Tagged: Cybersecurity Alert

22/10/2025

CVE-2025-49917

Server-Side Request Forgery (SSRF) vulnerability in Icegram Icegram Express Pro email-subscribers-premium allows Server Side Request Forgery.This issue affects Icegram Express Pro: from n/a through

22/10/2025

Missing Authorization vulnerability in accessiBe Web Accessibility By accessiBe accessibe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Web Accessibility By accessiBe: from n/a through

22/10/2025

CVE-2025-49921

Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in CrocoBlock JetReviews jet-reviews allows PHP Local File Inclusion.This issue affects JetReviews: from n/a through

22/10/2025

CVE-2025-49901

Authentication Bypass Using an Alternate Path or Channel vulnerability in quantumcloud Simple Link Directory qc-simple-link-directory allows Authentication Abuse.This issue affects Simple Link Directory: from n/a through < 14.8.1. More information : https://vdp.patchstack.com/database/Wordpress/Plugin/qc-simple-link-directory/vulnerability/wordpress-simple-link-directory-plugin-14-8-1-broken-authentication-vulnerability

22/10/2025

CVE-2025-49903

Missing Authorization vulnerability in bdthemes ZoloBlocks zoloblocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ZoloBlocks: from n/a through

22/10/2025

CVE-2025-49906

Missing Authorization vulnerability in StellarWP WPComplete wpcomplete allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPComplete: from n/a through

22/10/2025

CVE-2025-49907

Missing Authorization vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MDTF: from n/a through

22/10/2025

CVE-2025-49908

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPClever WPC Countdown Timer for WooCommerce wpc-countdown-timer allows Stored XSS.This issue affects WPC Countdown Timer for WooCommerce: from n/a through

22/10/2025

CVE-2025-49910

Missing Authorization vulnerability in AmentoTech Private Limited WPGuppy wpguppy-lite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPGuppy: from n/a through

22/10/2025

CVE-2025-49899

Missing Authorization vulnerability in jjlemstra Whydonate wp-whydonate allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Whydonate: from n/a through

22/10/2025

CVE-2025-48338

Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Kevon Adonis WP Abstracts wp-abstracts-manuscripts-manager allows PHP Local File Inclusion.This issue affects WP Abstracts: from n/a through

22/10/2025

CVE-2025-49060

Unrestricted Upload of File with Dangerous Type vulnerability in CMSSuperHeroes Wastia wastia allows Upload a Web Shell to a Web Server.This issue affects Wastia: from n/a through < 1.1.3. More information : https://vdp.patchstack.com/database/Wordpress/Theme/wastia/vulnerability/wordpress-wastia-theme-1-1-3-arbitrary-file-upload-vulnerability

22/10/2025

CVE-2025-49373

Cross-Site Request Forgery (CSRF) vulnerability in Evergreen Content Poster Evergreen Content Poster evergreen-content-poster allows Cross Site Request Forgery.This issue affects Evergreen Content Poster: from n/a through

22/10/2025

CVE-2025-49374

Server-Side Request Forgery (SSRF) vulnerability in captcha.eu Captcha.eu captcha-eu allows Server Side Request Forgery.This issue affects Captcha.eu: from n/a through

Tagged: Cybersecurity Alert

CVE-2025-49917

CVE-2025-49920

CVE-2025-49921

CVE-2025-49901

CVE-2025-49903

CVE-2025-49906

CVE-2025-49907

CVE-2025-49908

CVE-2025-49910

CVE-2025-49899

CVE-2025-48338

CVE-2025-49060

CVE-2025-49373

CVE-2025-49374

Recent Posts

Categories

Tagged: Cybersecurity Alert

Recent Posts

Categories

Tags