CVE ID : CVE-2025-6717 Published : July 18, 2025, 6:15 a.m. | 1 hour, 19 minutes ago Description : The B1.lt plugin for WordPress is vulnerable to SQL Injection via the ‘id’ parameter in all versions up to, and including, 2.2.56 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the […]
CVE ID : CVE-2025-6222 Published : July 18, 2025, 6:15 a.m. | 1 hour, 19 minutes ago Description : The WooCommerce Refund And Exchange with RMA – Warranty Management, Refund Policy, Manage User Wallet theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ‘ced_rnx_order_exchange_attach_files’ function in all versions up […]
CVE ID : CVE-2025-5811 Published : July 18, 2025, 6:15 a.m. | 1 hour, 19 minutes ago Description : The Listly: Listicles For WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the Init() function in all versions up to, and including, 2.7. This makes it possible for […]
CVE ID : CVE-2025-5800 Published : July 18, 2025, 6:15 a.m. | 1 hour, 19 minutes ago Description : The Testimonial Post type plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘auto_play’ parameter in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for […]
CVE ID : CVE-2025-5767 Published : July 18, 2025, 6:15 a.m. | 1 hour, 19 minutes ago Description : The Crowdfunding for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘width’ parameter in all versions up to, and including, 3.1.14 due to insufficient input sanitization and output escaping. This makes it possible for […]
CVE ID : CVE-2025-5754 Published : July 18, 2025, 6:15 a.m. | 1 hour, 19 minutes ago Description : The Useful Tab Block – Responsive & AMP-Compatible plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This […]
CVE ID : CVE-2025-5752 Published : July 18, 2025, 6:15 a.m. | 1 hour, 19 minutes ago Description : The Vertical scroll image slideshow gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘width’ parameter in all versions up to, and including, 11.1 due to insufficient input sanitization and output escaping. This makes it […]
The following table lists the changes that have been made to the CVE-2025-29572 vulnerability over time. Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability’s severity, exploitability, or other characteristics. CVE Rejected by [email protected] Jul. 18, 2025 Action Type […]
The following table lists the changes that have been made to the CVE-2025-7660 vulnerability over time. Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability’s severity, exploitability, or other characteristics. New CVE Received by [email protected] Jul. 18, 2025 Action […]
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to time-based SQL Injection via the `order_by` parameter in all versions up to, and including, 1.45.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it […]
Unit A5, Endeavour Business Park
Penner Road, Havant
PO9 1QN
Company Registration Number: 5334133
Company VAT Number: 855 7246 95
