2443 matches found
WordPress Locker Content plugin Information Disclosure Vulnerability
The WordPress Locker Content plugin is a tool for locking content in WordPress websites, usually by restricting access through email subscriptions, user permissions, etc. An information disclosure vulnerability exists in WordPress Locker Content plugin, which originates from the lockercosubmitpos...
CVE-2025-12525
The Locker Content plugin for WordPress is vulnerable to Sensitive Information Exposure in version 1.0.0 via the 'lockercosubmitpost' AJAX endpoint. This makes it possible for unauthenticated attackers to extract content from posts that has been protected by the plugin...
WordPress plugin TAX SERVICE Electronic HDM 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A lack of authorization vulnerability exists in WordPress TAX SERVICE Electronic HDM, which stems from a lack of authorization and CSRF checks in AJAX operations. An attacker...
USN-7887-2: Linux kernel (Raspberry Pi) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - ACPI drivers; - Ublk userspace block driver; -...
webVuln-scanner
WebVuln Scanner An advanced web vulnerability scanner with cu...
CVE-2025-13380
The AI Engine for WordPress: ChatGPT, GPT Content Generator plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1. This is due to insufficient validation of user-supplied file paths in the 'lqdaiupdatepost' AJAX endpoint and the use of filegetconten...
CVE-2025-12525
The Locker Content plugin for WordPress is vulnerable to Sensitive Information Exposure in version 1.0.0 via the 'lockercosubmitpost' AJAX endpoint. This makes it possible for unauthenticated attackers to extract content from posts that has been protected by the plugin...
EUVD-2025-199570
The AI Engine for WordPress: ChatGPT, GPT Content Generator plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1. This is due to insufficient validation of user-supplied file paths in the 'lqdaiupdatepost' AJAX endpoint and the use of filegetconten...
CVE-2025-12525 Locker Content <= 1.0.0 - Unauthenticated Information Exposure
The Locker Content plugin for WordPress is vulnerable to Sensitive Information Exposure in version 1.0.0 via the 'lockercosubmitpost' AJAX endpoint. This makes it possible for unauthenticated attackers to extract content from posts that has been protected by the plugin...
CVE-2025-12043 Autochat Automatic Conversation <= 1.1.9 - Missing Authorization to Unauthenticated Settings Update
The Autochat Automatic Conversation plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxnoprivauychtsaveCid' AJAX endpoint in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated attackers to conne...
PT-2025-52893
Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified Description A flaw exists in the Linux kernel related to the allocation of a workqueue for asynchronous reads within the iomap subsystem. Specifically, after a certain commit, error completions for...
EUVD-2025-198707
Use after free in endpoint destructors in Redboltz asyncmqtt 10.2.5 allows local users to cause a denial of service via triggering SSL initialization failure that results in incorrect destruction order between iocontext and endpoint objects...
CVE-2025-65503
CVE-2025-65503 concerns a use-after-free in endpoint destructors of Redboltz async_mqtt 10.2.5, leading to denial of service when SSL initialization fails due to incorrect destruction order between io_context and endpoint objects. Affected component is the endpoint destructor in the Redboltz asyn...
CVE-2025-11127
The connected sources detail an unauthenticated privilege-escalation in WordPress plugins: Mstoreapp Mobile App (<= 2.08) and Mstoreapp Mobile Multivendor (
CVE-2025-11127 Mstoreapp Mobile (App <= 2.08, Multivendor <= 9.0.1) - Unauthenticated Privilege Escalation
The Mstoreapp Mobile App WordPress plugin through 2.08 and Mstoreapp Mobile Multivendor through 9.0.1 do not properly verify users identify when using an AJAX action, allowing unauthenticated users to retrieve a valid session for arbitrary users by knowing their email address...
CVE-2025-12426
The Quiz Maker plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.7.0.80. This is due to the plugin exposing quiz answers through the aysquizcheckanswer AJAX action without proper authorization checks. The endpoint only validates a nonce,...
EUVD-2025-198123
The WavePlayer WordPress plugin before 3.8.0 does not have authorization in an AJAX action as well as does not validate the file to be copied locally, allowing unauthenticated users to upload arbitrary file on the server and lead to RCE...
EUVD-2025-198114
The WSChat – WordPress Live Chat plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'resetsettings' AJAX endpoint in all versions up to, and including, 3.1.6. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2025-12057 WavePlayer < 3.8.0 - Unauthenticated Arbitrary File Upload
The WavePlayer WordPress plugin before 3.8.0 does not have authorization in an AJAX action as well as does not validate the file to be copied locally, allowing unauthenticated users to upload arbitrary file on the server and lead to RCE...
CVE-2025-12057
CVE-2025-12057 affects the WavePlayer WordPress plugin prior to version 3.8.0. The vulnerability arises from missing authorization in an AJAX action and lack of validation when copying files locally, allowing unauthenticated users to upload arbitrary files to the server and potentially achieve re...