CVE-2025-6437 Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Unauthenticated SQL Injection via oid

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to SQL Injection via the ‘oid’ parameter in all versions up to, and including, 4.89 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ...

PT-2025-27587 · WordPress · The Ads Pro Plugin

Name of the Vulnerable Software and Affected Versions: The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin versions up to, and including, 4.89 Description: The issue allows for SQL Injection via the id variable of the getSpace function due to insufficient escaping on the...

PT-2025-27601 · WordPress · The Contact Form By Bit Form

Name of the Vulnerable Software and Affected Versions: The Contact Form by Bit Form plugin for WordPress versions up to and including 2.17.4 Description: The issue allows unauthenticated attackers to extract sensitive data, including files uploaded via a form, due to insufficient directory listin...

UBUNTU-CVE-2025-6297

It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and...

ALSA-2025:10128 Important: python3 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

Patient Record Management System urinalysis_record.php File SQL Injection Vulnerability

Patient Record Management System is a medical record management system. Patient Record Management System suffers from a SQL injection vulnerability that originates from improper handling of the parameter itrno in the /urinalysisrecord.php file. The vulnerability can be exploited by an attacker to...

Differentiation-Based Extraction of Proprietary Data from Fine-Tuned LLMs

The increasing demand for domain-specific and human-aligned Large Language Models LLMs has led to the widespread adoption of Supervised Fine-Tuning SFT techniques. SFT datasets often comprise valuable instruction-response pairs, making them highly valuable targets for potential extraction. This...

CVE-2025-5487

The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the fieldconditions parameter in all versions up to, and including, 5.2.3 due to insufficient escaping on the user supplied...

PT-2025-25285 · WordPress · Wordpress Single Sign-On (Sso) Plugin

Name of the Vulnerable Software and Affected Versions: WordPress Single Sign-On SSO plugin for WordPress versions prior to 5.3 Description: The issue is related to a misconfigured capability check on a function, allowing unauthorized access. This enables unauthenticated attackers to extract...

[SECURITY] Fedora 42 Update: LabPlot-2.12.0-3.fc42

LabPlot is a FREE, open source and cross-platform Data Visualization and Analysis software accessible to everyone. - High-quality Data Visualization and Plotting with just a few clicks - Reliable and easy Data Analysis and Statistics, no coding required! - Intuitive and fast Computing with...

CVE-2025-5563

CVE-2025-5563 : The WP-Addpub WordPress plugin is vulnerable to SQL Injection in all versions up to and including 1.2.8 via the wp-addpub shortcode. The root cause is insufficient escaping of the user-supplied parameter and inadequate preparation of the existing SQL query. Exploitation requires a...

PT-2025-24031 · WordPress · Wp Online Users Stats

Name of the Vulnerable Software and Affected Versions: WP Online Users Stats plugin for WordPress versions up to and including 1.0.0 Description: The issue allows authenticated attackers with Editor-level access or higher to inject additional SQL queries into existing ones, potentially extracting...

PT-2025-24041 · WordPress · Wp-Addpub

Name of the Vulnerable Software and Affected Versions: WP-Addpub plugin for WordPress versions 1.2.8 and earlier Description: The issue allows authenticated attackers with Contributor-level access or higher to inject SQL queries via the 'wp-addpub' shortcode. This is due to insufficient escaping ...

Breaking the Gold Standard: Extracting Forgotten Data under Exact Unlearning in Large Language Models

Large language models are typically trained on datasets collected from the web, which may inadvertently contain harmful or sensitive personal information. To address growing privacy concerns, unlearning methods have been proposed to remove the influence of specific data from trained models. Of...

CVE-2024-9540

The Sina Extension for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.7 via the render function in widgets/advanced/sina-modal-box.php. This makes it possible for authenticated attackers, with Contributor-level access and...

CVE-2024-9156

The TI WooCommerce Wishlist WordPress plugin through 2.8.2 is vulnerable to SQL Injection due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries...

CVE-2024-8771

The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'previewemailtemplatedesign' function in all versions up to, and including,...

CVE-2024-8195

The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'debugdata', 'debugquery', and 'debugredirect' functions in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to extra...

CVE-2024-7417

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.986 via the datafetch. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract data from password protected...

CVE-2024-23674

The Online-Ausweis-Funktion eID scheme in the German National Identity card through 2024-02-15 allows authentication bypass by spoofing. A man-in-the-middle attacker can assume a victim's identify for access to government, medical, and financial resources, and can also extract personal data from...