CVE-2025-58121 Insufficient permission validation on multiple REST API endpoints

Insufficient permission validation on multiple REST API endpoints in Checkmk 2.2.0, 2.3.0, and 2.4.0 before version 2.4.0p16 allows low-privileged users to perform unauthorized actions or obtain sensitive information...

CVE-2025-58122 Insufficient permission validation when configuring notification parameters

Insufficient permission validation in Checkmk 2.4.0 before version 2.4.0p16 allows low-privileged users to modify notification parameters via the REST API, which could lead to unauthorized actions or information disclosure...

CVE-2025-11734

CVE-2025-11734 concerns the Broken Link Checker by AIOSEO for WordPress. The vulnerability stems from insufficient authorization checks on a REST endpoint used to manage posts. Specifically, the plugin exposes DELETE /wp-json/aioseoBrokenLinkChecker/v1/post and grants the aioseo_blc_broken_links_...

PT-2025-47275

Name of the Vulnerable Software and Affected Versions Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links plugin for WordPress versions through 1.2.5 Description The plugin is susceptible to unauthorized post modification because of insufficient authorization checks. Th...

CVE-2025-12847 All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic <= 4.8.9 - Missing Authorization to Authenticated (Contributor+) Arbitrary Media Deletion

The All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic plugin for WordPress is vulnerable to unauthorized arbitrary media attachment deletion due to a missing authorization check in all versions up to, and including, 4.8.9. This is due to the REST API endpoint...

PT-2025-47041

Name of the Vulnerable Software and Affected Versions All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic versions prior to 4.8.10 Description The All in One SEO plugin for WordPress has a flaw that allows unauthorized deletion of media attachments. The issue stems from ...

Vulnerabilities fixed in Cisco Catalyst Center

Cisco has fixed vulnerabilities in Cisco Catalyst Center. This vulnerability with reference CVE-2025-20341, arises from insufficient validation of user input. A malicious party could exploit this, by sending a specially crafted HTTP request, enabling unauthorized system changes, such as creating...

EUVD-2025-175336

A vulnerability in the REST API of Cisco Catalyst Center could allow an authenticated, remote attacker to execute arbitrary commands in a restricted container as the root user. This vulnerability is due to insufficient validation of user-supplied input in REST API request parameters. An attacker...

CVE-2025-20349 Cisco DNA Center API Command Injection Vulnerability

A vulnerability in the REST API of Cisco Catalyst Center could allow an authenticated, remote attacker to execute arbitrary commands in a restricted container as the root user. This vulnerability is due to insufficient validation of user-supplied input in REST API request parameters. An attacker...

CVE-2025-20349 Cisco DNA Center API Command Injection Vulnerability

A vulnerability in the REST API of Cisco Catalyst Center could allow an authenticated, remote attacker to execute arbitrary commands in a restricted container as the root user. This vulnerability is due to insufficient validation of user-supplied input in REST API request parameters. An attacker...

CVE-2025-11923

CVE-2025-11923 (LifterLMS) — Summary for the WordPress plugin vulnerability Affected product: LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes (WordPress plugin). Root cause: Privilege escalation due to insufficient identity validation before allowing role modification via the REST API...

EUVD-2025-150405

The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to privilege escalation. This is due to the plugin not properly validating a user's identity prior to allowing them to modify their own role via the REST API. The permission check in the...

CVE-2025-12633 Booking Calendar | Appointment Booking | Bookit <= 2.5.0 - Missing Authorization to Unauthenticated Stripe Connection

The Booking Calendar | Appointment Booking | Bookit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/wp-json/bookit/v1/commerce/stripe/return' REST API Endpoint in all versions up to, and including, 2.5.0. This makes it possible fo...

CVE-2025-11451

The Auto Amazon Links – Amazon Associates Affiliate Plugin plugin for WordPress is vulnerable to arbitrary files reads in all versions up to, and including, 5.4.3 via the '/wp-json/wp/v2/aalajaxunitloading' RST API endpoint. This makes it possible for unauthenticated attackers to read the content...

EUVD-2025-60977

The Shelf Planner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several REST API endpoints in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to modify several of the plugin's settings li...

CVE-2025-11894 Shelf Planner <= 2.7.0 - Missing Authorization to Unauthenticated Settings Update

The Shelf Planner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several REST API endpoints in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to modify several of the plugin's settings li...

CVE-2025-12468

The FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.4.1 via the '/wc-coupons/' REST API endpoint. This is due to the endpoint being marked as a...

WordPress Folderly plugin unauthorized data modification vulnerability

WordPress Folderly plugin is WordPress plugin for virtual folder management that supports categorization and organization of documents, media files and posts. The WordPress Folderly plugin suffers from an unauthorized data modification vulnerability that stems from insufficient capability checkin...

WordPress plugin AI Engine 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. An information...

PT-2025-45015

Name of the Vulnerable Software and Affected Versions Radiometrics VizAir affected versions not specified Description Radiometrics VizAir is susceptible to exposure of its REST API key through a publicly accessible configuration file. Successful exploitation allows attackers to remotely alter...