Tagged: Cybersecurity Alert

22/09/2025

CVE-2025-58010

Cross-Site Request Forgery (CSRF) vulnerability in straightvisions GmbH SV Proven Expert allows Cross Site Request Forgery. This issue affects SV Proven Expert: from n/a through 2.0.06. More information : https://patchstack.com/database/wordpress/plugin/sv-provenexpert/vulnerability/wordpress-sv-proven-expert-plugin-2-0-06-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

22/09/2025

CVE-2025-58011

Server-Side Request Forgery (SSRF) vulnerability in Alex Content Mask allows Server Side Request Forgery. This issue affects Content Mask: from n/a through 1.8.5.2. More information : https://patchstack.com/database/wordpress/plugin/content-mask/vulnerability/wordpress-content-mask-plugin-1-8-5-2-server-side-request-forgery-ssrf-vulnerability?_s_id=cve

22/09/2025

CVE-2025-58012

Authorization Bypass Through User-Controlled Key vulnerability in Alex Content Mask allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Content Mask: from n/a through 1.8.5.2. More information : https://patchstack.com/database/wordpress/plugin/content-mask/vulnerability/wordpress-content-mask-plugin-1-8-5-2-insecure-direct-object-references-idor-vulnerability?_s_id=cve

22/09/2025

CVE-2025-58000

Missing Authorization vulnerability in memberful Memberful allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Memberful: from n/a through 1.75.0. More information : https://patchstack.com/database/wordpress/plugin/memberful-wp/vulnerability/wordpress-memberful-plugin-1-75-0-broken-access-control-vulnerability?_s_id=cve

22/09/2025

CVE-2025-58001

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Noumaan Yaqoob Compact Archives allows Stored XSS. This issue affects Compact Archives: from n/a through 4.1.0. More information : https://patchstack.com/database/wordpress/plugin/compact-archives/vulnerability/wordpress-compact-archives-plugin-4-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve

22/09/2025

CVE-2025-58002

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Milan Petrovic GD bbPress Tools allows DOM-Based XSS. This issue affects GD bbPress Tools: from n/a through 3.5.3. More information : https://patchstack.com/database/wordpress/plugin/gd-bbpress-tools/vulnerability/wordpress-gd-bbpress-tools-plugin-3-5-3-cross-site-scripting-xss-vulnerability?_s_id=cve

22/09/2025

CVE-2025-58003

Missing Authorization vulnerability in javothemes Javo Core allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Javo Core: from n/a through 3.0.0.266. More information : https://patchstack.com/database/wordpress/plugin/javo-core/vulnerability/wordpress-javo-core-plugin-3-0-0-266-broken-access-control-vulnerability?_s_id=cve

22/09/2025

CVE-2025-58004

Missing Authorization vulnerability in SmartDataSoft DriCub allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects DriCub: from n/a through 2.9. More information : https://patchstack.com/database/wordpress/theme/dricub-driving-school/vulnerability/wordpress-dricub-theme-2-9-broken-access-control-vulnerability?_s_id=cve

22/09/2025

CVE-2025-58005

Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft DriCub allows Server Side Request Forgery. This issue affects DriCub: from n/a through 2.9. More information : https://patchstack.com/database/wordpress/theme/dricub-driving-school/vulnerability/wordpress-dricub-theme-2-9-server-side-request-forgery-ssrf-vulnerability?_s_id=cve

22/09/2025

CVE-2025-58006

URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in CRM Perks WP Gravity Forms Keap/Infusionsoft allows Phishing. This issue affects WP Gravity Forms Keap/Infusionsoft: from n/a through 1.2.4. More information : https://patchstack.com/database/wordpress/plugin/gf-infusionsoft/vulnerability/wordpress-wp-gravity-forms-keap-infusionsoft-plugin-1-2-4-open-redirection-vulnerability?_s_id=cve

22/09/2025

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Hamid Reza Yazdani E-namad & Shamed Logo Manager allows Stored XSS. This issue affects E-namad & Shamed Logo Manager: from n/a through...

22/09/2025

CVE-2025-57999

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in wpkoithemes WPKoi Templates for Elementor allows DOM-Based XSS. This issue affects WPKoi Templates for Elementor: from n/a through 3.4.1. More information :...

22/09/2025

CVE-2025-57994

Authorization Bypass Through User-Controlled Key vulnerability in Sayful Islam Upcoming Events Lists allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Upcoming Events Lists: from n/a through 1.4.0. More information : https://patchstack.com/database/wordpress/plugin/upcoming-events-lists/vulnerability/wordpress-upcoming-events-lists-plugin-1-4-0-insecure-direct-object-references-idor-vulnerability?_s_id=cve

22/09/2025

CVE-2025-57995

Missing Authorization vulnerability in Detheme DethemeKit For Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects DethemeKit For Elementor: from n/a through 2.1.10. More information : https://patchstack.com/database/wordpress/plugin/dethemekit-for-elementor/vulnerability/wordpress-dethemekit-for-elementor-plugin-2-1-10-broken-access-control-vulnerability-2?_s_id=cve

Tagged: Cybersecurity Alert

CVE-2025-58010

CVE-2025-58011

CVE-2025-58012

CVE-2025-58000

CVE-2025-58001

CVE-2025-58002

CVE-2025-58003

CVE-2025-58004

CVE-2025-58005

CVE-2025-58006

CVE-2025-57998

CVE-2025-57999

CVE-2025-57994

CVE-2025-57995

Recent Posts

Categories

Tagged: Cybersecurity Alert

Recent Posts

Categories

Tags