CVE-2025-67469

CVE-2025-67469 concerns a CSRF vulnerability in the WordPress plugin “PDF Thumbnail Generator” (pdf-thumbnail-generator) affecting versions up to 1.4. The issue is a Cross-Site Request Forgery vulnerability that could enable unauthorized actions by an attacker via a logged-in user context. Public...

CVE-2025-67469 WordPress PDF Thumbnail Generator plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in kubiq PDF Thumbnail Generator pdf-thumbnail-generator allows Cross Site Request Forgery.This issue affects PDF Thumbnail Generator: from n/a through = 1.4...

CVE-2025-7820

The SKT PayPal for WooCommerce plugin for WordPress is vulnerable to Payment Bypass in all versions up to, and including, 1.4. This is due to the plugin only enforcing client side controls instead of server-side controls when processing payments. This makes it possible for unauthenticated attacke...

CVE-2025-7820

CVE-2025-7820 : The SKT PayPal for WooCommerce WordPress plugin is vulnerable to unauthenticated payment bypass in all versions up to and including 1.4 due to relying on client-side (not server-side) payment controls. Wordfence reports a base score of 7.5 (HIGH) with network attack vector, low at...

CVE-2025-60242

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Anatoly Download Counter download-counter allows Path Traversal.This issue affects Download Counter: from n/a through = 1.4...

EUVD-2025-38105

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Anatoly Download Counter download-counter allows Path Traversal.This issue affects Download Counter: from n/a through = 1.4...

CVE-2025-60242

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Anatoly Download Counter download-counter allows Path Traversal.This issue affects Download Counter: from n/a through = 1.4...

CVE-2025-60242 WordPress Download Counter plugin <= 1.4 - Arbitrary File Download vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Anatoly Download Counter download-counter allows Path Traversal.This issue affects Download Counter: from n/a through = 1.4...

PT-2025-45283

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Anatoly Download Counter download-counter allows Path Traversal.This issue affects Download Counter: from n/a through = 1.4...

CVE-2025-64138

A cross-site request forgery CSRF vulnerability in Jenkins Start Windocks Containers Plugin 1.4 and earlier allows attackers to connect to an attacker-specified URL...

CVE-2025-64138

A cross-site request forgery CSRF vulnerability in Jenkins Start Windocks Containers Plugin 1.4 and earlier allows attackers to connect to an attacker-specified URL...

Jenkins Start Windocks Containers Plugin 安全漏洞

Jenkins Start Windocks Containers Plugin is an open source plugin for Jenkins to link WinDocks hosts. A security vulnerability exists in Jenkins Start Windocks Containers Plugin 1.4 and earlier versions that stems from vulnerability to cross-site request forgery attacks...

Jenkins Start Windocks Containers Plugin 安全漏洞

Jenkins Start Windocks Containers Plugin is an open source plugin for Jenkins to link WinDocks hosts. A security vulnerability exists in Jenkins Start Windocks Containers Plugin 1.4 and earlier versions, which stems from a lack of privilege checking and could lead an attacker to connect to an...

CVE-2025-62934

Cross-Site Request Forgery CSRF vulnerability in Mejar WP Business Hours wp-business-hours allows Stored XSS.This issue affects WP Business Hours: from n/a through = 1.4...

CVE-2025-62944

Missing Authorization vulnerability in Mark O'Donnell MSTW CSV EXPORTER mstw-csv-exporter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MSTW CSV EXPORTER: from n/a through = 1.4...

CVE-2025-62934

Cross-Site Request Forgery CSRF vulnerability in Mejar WP Business Hours wp-business-hours allows Stored XSS.This issue affects WP Business Hours: from n/a through = 1.4...

WordPress plugin WP Business Hours 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

EUVD-2025-35824

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Edge-Themes Edge CPT allows PHP Local File Inclusion.This issue affects Edge CPT: from n/a through 1.4...

CVE-2025-62868 WordPress Edge CPT plugin <= 1.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Edge-Themes Edge CPT allows PHP Local File Inclusion.This issue affects Edge CPT: from n/a through 1.4...

CVE-2025-62868 WordPress Edge CPT plugin <= 1.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Edge-Themes Edge CPT allows PHP Local File Inclusion.This issue affects Edge CPT: from n/a through 1.4...