China's Massistant Tool Secretly Extracts SMS, GPS Data, and Images From Confiscated Phones

Cybersecurity researchers have shed light on a mobile forensics tool called Massistant that's used by law enforcement authorities in China to gather information from seized mobile devices. The hacking tool, believed to be a successor of MFSocket, is developed by a Chinese company named SDIC...

CVE-2025-6717

CVE-2025-6717 affects the B1.lt for WooCommerce plugin (WordPress). The vulnerability is an authenticated SQL Injection via the id parameter in versions up to and including 2.2.56, caused by insufficient escaping of user input and lack of proper SQL query preparation. Exploitation requires Subscr...

CVE-2025-7638

CVE-2025-7638 affects the WordPress plugin Forminator Forms – Contact Form, Payment Form & Custom Form Builder (versions up to and including 1.45.0). The root cause is insufficient escaping and lack of proper SQL query preparation for the user-supplied parameter in the internal query, enabling a ...

VulnCheck KEV: CVE-2025-5287

The Likes and Dislikes Plugin plugin for WordPress is vulnerable to SQL Injection via the 'post' parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

CVE-2025-6745

The WoodMart plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 8.2.5 via the woodmartgetpostsbyquery function due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from...

CVE-2025-6745

The WoodMart plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 8.2.5 via the woodmartgetpostsbyquery function due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from...

CVE-2025-4593

The CVE describes a vulnerability in the WordPress plugin WP Register Profile With Shortcode (versions ≤ 3.6.2) that allows authenticated attackers with Contributor-level access or higher to expose sensitive user meta data via the rp_user_data shortcode. Impact noted includes exposure of hashed p...

CVE-2025-4593 WP Register Profile With Shortcode <= 3.6.2 - Authenticated (Contributor+) Sensitive Information Exposure

The WP Register Profile With Shortcode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.2 via the 'rpuserdata' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive...

CVE-2024-49783

IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in storage of encrypted data. If an authenticated remote attacker with access to the database or a local attacker with access to server files could extract the encrypted data, they could exploit this vulnerability t...

CVE-2025-6970

Summary: CVE-2025-6970 affects the WordPress plugin “Events Manager” (&lt;= 7.0.3). The vulnerability is a time-based SQL Injection via the orderby parameter caused by insufficient escaping and inadequate query preparation. This allows unauthenticated attackers to append arbitrary SQL to existing...

CVE-2024-49784

IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in storage of encrypted data with AES encryption and CBC mode. If an authenticated remote attacker with access to the database or a local attacker with access to server files could extract the encrypted data values...

CVE-2024-49784

IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in storage of encrypted data with AES encryption and CBC mode. If an authenticated remote attacker with access to the database or a local attacker with access to server files could extract the encrypted data values...

CVE-2024-49783 IBM OpenPages with Watson information disclosure

IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in storage of encrypted data. If an authenticated remote attacker with access to the database or a local attacker with access to server files could extract the encrypted data, they could exploit this vulnerability t...

CVE-2024-49784

IBM OpenPages with Watson (versions 8.3 and 9.0) contains a cryptographic weakness in the storage of encrypted data using AES-CBC, which could allow an attacker with database or server-file access to extract encrypted values and potentially apply further cryptographic methods to recover plaintext...

CVE-2025-6782

The GoZen Forms plugin for WordPress is vulnerable to SQL Injection via the 'forms-id' parameter of the dirGZActiveForm function in all versions up to, and including, 1.1.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Th...

CVE-2025-6437

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to SQL Injection via the ‘oid’ parameter in all versions up to, and including, 4.89 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ...

CVE-2025-6783

The GoZen Forms plugin for WordPress is vulnerable to SQL Injection via the 'forms-id' parameter of the emdedSc function in all versions up to, and including, 1.1.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...

CVE-2025-6782 GoZen Forms <= 1.1.5 - Unauthenticated SQL Injection via dirGZActiveForm()

The GoZen Forms plugin for WordPress is vulnerable to SQL Injection via the 'forms-id' parameter of the dirGZActiveForm function in all versions up to, and including, 1.1.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Th...

CVE-2025-6783 GoZen Forms <= 1.1.5 - Unauthenticated SQL Injection via emdedSc()

The GoZen Forms plugin for WordPress is vulnerable to SQL Injection via the 'forms-id' parameter of the emdedSc function in all versions up to, and including, 1.1.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...

CVE-2025-6739

CVE-2025-6739: WPQuiz for WordPress is vulnerable to SQL Injection via the id attribute of the wpquiz shortcode in all versions up to 0.4.2. The root cause is insufficient escaping of the user-supplied parameter and lack of proper preparation in the SQL query. This allows authenticated attackers ...