The following table lists the changes that have been made to the CVE-2025-8466 vulnerability over time. Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability’s severity, exploitability, or other characteristics. New CVE Received by [email protected] Aug. 02, 2025 Action […]
CVE ID : CVE-2025-8399 Published : Aug. 2, 2025, 9:15 a.m. | 35 minutes ago Description : The Mmm Unity Loader plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘attributes’ parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated […]
CVE ID : CVE-2025-8391 Published : Aug. 2, 2025, 9:15 a.m. | 35 minutes ago Description : The Magic Edge – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘height’ parameter in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for […]
CVE ID : CVE-2025-6832 Published : Aug. 2, 2025, 9:15 a.m. | 35 minutes ago Description : The All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘nonce’ parameter in all versions up to, and including, 2.0 due to insufficient […]
CVE ID : CVE-2025-8317 Published : Aug. 2, 2025, 8:15 a.m. | 1 hour, 35 minutes ago Description : The Custom Word Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘angle’ parameter in all versions up to, and including, 0.3 due to insufficient input sanitization and output escaping. This makes it possible for […]
CVE ID : CVE-2025-8212 Published : Aug. 2, 2025, 8:15 a.m. | 1 hour, 35 minutes ago Description : The Medical Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Typewriter widget in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping on user supplied […]
CVE ID : CVE-2025-8152 Published : Aug. 2, 2025, 8:15 a.m. | 1 hour, 35 minutes ago Description : The WP CTA – Call To Action Plugin, Sticky CTA, Sticky Buttons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘update_cta_status’ and ‘change_sticky_sidebar_name’ functions in all versions up […]
CVE ID : CVE-2025-6754 Published : Aug. 2, 2025, 8:15 a.m. | 1 hour, 35 minutes ago Description : The SEO Metrics plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization checks in both the seo_metrics_handle_connect_button_click() AJAX handler and the seo_metrics_handle_custom_endpoint() function in versions 1.0.5 through 1.0.15. Because the AJAX action only verifies a […]
CVE ID : CVE-2025-6626 Published : Aug. 2, 2025, 8:15 a.m. | 1 hour, 35 minutes ago Description : The ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the API URL Setting in all versions up to, and including, 3.10.3 due to insufficient input sanitization and […]
CVE ID : CVE-2025-4588 Published : Aug. 2, 2025, 8:15 a.m. | 1 hour, 35 minutes ago Description : The 360 Photo Spheres plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘sphere’ shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. […]
Unit A5, Endeavour Business Park
Penner Road, Havant
PO9 1QN
Company Registration Number: 5334133
Company VAT Number: 855 7246 95
