Development

CVE ID : CVE-2025-6378

Published : June 26, 2025, 2:15 a.m. | 2 hours, 52 minutes ago

Description : The Responsive Food and Drink Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s display_pdf_menus shortcode in all versions up to, and including, 2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5588

Published : June 26, 2025, 2:15 a.m. | 2 hours, 52 minutes ago

Description : The Image Editor by Pixo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘download’ parameter in all versions up to, and including, 2.3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5812

Published : June 26, 2025, 2:15 a.m. | 2 hours, 52 minutes ago

Description : The VG WORT METIS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the gutenberg_save_post() function in all versions up to, and including, 2.0.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update limited post settings.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6383

Published : June 26, 2025, 2:15 a.m. | 2 hours, 52 minutes ago

Description : The WP-PhotoNav plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s photonav shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6538

Published : June 26, 2025, 2:15 a.m. | 2 hours, 52 minutes ago

Description : The Post Rating and Review plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class’ parameter in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5275

Published : June 26, 2025, 3:15 a.m. | 1 hour, 52 minutes ago

Description : The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the privacy settings fields in all versions up to, and including, 1.8.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
This issue was partially fixed in version 1.8.6.1 and fully fixed in version 1.8.6.2.

Severity: 4.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5813

Published : June 26, 2025, 3:15 a.m. | 1 hour, 52 minutes ago

Description : The Amazon Products to WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wcta2w_get_amazon_product_callback() function in all versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to create new produces.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5929

Published : June 26, 2025, 3:15 a.m. | 1 hour, 52 minutes ago

Description : The The Countdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘clientId’ parameter in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5932

Published : June 26, 2025, 3:15 a.m. | 1 hour, 52 minutes ago

Description : The Homerunner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.29. This is due to missing or incorrect nonce validation on the main_settings() function. This makes it possible for unauthenticated attackers to update plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6540

Published : June 26, 2025, 3:15 a.m. | 1 hour, 52 minutes ago

Description : The web-cam plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘slug’ parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6537

Published : June 26, 2025, 3:15 a.m. | 1 hour, 52 minutes ago

Description : The Namasha By Mdesign plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘playicon_title’ parameter in all versions up to, and including, 1.2.00 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6546

Published : June 26, 2025, 3:15 a.m. | 1 hour, 52 minutes ago

Description : The Drive Folder Embedder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tablecssclass’ parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Quest Patches Critical KACE SMA Flaws, Including CVSS 10 Authentication Bypass

Quest Software has released urgent security hotfixes addressing four newly discovered vulnerabilities in its KACE Systems Management Appliance (SMA) product line, one of which has been rated with the …
Read more

Published Date:
Jun 26, 2025 (2 hours, 57 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-32978

CVE-2025-32977

CVE-2025-32976

CVE-2025-32975

CISA Warns of Critical Flaws in ControlID iDSecure Vehicle Control Software

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a risk advisory on three newly discovered vulnerabilities affecting ControlID iDSecure On-premises, a vehicle access control soft …
Read more

Published Date:
Jun 26, 2025 (2 hours, 45 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-49853

CVE-2025-49852

CVE-2025-49851

CVE-2024-23917

CVE-2025-36004: IBM i Vulnerability Allows Privilege Escalation

IBM has issued a security advisory addressing a high-severity vulnerability in IBM i, its integrated operating system for Power Systems, which could allow a user to gain elevated privileges by exploit …
Read more

Published Date:
Jun 26, 2025 (2 hours, 36 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-36004

CVE-2025-33108

Printer Security Alert: Rapid7 Uncovers Critical Flaws (CVSS 9.8) in Multi Brother Models

In a major coordinated disclosure, Rapid7 has unveiled a disturbing set of vulnerabilities affecting a wide range of multifunction printers (MFPs) across four major vendors—Brother, FUJIFILM Business …
Read more

Published Date:
Jun 26, 2025 (2 hours, 28 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2024-51984

CVE-2024-51983

CVE-2024-51982

CVE-2024-51981

CVE-2024-51980

CVE-2024-51979

CVE-2024-51978

CVE-2024-51977

CISA Alerts on Critical Vulnerabilities in MICROSENS NMP Web+: Attackers Could Gain Full System Access

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a security advisory warning users of multiple high-impact vulnerabilities discovered in MICROSENS NMP Web+, a widely used network …
Read more

Published Date:
Jun 26, 2025 (2 hours, 22 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-49153

CVE-2025-49152

CVE-2025-49151

CVE-2023-48238

CVE-2023-37266

CVE-2025-49144 Privilege Escalation via Notepad++ Installer

Skip to content🛑 OverviewCVE-2025-49144 is a high-severity local privilege escalation vulnerability identified in Notepad++ versions 8.8.1 and earlier. The flaw stems from an insecure executable loadi …
Read more

Published Date:
Jun 26, 2025 (1 hour, 29 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-49144

CISA Catalog Update-June 25, 2025

Skip to content🔍 Executive SummaryThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent update to its Known Exploited Vulnerabilities (KEV) Catalog, highlighting three …
Read more

Published Date:
Jun 26, 2025 (50 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-49144

CVE-2024-54085

CVE-2024-0769

CVE-2019-6693

Firefox 140 Released With Fix for Code Execution Vulnerability – Update Now

Mozilla has released Firefox 140, addressing multiple critical security vulnerabilities, including a high-impact use-after-free vulnerability that could lead to code execution.
The update patches twel …
Read more

Published Date:
Jun 26, 2025 (29 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-6436

CVE-2025-6431

CVE-2025-6430

CVE-2025-6428

CVE-2025-6427

CVE-2025-6426

CVE-2025-6425

CVE-2025-6424