CVE ID : CVE-2025-5060 Published : Aug. 23, 2025, 7:15 a.m. | 29 minutes ago Description : The Bravis User plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.0. This is due to the plugin not properly logging a user in with the data that was previously verified through […]
The following table lists the changes that have been made to the CVE-2025-9357 vulnerability over time. Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability’s severity, exploitability, or other characteristics. New CVE Received by [email protected] Aug. 23, 2025 Action […]
CVE ID : CVE-2025-7813 Published : Aug. 23, 2025, 6:15 a.m. | 1 hour, 29 minutes ago Description : The Events Calendar, Event Booking, Registrations and Event Tickets – Eventin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.37 via the proxy_image function. This makes it possible for unauthenticated […]
CVE ID : CVE-2025-9131 Published : Aug. 23, 2025, 5:15 a.m. | 21 minutes ago Description : The Ogulo – 360° Tour plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘slug’ parameter in all versions up to, and including, 1.0.11 due to insufficient input sanitization and output escaping. This makes it possible for […]
CVE ID : CVE-2025-9048 Published : Aug. 23, 2025, 5:15 a.m. | 21 minutes ago Description : The Wptobe-memberships plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the del_img_ajax_call() function in all versions up to, and including, 3.4.2. This makes it possible for authenticated attackers, with Subscriber-level access […]
CVE ID : CVE-2025-8062 Published : Aug. 23, 2025, 5:15 a.m. | 21 minutes ago Description : The WS Theme Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ws_weather shortcode in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This […]
CVE ID : CVE-2025-7957 Published : Aug. 23, 2025, 5:15 a.m. | 22 minutes ago Description : The ShortcodeHub plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘author_link_target’ parameter in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with […]
CVE ID : CVE-2025-7842 Published : Aug. 23, 2025, 5:15 a.m. | 22 minutes ago Description : The Silencesoft RSS Reader plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.6. This is due to missing or incorrect nonce validation on the ‘sil_rss_edit_page’ page. This makes it possible for […]
CVE ID : CVE-2025-7841 Published : Aug. 23, 2025, 5:15 a.m. | 22 minutes ago Description : The Sertifier Certificate & Badge Maker for WordPress – Tutor LMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.19. This is due to missing or incorrect nonce validation on the […]
CVE ID : CVE-2025-7839 Published : Aug. 23, 2025, 5:15 a.m. | 22 minutes ago Description : The Restore Permanently delete Post or Page Data plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the rp_dpo_dpa_ajax_dp_delete_data() function. This […]
Unit A5, Endeavour Business Park
Penner Road, Havant
PO9 1QN
Company Registration Number: 5334133
Company VAT Number: 855 7246 95
