PT-2025-47681

The Cryptocurrency Token, Launchpad Presale, ICO & IDO, Airdrop by TokenICO plugin for WordPress is vulnerable to unauthenticated and unauthorized modification of data due to missing authentication and capability checks on the 'createSaleRecord' function in all versions up to, and including, 2.4....

WordPress plugin ELEX WordPress HelpDesk & Customer Ticketing System 安全漏洞

WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin is a helpdesk and customer work order system plugin for WordPress websites designed to help businesses or individuals efficiently manage customer support requests. WordPress ELEX WordPress HelpDesk & Customer Ticketing System...

PT-2025-47728

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'eh crm remove agent' function in all versions up to, and including, 3.3.1. This makes it possible for authenticated attackers,...

CVE-2025-65103

OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.9.5, an authenticated SQL Injection vulnerability in the API allows any user, regardless of permission level, to execute arbitrary SQL queries. By manipulating the display parameter in ...

WordPress Cryptocurrency Payment Gateway for WooCommerce plugin unauthorized data modification vulnerability

WordPress Cryptocurrency Payment Gateway for WooCommerce plugin is a virtual currency payment collection plugin designed for WooCommerce e-commerce platform. WordPress Cryptocurrency Payment Gateway for WooCommerce plugin suffers from an unauthorized data modification vulnerability that stems fro...

PT-2025-47432

The WSChat – WordPress Live Chat plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'reset settings' AJAX endpoint in all versions up to, and including, 3.1.6. This makes it possible for authenticated attackers, with Subscriber-level...

PT-2025-47519

Name of the Vulnerable Software and Affected Versions OpenSTAManager versions prior to 2.9.5 Description OpenSTAManager is a management software for technical assistance and invoicing. A SQL Injection flaw exists in the API that allows authenticated users to execute arbitrary SQL queries,...

Improper Check for Unusual or Exceptional Conditions

Overview drupal/core is an an open source content management platform powering millions of websites and applications. Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions via the sanitize function in the RequestSanitizer.php file, allowing cache...

EUVD-2025-197958

The Restrictions for BuddyPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handleoptinoptout function in all versions up to, and including, 1.5.2. This makes it possible for unauthenticated attackers to opt in and out of tracki...

CVE-2025-12392

The Cryptocurrency Payment Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'handleoptinoptout' function in all versions up to, and including, 2.0.25. This makes it possible for unauthenticated attackers to op...

CVE-2025-12391

The Restrictions for BuddyPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handleoptinoptout function in all versions up to, and including, 1.5.2. This makes it possible for unauthenticated attackers to opt in and out of tracki...

CVE-2025-12392

CVE-2025-12392 affects the WordPress plugin “Cryptocurrency Payment Gateway for WooCommerce.” The root cause is a missing capability check in the handle_optin_optout() function, allowing unauthenticated attackers to modify tracking opt-in/out settings in all versions up to 2.0.22. The practical i...

EUVD-2025-197941

The ACF Flexible Layouts Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'acfflmupdatetemplatewithpastedlayout' function in all versions up to, and including, 1.1.6. This makes it possible for unauthenticated attackers to...

WordPress plugin ACF Flexible Layouts Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

WordPress plugin Multiple Roles per User 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host personal blog sites on PHP and MySQL based...

WordPress quicq plugin missing capability check vulnerability

WordPress quicq plugin is an image optimization tool designed for WordPress that automatically compresses and resizes images to improve website performance. A missing capability check vulnerability exists in WordPress quicq plugin, which can be exploited by attackers to cause unauthorized data...

WordPress Survey Maker plugin missing capability check vulnerability

WordPress Survey Maker plugin is a tool for creating questionnaires with support for multiple question types and data analysis features for businesses or individuals to collect user feedback. WordPress Survey Maker plugin suffers from a missing capability check vulnerability, which stems from a...

CVE-2025-41069

Insecure Direct Object Reference IDOR vulnerability in DeporSite of T-INNOVA. This vulnerability allows an attacker to access or modify unauthorized resources by manipulating requests using the 'idUsuario' parameter in...

Django 安全漏洞

Django is an open-source web framework based on the Python language, developed by the Django Foundation. This framework includes an object-oriented mapper, view system, template system, etc. Django has security vulnerabilities, which stem from SQL injection via the connector, potentially allowing...

CVE-2025-12377

CVE-2025-12377 affects the Gallery Plugin for WordPress – Envira Photo Gallery (