VulnCheck KEV: CVE-2025-32257

Exposure of Sensitive System Information Due to Uncleared Debug Information vulnerability in 1clickmigration 1 Click WordPress Migration 1-click-migration allows Retrieve Embedded Sensitive Data.This issue affects 1 Click WordPress Migration: from n/a through = 2.5.7...

CVE-2026-30578

File Thinghie 2.5.7 is vulnerable to Cross Site Scripting XSS. A malicious user can leverage the "dir" parameter of the GET request to invoke arbitrary javascript code...

EUVD-2026-13742

File Thingie 2.5.7 is vulnerable to Directory Traversal. A malicious user can leverage the "create folder from url" functionality of the application to read arbitrary files on the target system...

EUVD-2026-13732

File Thinghie 2.5.7 is vulnerable to Cross Site Scripting XSS. A malicious user can leverage the "dir" parameter of the GET request to invoke arbitrary javascript code...

File Thingie 安全漏洞

File Thingie is a file manager personally developed by Frances Leese. Version 2.5.7 of File Thingie has a security vulnerability, which stems from improper handling of special filenames during the upload file function. This vulnerability may lead to cross-site scripting attacks...

CVE-2026-30580

File Thingie 2.5.7 is vulnerable to Directory Traversal. A malicious user can leverage the "create folder from url" functionality of the application to read arbitrary files on the target system...

File Thingie 安全漏洞

File Thingie is a file manager developed by Frances Leese. Version 2.5.7 of File Thingie has a security vulnerability, which stems from improper handling of the dir parameter in GET requests, potentially leading to cross-site scripting attacks...

CVE-2026-30578

File Thinghie 2.5.7 is vulnerable to Cross Site Scripting XSS. A malicious user can leverage the "dir" parameter of the GET request to invoke arbitrary javascript code...

CVE-2026-27210

Pannellum is a lightweight, free, and open source panorama viewer for the web. In versions 3.5.0 through 2.5.6, the hot spot attributes configuration property allowed any attribute to be set, including HTML event handler attributes, allowing for potential XSS attacks. This affects websites hostin...

CVE-2026-27210

Pannellum is a lightweight, free, and open source panorama viewer for the web. In versions 3.5.0 through 2.5.6, the hot spot attributes configuration property allowed any attribute to be set, including HTML event handler attributes, allowing for potential XSS attacks. This affects websites hostin...

EUVD-2025-205721

Missing Authorization vulnerability in Marketing Fire Discussion Board wp-discussion-board allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Discussion Board: from n/a through = 2.5.7...

CVE-2025-69023

Technical details about CVE-2025-69023 are not provided in the supplied documents. No affected product version, impact, or remediation specifics are disclosed here; monitor for updates in the referenced sources.

CVE-2025-69023 WordPress Discussion Board plugin <= 2.5.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Marketing Fire Discussion Board wp-discussion-board allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Discussion Board: from n/a through = 2.5.7...

WordPress plugin Discussion Board 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in PHP. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPress plugi...

PT-2025-53904

Name of the Vulnerable Software and Affected Versions Marketing Fire Discussion Board wp-discussion-board versions through 2.5.7 Description An authorization issue exists in Marketing Fire Discussion Board wp-discussion-board, allowing exploitation due to incorrectly configured access control...

CVE-2023-53942

File Thingie 2.5.7 contains an authenticated file upload vulnerability that allows remote attackers to upload malicious PHP zip archives to the web server. Attackers can create a custom PHP payload, upload and unzip it, and then execute arbitrary system commands through a crafted PHP script with ...

WordPress All-in-One Addons for Elementor – WidgetKit plugin <= 2.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team and Countdown Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Team and Countdown Widgets vulnerability discovered by zer0gh0st in WordPress Plugin WidgetKit versions = 2.5.6...

EUVD-2025-34142

The Pz-LinkCard WordPress plugin before 2.5.7 does not validate a parameter before making a request to it, which could allow users with a role as low as Contributor to perform SSRF attack...

CVE-2025-8594

The Pz-LinkCard WordPress plugin before 2.5.7 does not validate a parameter before making a request to it, which could allow users with a role as low as Contributor to perform SSRF attack...

CVE-2025-8594

The CVE-2025-8594 entry describes a server-side request forgery (SSRF) vulnerability in the WordPress plugin Pz-LinkCard, version prior to 2.5.7. The issue arises because a request parameter is not validated before being used, allowing users with Contributor privileges or higher to trigger SSRF a...