Tagged: Cybersecurity Alert

31/12/2025

CVE-2025-49340

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Digages Direct Payments WP allows Retrieve Embedded Sensitive Data.This issue affects Direct Payments WP: from n/a through 1.3.0. More information : https://vdp.patchstack.com/database/wordpress/plugin/direct-payments-wp/vulnerability/wordpress-direct-payments-wp-plugin-1-3-0-sensitive-data-exposure-vulnerability?_s_id=cve

31/12/2025

Authorization Bypass Through User-Controlled Key vulnerability in YoOhw Studio Order Cancellation & Returns for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Cancellation & Returns for WooCommerce: from n/a through...

31/12/2025

CVE-2025-59138

Server-Side Request Forgery (SSRF) vulnerability in Jthemes Genemy allows Server Side Request Forgery.This issue affects Genemy: from n/a through 1.6.6. More information : https://vdp.patchstack.com/database/wordpress/theme/genemy/vulnerability/wordpress-genemy-theme-1-6-6-server-side-request-forgery-ssrf-vulnerability?_s_id=cve

31/12/2025

CVE-2025-49339

Missing Authorization vulnerability in Digages Direct Payments WP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Direct Payments WP: from n/a through 1.3.0. More information : https://vdp.patchstack.com/database/wordpress/plugin/direct-payments-wp/vulnerability/wordpress-direct-payments-wp-plugin-1-3-0-broken-access-control-vulnerability?_s_id=cve

31/12/2025

CVE-2025-64699

An incorrect NULL DACL issue exists in SevenCs ORCA G2 2.0.1.35 (EC2007 Kernel v5.22). The regService process, which runs with SYSTEM privileges, applies a Security Descriptor to a device object with no explicitly configured...

31/12/2025

CVE-2025-63040

Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal Post Snippets allows Cross Site Request Forgery.This issue affects Post Snippets: from n/a through 4.0.11. More information : https://vdp.patchstack.com/database/wordpress/plugin/post-snippets/vulnerability/wordpress-post-snippets-plugin-4-0-11-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

31/12/2025

CVE-2025-62751

Missing Authorization vulnerability in Extend Themes Vireo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Vireo: from n/a through 1.0.24. More information : https://vdp.patchstack.com/database/wordpress/theme/vireo/vulnerability/wordpress-vireo-theme-1-0-24-broken-access-control-vulnerability?_s_id=cve

31/12/2025

CVE-2025-62755

Unauthenticated Broken Access Control in GS Portfolio for Envato

31/12/2025

CVE-2025-63004

Missing Authorization vulnerability in Skynet Technologies USA LLC All in One Accessibility allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects All in One Accessibility: from n/a through 1.14. More information : https://vdp.patchstack.com/database/wordpress/plugin/all-in-one-accessibility/vulnerability/wordpress-all-in-one-accessibility-plugin-1-14-broken-access-control-vulnerability?_s_id=cve

31/12/2025

CVE-2025-63014

Cross-Site Request Forgery (CSRF) vulnerability in Serhii Pasyuk Gmedia Photo Gallery allows Cross Site Request Forgery.This issue affects Gmedia Photo Gallery: from n/a through 1.24.1. More information : https://vdp.patchstack.com/database/wordpress/plugin/grand-media/vulnerability/wordpress-gmedia-photo-gallery-plugin-1-24-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

31/12/2025

CVE-2025-62143

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in nicashmu Post Video Players allows Retrieve Embedded Sensitive Data.This issue affects Post Video Players: from n/a through 1.163. More information : https://vdp.patchstack.com/database/wordpress/plugin/video-playlist-and-gallery-plugin/vulnerability/wordpress-post-video-players-plugin-1-163-sensitive-data-exposure-vulnerability?_s_id=cve

31/12/2025

CVE-2025-62148

Cross-Site Request Forgery (CSRF) vulnerability in Eugen Bobrowski Robots.Txt rewrite allows Cross Site Request Forgery.This issue affects Robots.Txt rewrite: from n/a through 1.6.1. More information : https://vdp.patchstack.com/database/wordpress/plugin/robotstxt-rewrite/vulnerability/wordpress-robots-txt-rewrite-plugin-1-6-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

31/12/2025

CVE-2025-62150

Missing Authorization vulnerability in Themesawesome History Timeline allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects History Timeline: from n/a through 1.0.6. More information : https://vdp.patchstack.com/database/wordpress/plugin/timeline-awesome/vulnerability/wordpress-history-timeline-plugin-1-0-6-broken-access-control-vulnerability?_s_id=cve

31/12/2025

CVE-2025-62154

Missing Authorization vulnerability in Recorp AI Content Writing Assistant (Content Writer, ChatGPT, Image Generator) All in One allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Content Writing Assistant (Content Writer, ChatGPT,...

Tagged: Cybersecurity Alert

CVE-2025-49340

CVE-2025-49352

CVE-2025-59138

CVE-2025-49339

CVE-2025-64699

CVE-2025-63040

CVE-2025-62751

CVE-2025-62755

CVE-2025-63004

CVE-2025-63014

CVE-2025-62143

CVE-2025-62148

CVE-2025-62150

CVE-2025-62154

Recent Posts

Categories

Tagged: Cybersecurity Alert

Recent Posts

Categories

Tags