WordPress TinySalt Theme < 3.10.0 is vulnerable to Local File Inclusion

Software TinySalt Type Theme Vulnerable versions 3.10.0 Fixed in 3.10.0 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-49454 Patch priority High CVSS severity High 8.1 Developer LoftOcean PSID f11131feed0e Credits Bonds Required privilege Unauthenticated Published 9...

PT-2025-24401 · Red Hat · Red Hat Connectivity Link

Name of the Vulnerable Software and Affected Versions: Red Hat Connectivity Link affected versions not specified Description: The issue concerns the AuthPolicy metadata in Red Hat Connectivity Link, which contains an object storing secrets. However, it assumes these secrets are already in the...

WordPress Inset Theme <= 1.18.0 is vulnerable to Local File Inclusion

Software Inset Type Theme Vulnerable versions = 1.18.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 2b36ab61c62f Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

VulnCheck KEV: CVE-2012-3153

Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Servlet. NOTE: the previous information is from the October 2012 CPU...

CVE-2025-5699 Developer Formatter <= 2015.0.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Custom CSS

The Developer Formatter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom CSS in all versions up to, and including, 2015.0.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

CVE-2025-5699 Developer Formatter <= 2015.0.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Custom CSS

The Developer Formatter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom CSS in all versions up to, and including, 2015.0.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

PT-2025-24045 · WordPress · Developer Formatter

Name of the Vulnerable Software and Affected Versions: Developer Formatter plugin for WordPress versions up to, and including, 2015.0.2.1 Description: The issue is related to Stored Cross-Site Scripting via the Custom CSS, caused by insufficient input sanitization and output escaping. This allows...

PT-2025-33053 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.7 through 17.11.5 GitLab CE/EE versions 18.0 through 18.0.3 GitLab CE/EE versions 18.1 through 18.1.1 Description: The issue allows authenticated users with developer access to obtain ID tokens for protected branches...

WordPress plugin Developer Formatter 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Knowledge Base plugin <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by muhammad yudha in WordPress Plugin Knowledge Base versions = 2.3.0...

WordPress TicketBAI Facturas para WooCommerce plugin <= 3.45 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by ch4r0n in WordPress Plugin TicketBAI Facturas para WooCommerce versions = 3.45...

WordPress YouTube Simple Gallery plugin <= 2.2.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nguyen Thi Huyen Trang - Skalucy in WordPress Plugin YouTube Simple Gallery versions = 2.2.0...

WordPress All Currencies for WooCommerce plugin <= 2.4.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin All Currencies for WooCommerce versions = 2.4.3...

WordPress WP Time Slots Booking Form plugin <= 1.2.30 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Jang Jeong Ahn Jhanks in WordPress Plugin WP Time Slots Booking Form versions = 1.2.30...

WordPress Store Locator WordPress plugin <= 1.5.2 - Arbitrary File Upload Vulnerability

Arbitrary File Upload Vulnerability discovered by Nguyen Kim Sang in WordPress Plugin Store Locator WordPress versions = 1.5.2...

WordPress Hydra Booking plugin <= 1.1.10 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Nguyen Ngoc Quang Bach maysbachs in WordPress Plugin Hydra Booking versions = 1.1.10...

WordPress Persian Woocommerce SMS plugin <= 7.0.10 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by astra.r3verii in WordPress Plugin Persian Woocommerce SMS versions = 7.0.10...

WordPress WP Social Widget plugin <= 2.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin WP Social Widget versions = 2.3...

WordPress Greenshift plugin <= 11.5.5 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Peter Thaleikis in WordPress Plugin Greenshift versions = 11.5.5...

WordPress Event post plugin <= 5.10.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Peter Thaleikis in WordPress Plugin Event post versions = 5.10.1...