CVE-2025-20059 impacts Ping Identity CVE-2025-20059 represents a critical security vulnerability known as a Relative Path Traversal flaw, which impacts the Ping Identity PingAM Java Policy Agent. This vulnerability allows for parameter i … Read more Published Date: Mar 01, 2025 (4 hours, 10 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2025-27364 CVE-2025-20059
CVE ID : CVE-2025-1404 Published : March 1, 2025, 12:15 p.m. | 1 hour ago Description : The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_sccp_reports_user_search() function in all versions up to, and including, 4.4.7. This makes it […]
CVE ID : CVE-2024-13833 Published : March 1, 2025, 12:15 p.m. | 1 hour ago Description : The Album Gallery – WordPress Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.3 via deserialization of untrusted input from gallery meta. This makes it possible for authenticated attackers, with […]
CVE-2024-53675: PoC Exploit Released for HPE Insight RS XML Injection Flaw Security researcher Robin recently disclosed details and a PoC exploit code of an XML external entity injection (XXE) vulnerability, tracked as CVE-2024-53675, affecting HPE Insight Remote Support (In … Read more Published Date: Mar 01, 2025 (2 hours, 55 minutes ago) Vulnerabilities has been mentioned in […]
The following table lists the changes that have been made to the CVE-2025-1786 vulnerability over time. Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability’s severity, exploitability, or other characteristics. New CVE Received by [email protected] Mar. 01, 2025 Action […]
The GenerateBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.1 via the ‘get_image_description’ function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including the content of private, draft, and scheduled posts and pages.
The following table lists the changes that have been made to the CVE-2025-1291 vulnerability over time. Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability’s severity, exploitability, or other characteristics. New CVE Received by [email protected] Mar. 01, 2025 Action […]
The Database Backup and check Tables Automated With Scheduler 2024 plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ‘database_backup_ajax_delete’ function in all versions up to, and including, 2.35. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the […]
The Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.4 via the ‘nice_links’. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be […]
The Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.9 via the ‘bp-better-messages’ directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/bp-better-messages directory which can contain file […]
Unit A5, Endeavour Business Park
Penner Road, Havant
PO9 1QN
Company Registration Number: 5334133
Company VAT Number: 855 7246 95
