CVE-2025-67469

CVE-2025-67469 concerns a CSRF vulnerability in the WordPress plugin “PDF Thumbnail Generator” (pdf-thumbnail-generator) affecting versions up to 1.4. The issue is a Cross-Site Request Forgery vulnerability that could enable unauthorized actions by an attacker via a logged-in user context. Public...

CVE-2025-67504 WBCE CMS has Weak Random Number Generator in Password Generation Function

WBCE CMS is a content management system. Versions 1.6.4 and below use function GenerateRandomPassword to create passwords using PHP's rand. rand is not cryptographically secure, which allows password sequences to be predicted or brute-forced. This can lead to user account compromise or privilege...

Fiber Utils 安全特征问题漏洞

Fiber Utils is a general-purpose function library in the Fiber open source. A security feature issue vulnerability exists in Fiber Utils 2.0.0-rc.3 and earlier versions, which stems from the return of a predictable UUID on failure of the random number generator, which could lead to compromised...

WordPress plugin PDF Thumbnail Generator 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin P...

PT-2025-49690

In the Linux kernel, the following vulnerability has been resolved: hwrng: geode - Fix PCI device refcount leak for each pci dev is implemented by pci get device. The comment of pci get device says that it will increase the reference count for the returned pci dev and also decrease the reference...

PT-2025-49779

WBCE CMS is a content management system. Versions 1.6.4 and below use function GenerateRandomPassword to create passwords using PHP's rand. rand is not cryptographically secure, which allows password sequences to be predicted or brute-forced. This can lead to user account compromise or privilege...

PT-2025-49885

Cross-Site Request Forgery CSRF vulnerability in kubiq PDF Thumbnail Generator pdf-thumbnail-generator allows Cross Site Request Forgery.This issue affects PDF Thumbnail Generator: from n/a through = 1.4...

WordPress Flex QR Code Generator plugin <= 1.2.7 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Ryan Kozak in WordPress Plugin Flex QR Code Generator versions = 1.2.7...

CVE-2025-14203

A flaw has been found in code-projects Question Paper Generator up to 1.0. This vulnerability affects unknown code of the file /selectquestionuser.php. This manipulation of the argument subid causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and m...

CVE-2025-14203

CVE-2025-14203 affects Code-Projects Question Paper Generator up to version 1.0, with the vulnerability residing in the file /selectquestionuser.php. The root cause is improper handling/manipulation of the subid parameter, enabling SQL injection. This flaw allows remote exploitation, and an explo...

CVE-2025-14203 code-projects Question Paper Generator selectquestionuser.php sql injection

A flaw has been found in code-projects Question Paper Generator up to 1.0. This vulnerability affects unknown code of the file /selectquestionuser.php. This manipulation of the argument subid causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and m...

CVE-2025-14203 code-projects Question Paper Generator selectquestionuser.php sql injection

A flaw has been found in code-projects Question Paper Generator up to 1.0. This vulnerability affects unknown code of the file /selectquestionuser.php. This manipulation of the argument subid causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and m...

Code-Projects Question Paper Generator SQL注入漏洞

Code-Projects Question Paper Generator is a Code-Projects open source question paper generation software. Code-Projects Question Paper Generator 1.0 and earlier versions have a SQL injection vulnerability that stems from improper handling of the parameter subid in the file /selectquestionuser.php...

PT-2025-49417

A flaw has been found in code-projects Question Paper Generator up to 1.0. This vulnerability affects unknown code of the file /selectquestionuser.php. This manipulation of the argument subid causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and m...

WordPress PDF Thumbnail Generator plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin PDF Thumbnail Generator versions = 1.4...

CVE-2025-12879

The User Generator and Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.2.2. This is due to missing nonce validation in the "Import Using CSV File" function. This makes it possible for unauthenticated attackers to elevate user privileges ...

CVE-2025-12673 Flex QR Code Generator <= 1.2.7 - Unauthenticated Arbitrary File Upload

The Flex QR Code Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the updateqrcode function in all versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site...

WordPress plugin Flex QR Code Generator 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

Huge Trove of Nude Images Leaked by AI Image Generator Startup’s Exposed Database

An AI image generator startup’s database was left accessible to the open internet, revealing more than 1 million images and videos, including photos of real people who had been “nudified.”...

CVE-2025-12879

The User Generator and Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.2.2. This is due to missing nonce validation in the "Import Using CSV File" function. This makes it possible for unauthenticated attackers to elevate user privileges ...