CVE-2025-11888

The CVE-2025-11888 entry concerns the WordPress plugin ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution. Affected versions are

CVE-2025-11888 ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution <= 4.8.4 - Incorrect Authorization to Authenticated (Editor+) License Status Update

The ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the postdeactive function and postactivate function in all versions up to, and including, 4.8.4...

PT-2025-43708

Name of the Vulnerable Software and Affected Versions ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution versions prior to 4.8.5 Description The ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution plugin for WordPress has a flaw that allo...

CVE-2025-59007

Deserialization of Untrusted Data vulnerability in themesflat TF Woo Product Grid Addon For Elementor tf-woo-product-grid allows Object Injection.This issue affects TF Woo Product Grid Addon For Elementor: from n/a through = 1.0.1...

EUVD-2025-35441

Deserialization of Untrusted Data vulnerability in themesflat TF Woo Product Grid Addon For Elementor tf-woo-product-grid allows Object Injection.This issue affects TF Woo Product Grid Addon For Elementor: from n/a through = 1.0.1...

CVE-2025-59007

Deserialization of Untrusted Data vulnerability in themesflat TF Woo Product Grid Addon For Elementor tf-woo-product-grid allows Object Injection.This issue affects TF Woo Product Grid Addon For Elementor: from n/a through = 1.0.1...

CVE-2025-58961

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kamleshyadav CF7 Auto Responder Addon CF7-autoresponder-addon allows DOM-Based XSS.This issue affects CF7 Auto Responder Addon: from n/a through = 2.4...

CVE-2025-59007

CVE-2025-59007 describes a Deserialization of Untrusted Data vulnerability in the WordPress plugin TF Woo Product Grid Addon For Elementor (tf-woo-product-grid) up to version 1.0.1. The issue enables Object Injection due to unsafe deserialization of data, with the public records indicating a high...

CVE-2025-59007 WordPress TF Woo Product Grid Addon For Elementor Plugin <= 1.0.1 - Deserialization of untrusted data Vulnerability

Deserialization of Untrusted Data vulnerability in themesflat TF Woo Product Grid Addon For Elementor tf-woo-product-grid allows Object Injection.This issue affects TF Woo Product Grid Addon For Elementor: from n/a through = 1.0.1...

CVE-2025-58961

CVE-2025-58961 is a DOM-based XSS vulnerability in the WordPress CF7 Auto Responder Addon (CF7-autoresponder-addon), affecting versions up to and including 2.4. The issue arises from improper input handling during web page generation, enabling cross-site scripting. Public writeups from CNVD, RH, ...

CVE-2025-11086

Summary of CVE-2025-11086 (Academy LMS Pro for WordPress) : The plugin up to version 3.3.7 is vulnerable to unauthenticated privilege escalation during user registration via the Social Login addon. The root cause is improper validation of the user’s role before registering the new user, allowing ...

CVE-2025-11086 Academy LMS Pro <= 3.3.7 - Unauthenticated Privilege Escalation via Social Login Addon

The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.3.7. This is due to the plugin not properly validating a user's role prior to registering a user via the Social Login addon. Th...

CVE-2025-11086 Academy LMS Pro <= 3.3.7 - Unauthenticated Privilege Escalation via Social Login Addon

The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.3.7. This is due to the plugin not properly validating a user's role prior to registering a user via the Social Login addon. Th...

Security Bulletin: IBM Cloud Red Hat Openshift AI Addon is affected by a security vulnerability (CVE-2025-10725)

Summary IBM Cloud Red Hat Openshift AI Addon is affected by a security vulnerability in the Red Hat Openshift AI operator. A low-privileged attacker with access to an authenticated account, for example as a data scientist using a standard Jupyter notebook, can escalate their privileges to a full...

PT-2025-43277

Name of the Vulnerable Software and Affected Versions kamleshyadav CF7 Auto Responder Addon versions through 2.4 Description The kamleshyadav CF7 Auto Responder Addon contains a flaw related to improper input handling during web page generation, leading to a DOM-Based Cross-site Scripting XSS...

CVE-2025-11391 PPOM – Product Addons & Custom Fields for WooCommerce <= 33.0.15 - Unauthenticated Arbitrary File Upload

The PPOM – Product Addons & Custom Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the image cropper functionality in all versions up to, and including, 33.0.15. This makes it possible for unauthenticated attackers to uplo...

CVE-2025-55087

In NextX Duo's snmp addon versions before 6.4.4, a part of the Eclipse Foundation ThreadX, an attacker could cause an out-of-bound read by a crafted SNMPv3 security parameters...

CVE-2025-55087

Summary of CVE-2025-55087 (CVE-2025-55087) : The vulnerability affects NextX Duo’s SNMP addon (part of Eclipse ThreadX) in versions prior to 6.4.4. An attacker could trigger an out-of-bounds read by sending crafted SNMPv3 security parameters. Public data from NVD and other sources describe the sa...

CVE-2025-55087

In NextX Duo's snmp addon versions before 6.4.4, a part of the Eclipse Foundation ThreadX, an attacker could cause an out-of-bound read by a crafted SNMPv3 security parameters...

CVE-2025-55087

In NextX Duo's snmp addon versions before 6.4.4, a part of the Eclipse Foundation ThreadX, an attacker could cause an out-of-bound read by a crafted SNMPv3 security parameters...