injection via the ‘path’ parameter in all versions up to, and including, 3.12.0 due to insufficient escaping on the user supplied parameter...
Buffer overflow vulnerability in the device management module. Successful exploitation of this vulnerability may affect availability. More information : https://consumer.huawei.com/en/support/bulletin/2025/10/
The WooCommerce Designer Pro plugin for WordPress, used by the Pricom – Printing Company & Design Services WordPress theme, is vulnerable to arbitrary file deletion due to insufficient file path validation in the ‘wcdp_save_canvas_design_ajax’...
The Easy Plugin Stats plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘eps’ shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping...
The Code Quality Control Tool plugin for WordPress is vulnerable to Sensitive Information Exposure in version 0.1 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information...
Vulnerability of improper exception handling in the print module. Successful exploitation of this vulnerability may affect availability. More information : https://consumer.huawei.com/en/support/bulletin/2025/10/
Vulnerability of improper exception handling in the print module. Successful exploitation of this vulnerability may affect availability. More information : https://consumer.huawei.com/en/support/bulletin/2025/10/
Buffer overflow vulnerability in the device management module. Successful exploitation of this vulnerability may affect availability. More information : https://consumer.huawei.com/en/support/bulletin/2025/10/