CVE ID : CVE-2025-7684 Published : Aug. 16, 2025, 4:16 a.m. | 2 hours, 18 minutes ago Description : The Last.fm Recent Album Artwork plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the ‘lastfm_albums_artwork.php’ page. This makes it […]
CVE ID : CVE-2025-7683 Published : Aug. 16, 2025, 4:16 a.m. | 2 hours, 18 minutes ago Description : The LatestCheckins plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1. This is due to missing or incorrect nonce validation on the ‘LatestCheckins’ page. This makes it possible for unauthenticated […]
CVE ID : CVE-2025-7668 Published : Aug. 16, 2025, 4:16 a.m. | 2 hours, 19 minutes ago Description : The Linux Promotional Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the ‘inux-promotional-plugin.php’ page. This makes it possible […]
CVE ID : CVE-2025-7664 Published : Aug. 16, 2025, 4:16 a.m. | 2 hours, 19 minutes ago Description : The AL Pack plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the check_activate_permission() permission callback for the /wp-json/presslearn/v1/activate REST API endpoint in all versions up to, and including, 1.0.2. The callback […]
CVE ID : CVE-2025-7651 Published : Aug. 16, 2025, 4:16 a.m. | 2 hours, 19 minutes ago Description : The Earnware Connect plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘ew_hasrole’ shortcode in all versions up to, and including, 1.0.73 due to insufficient input sanitization and output escaping on user supplied attributes. This […]
CVE ID : CVE-2025-7649 Published : Aug. 16, 2025, 4:16 a.m. | 2 hours, 19 minutes ago Description : The Surbma | Recent Comments Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘recent-comments’ shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user […]
The following table lists the changes that have been made to the CVE-2025-7441 vulnerability over time. Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability’s severity, exploitability, or other characteristics. New CVE Received by [email protected] Aug. 16, 2025 Action […]
CVE ID : CVE-2025-7440 Published : Aug. 16, 2025, 4:16 a.m. | 2 hours, 19 minutes ago Description : The Anber Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the $item[‘button_link’][‘url’] parameter in all versions up to, and including, 1.0.1 to insufficient input sanitization and output escaping. This makes it possible for authenticated […]
CVE ID : CVE-2025-7439 Published : Aug. 16, 2025, 4:16 a.m. | 2 hours, 19 minutes ago Description : Anber Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the $anber_item[‘button_link’][‘url’]’ parameter in all versions up to, and including, 1.0.1 to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, […]
CVE ID : CVE-2025-6221 Published : Aug. 16, 2025, 4:16 a.m. | 2 hours, 19 minutes ago Description : The Embed Bokun plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ parameter in all versions up to, and including, 0.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated […]
Unit A5, Endeavour Business Park
Penner Road, Havant
PO9 1QN
Company Registration Number: 5334133
Company VAT Number: 855 7246 95
