CVE-2025-58190 affecting package cni-plugins for versions less than 1.3.0-11

CVE-2025-58190 affecting package cni-plugins for versions less than 1.3.0-11. A patched version of the package is available...

CVE-2025-67971

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPManageNinja FluentCart fluent-cart allows Reflected XSS.This issue affects FluentCart: from n/a through 1.3.0...

CVE-2025-67971

CVE-2025-67971 is a Reflected Cross-Site Scripting vulnerability in FluentCart (WPManageNinja FluentCart fluent-cart) affecting versions before 1.3.0. The CVE entry lists a CVSS v3.1 base score of 7.1 (HIGH) with NETWORK attack vector, LOW impact on confidentiality/integrity/availability, and UI ...

WordPress Goldenblatt theme < 1.3.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Bonds in WordPress Theme Goldenblatt versions 1.3.0...

WordPress Indutri Theme < 1.3.0 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Bonds in WordPress Theme Indutri versions 1.3.0...

Drupal One Time Password module < 1.3.0 - Unauthenticated Broken Access Control vulnerability

Unauthenticated Broken Access Control vulnerability discovered by Conrad Lara cmlara in WordPress Module One Time Password versions 1.3.0...

WordPress Steel plugin <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Francesco Carlucci in WordPress Plugin Steel versions = 1.3.0...

AZL-31690 CVE-2023-3978 affecting package cni-plugins for versions less than 1.3.0-6

Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack...