CVE-2025-12165

CVE-2025-12165 pertains to the WordPress plugin Webcake – Landing Page Builder. Connected sources confirm a missing capability check on the webcake_save_config AJAX endpoint across versions up to 1.1, enabling authenticated attackers with Subscriber-level access and above to modify plugin setting...

WordPress plugin Projectopia 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

PT-2025-49201

The EPROLO Dropshipping plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wp ajax eprolo delete tracking and wp ajax eprolo save tracking data AJAX endpoints in all versions up to, and including, 2.3.1. This makes it possible for...

Advantech iView

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to disclose sensitive information, modify, or delete data. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize...

ChurchCRM Time-Based Blind SQL Injection Vulnerability

ChurchCRM is an open source church management system. ChurchCRM suffers from a SQL injection vulnerability that stems from temporal blind SQL injection, which can be exploited by an attacker to cause data disclosure and modification, deterministic server-side latency...

Sprecher Automation SPRECON-E-C和Sprecher Automation SPRECON-E-P 安全漏洞

The Sprecher Automation SPRECON-E-C and Sprecher Automation SPRECON-E-P are both an automation control and remote control device from Sprecher Automation of Austria. A security vulnerability exists in the Sprecher Automation SPRECON-E-C and Sprecher Automation SPRECON-E-P, which stems from the us...

Iskra iHUB和Iskra iHUB Lite 访问控制错误漏洞

Both Iskra iHUB and Iskra iHUB Lite are a smart metering gateway from Iskra, Slovenia. An access control error vulnerability exists in the Iskra iHUB and Iskra iHUB Lite that originates from an unauthenticated web management interface and could lead to unauthorized access and modification...

CVE-2025-66313

ChurchCRM is an open-source church management system. In ChurchCRM 6.2.0 and earlier, there is a time-based blind SQL injection in the handling of the 1FieldSec parameter. Injecting SLEEP causes deterministic server-side delays, proving the value is incorporated into a SQL query without proper...

CVE-2025-66313 ChurchCRM vulnerable to a time-based blind SQL injection via the 1FieldSec parameter

ChurchCRM is an open-source church management system. In ChurchCRM 6.2.0 and earlier, there is a time-based blind SQL injection in the handling of the 1FieldSec parameter. Injecting SLEEP causes deterministic server-side delays, proving the value is incorporated into a SQL query without proper...

PT-2025-48572

Name of the Vulnerable Software and Affected Versions ChurchCRM versions 6.2.0 and earlier Description ChurchCRM is an open-source church management system. A time-based blind SQL injection exists in how the 1FieldSec parameter is handled. Injecting SLEEP results in predictable server-side delays...

ChurchCRM SQL注入漏洞

ChurchCRM is an open source church management system. ChurchCRM suffers from a SQL injection vulnerability that stems from temporal blind SQL injection, which can be exploited by an attacker to cause data disclosure and modification, deterministic server-side latency...

EUVD-2025-199817

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpfcdbfixcallback function in all versions up to, and including, 1.4.0. This makes it possible for authenticated attackers, with Subscriber-level access and above,...

WordPress plugin Folders 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

WordPress Autochat Automatic Conversation plugin unauthorized data modification vulnerability

WordPress Autochat Automatic Conversation plugin is an automated chat plugin designed for WordPress, which is mainly used to automate the communication between website visitors and merchants. WordPress Autochat Automatic Conversation plugin suffers from an unauthorized data modification...

WordPress Plugin Blog2Social: Social Media Auto Post & Scheduler Has Unspecified Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin Blog2Social: Social Media Auto Post &...

WordPress plugin WP Fastest Cache 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin... A security...

WordPress plugin Reuters Direct 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

PT-2025-48266

The Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a misconfigured capability check on the 'wcp change post folder' function in all versions up to, and including, 3.1.5. This...

WordPress Refund Request for WooCommerce plugin unauthorized data modification vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An unauthorized data modification vulnerability exists in the WordPress Refund Request for WooCommerce plugin, which stems from a lack of privilege checking and can be exploited...

EUVD-2025-199584

The Autochat Automatic Conversation plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxnoprivauychtsaveCid' AJAX endpoint in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated attackers to conne...