CVE-2025-11587

The Call Now Button – The 1 Click to Call Button for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the activate function in all versions up to, and including, 1.5.3. This makes it possible for authenticated attackers, with...

WordPress plugin Call Now Button 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability...

CVE-2025-59461

A remote unauthenticated attacker may use the unauthenticated C++ API to access or modify sensitive data and disrupt services...

EUVD-2025-36149

A remote unauthenticated attacker may use the unauthenticated C++ API to access or modify sensitive data and disrupt services...

CVE-2025-59461

CVE-2025-59461 is an externally exploitable issue described as a remote, unauthenticated access via an unauthenticated C++ API that can disclose/modify sensitive data and disrupt services. Connected docs associate the vulnerability with the SICK TLOC100-100 product and reflect ER/Red Hat/NVD entr...

Medium: java-11-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 a...

CVE-2025-60982

IDOR vulnerability in Educare ERP 1.0 2025-04-22 allows unauthorized access to sensitive data via manipulated object references. Affected endpoints do not enforce proper authorization checks, allowing authenticated users to access or modify data belonging to other users by changing object...

Medium: java-17-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 a...

CVE-2025-11888

The ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the postdeactive function and postactivate function in all versions up to, and including, 4.8.4...

CVE-2025-11564

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check while verifying webhook signatures on the "verifyAndCreateOrderData" function in all versions up to, and including, 3.8.3. This makes it...

WordPress plugin Password Policy Manager | Password Manager Security Vulnerabilities

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host a personal blog site on a PHP and MySQL based...

WordPress plugin Product Filter by WBW security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

CVE-2025-11257

The LLM Hubspot Blog Import plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'processsaveblogs' AJAX endpoint in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with Subscriber-level acce...

CVE-2025-11172

The Check Plagiarism plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the chkplagminepluginwpse10500adminaction function in all versions up to, and including, 2.0. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2025-11255

Summary (CVE-2025-11255) The Password Policy Manager | Password Manager WordPress plugin is vulnerable to unauthorized data modification due to a missing capability check on the moppm_ajax AJAX endpoint in all versions up to and including 2.0.5 . An attacker with Subscriber+ privileges can cause ...

CVE-2025-11255 Password Policy Manager | Password Manager <= 2.0.5 - Missing Authorization to Authenticated (Subscriber+) Configuration Log Out

The Password Policy Manager | Password Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'moppmajax' AJAX endpoint in all versions up to, and including, 2.0.5. This makes it possible for authenticated attackers, with...

WordPress plugin ZoloBlocks 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

PT-2025-43719

Name of the Vulnerable Software and Affected Versions Password Policy Manager | Password Manager plugin for WordPress versions through 2.0.5 Description The Password Policy Manager | Password Manager plugin for WordPress is susceptible to unauthorized data modification. This is due to a missing...

WordPress plugin LLM Hubspot Blog Import 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

WordPress plugin NGINX Cache Optimizer 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...