CVE ID : CVE-2025-13378 Published : Nov. 27, 2025, 10:15 a.m. | 1 hour, 22 minutes ago Description : The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.0 via the ays_chatgpt_pinecone_upsert function. This makes it possible for unauthenticated attackers […]
CVE ID : CVE-2025-12584 Published : Nov. 27, 2025, 10:15 a.m. | 1 hour, 22 minutes ago Description : The Quick View for WooCommerce plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.17 via the ‘wqv_popup_content’ AJAX endpoint due to insufficient restrictions on which products can be included. This makes […]
ThreatsDay Bulletin: AI Malware, Voice Bot Flaws, Crypto Laundering, IoT Attacks — and 20 More Stories Hackers have been busy again this week. From fake voice calls and AI-powered malware to huge money-laundering busts and new scams, there’s a lot happening in the cyber world.Criminals are getting crea … Read more Published Date: Nov 27, […]
CVE ID : CVE-2025-13536 Published : Nov. 27, 2025, 9:15 a.m. | 19 minutes ago Description : The Blubrry PowerPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in all versions up to, and including, 11.15.2. This is due to the plugin validating file extensions but not halting execution […]
CVE ID : CVE-2025-13441 Published : Nov. 27, 2025, 6:42 a.m. | 38 minutes ago Description : The Hide Category by User Role for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.3.1. This is due to a missing capability check on the admin_init hook that executes wp_cache_flush(). […]
CVE ID : CVE-2025-13157 Published : Nov. 27, 2025, 6:42 a.m. | 38 minutes ago Description : The QODE Wishlist for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.7 via the ‘qode_wishlist_for_woocommerce_wishlist_table_item_callback’ function due to missing validation on a user controlled key. This makes it […]
CVE ID : CVE-2025-13525 Published : Nov. 27, 2025, 6:15 a.m. | 1 hour, 5 minutes ago Description : The WP Directory Kit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘order_by’ parameter in all versions up to, and including, 1.4.5 due to insufficient input sanitization and output escaping. This makes it possible for […]
CVE ID : CVE-2025-13143 Published : Nov. 27, 2025, 6:15 a.m. | 1 hour, 5 minutes ago Description : The Poll, Survey & Quiz Maker Plugin by Opinion Stage plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 19.12.0. This is due to missing or insufficient nonce validation on the […]
The StaffList plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user […]
The Customer Reviews Collector for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ’email-text’ parameter in all versions up to, and including, 4.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully […]
