The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the savePackage function in all versions up to, and including, 3.3.12. This makes it possible for authenticated attackers, with Author-level access and above, to delete arbitrary files on the server, which can easily lead to remote […]
The following table lists the changes that have been made to the CVE-2021-4455 vulnerability over time. Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability’s severity, exploitability, or other characteristics. New CVE Received by [email protected] Apr. 19, 2025 Action […]
The following table lists the changes that have been made to the CVE-2025-3797 vulnerability over time. Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability’s severity, exploitability, or other characteristics. New CVE Received by [email protected] Apr. 19, 2025 Action […]
CVE ID : CVE-2025-2111 Published : April 19, 2025, 6:15 a.m. | 2 hours ago Description : The Insert Headers And Footers plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.1. This is due to missing or incorrect nonce validation on the ‘custom_plugin_set_option’ function. This makes it possible […]
CVE ID : CVE-2025-3809 Published : April 19, 2025, 6:15 a.m. | 2 hours ago Description : The Debug Log Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the auto-refresh debug log in all versions up to, and including, 2.3.4 due to insufficient input sanitization and output escaping. This makes it possible for […]
CVE ID : CVE-2024-13926 Published : April 19, 2025, 6:15 a.m. | 2 hours ago Description : The WP-Syntax WordPress plugin through 1.2 does not properly handle input, allowing an attacker to create a post containing a large number of tags, thereby exploiting a catastrophic backtracking issue in the regular expression processing to cause a DoS. […]
CVE ID : CVE-2025-3103 Published : April 19, 2025, 5:15 a.m. | 56 minutes ago Description : The CLEVER – HTML5 Radio Player With History – Shoutcast and Icecast – Elementor Widget Addon plugin for WordPress is vulnerable to arbitrary file read due to insufficient file path validation in the ‘history.php’ file in all versions up […]
CVE ID : CVE-2025-3275 Published : April 19, 2025, 4:15 a.m. | 1 hour, 56 minutes ago Description : The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the TF E Slider widget in all versions up to, and including, 2.2.5 due to insufficient input sanitization and output escaping. This makes […]
CVE ID : CVE-2025-1457 Published : April 19, 2025, 4:15 a.m. | 1 hour, 56 minutes ago Description : The Element Pack Addons for Elementor – Free Templates and Widgets for Your WordPress Websites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Wrapper Link, Countdown and Gallery widgets in all versions up to, and […]
CVE ID : CVE-2025-1093 Published : April 19, 2025, 4:15 a.m. | 1 hour, 56 minutes ago Description : The AIHub theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the generate_image function in all versions up to, and including, 1.3.7. This makes it possible for unauthenticated attackers to upload […]
Unit A5, Endeavour Business Park
Penner Road, Havant
PO9 1QN
Company Registration Number: 5334133
Company VAT Number: 855 7246 95
