WordPress WP Table Builder plugin <= 2.0.6 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by domiee13 in WordPress Plugin WP Table Builder versions = 2.0.6...

WordPress Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant plugin <= 4.1.1 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Skalucy in WordPress Plugin Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant versions = 4.1.1...

WordPress Team Showcase plugin < 25.05.13 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Tran Nguyen Bao KhanhVCI - VNPT in WordPress Plugin Team Showcase versions 25.05.13...

WordPress Testimonials Showcase plugin <= 1.9.16 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Tran Nguyen Bao KhanhVCI - VNPT in WordPress Plugin Testimonials Showcase versions = 1.9.16...

WordPress Shortcodes Ultimate plugin <= 7.3.5 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Shortcodes Ultimate versions = 7.3.5...

Important: Red Hat Security Advisory: Red Hat Developer Hub 1.5.2 release.

Red Hat Developer Hub 1.5.2 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

WordPress Backup and Staging by WP Time Capsule plugin <= 1.22.23 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Backup and Staging by WP Time Capsule versions = 1.22.23...

Unifiedtransform 安全漏洞

Unifiedtransform is an open source school management software by Hasib Mahmud Individual Developer. A security vulnerability exists in Unifiedtransform version v2.0, which stems from the /course/edit/id endpoint vulnerability and could lead to remote elevation of privilege...

WordPress Campus Directory plugin <= 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by muhammad yudha in WordPress Plugin Campus Directory versions = 1.9.0...

Security Bulletin: IBM Rational Developer for i is affected by an unspecified Java runtime encryption vulnerability (CVE-2025-21587).

Summary IBM Rational Developer for i is affected by an unspecified Java runtime encryption vulnerability. IBM Rational Developer for i has addressed the vulnerability with a fix as described in the remediation/fixes section. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified...

WordPress Motors - Events plugin <= 1.4.7 - Unauthenticated Local File Inclusion vulnerability

WordPress Motors - Events plugin = 1.4.7 - Unauthenticated Local File Inclusion vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Motors - Events versions = 1.4.7...

WordPress WooCommerce Ultimate Gift Card plugin <= 2.9.6 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Bonds in WordPress Plugin WooCommerce Ultimate Gift Card versions = 2.9.6...

WordPress WooCommerce Photo Reviews plugin <= 1.3.13 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Seb in WordPress Plugin WooCommerce Photo Reviews versions = 1.3.13...

CVE-2025-4429

The Gearside Developer Dashboard WordPress plugin through 1.0.72 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2025-5325

A vulnerability has been found in zhilink 智互联深圳科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /adpweb/a/ica/api/service/rfa/testService. The manipulation leads to improper neutralization of...

WordPress Royal Elementor Addons and Templates plugin <= 1.7.1020 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Brian Sans-Souci liardom in WordPress Plugin Royal Elementor Addons versions = 1.7.1020...

WordPress Blog Designer PRO plugin <= 3.4.7 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Seb in WordPress Plugin Blog Designer PRO versions = 3.4.7...

WordPress LA-Studio Element Kit for Elementor plugin <= 1.5.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via data-lakit-element-link Parameter vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting via data-lakit-element-link Parameter vulnerability discovered by Webbernaut in WordPress Plugin LA-Studio Element Kit for Elementor versions = 1.5.2...

CVE-2025-4429

The Gearside Developer Dashboard WordPress plugin through 1.0.72 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

SUSE CVE-2025-5271

Previewing a response in Devtools ignored CSP headers, which could have allowed content injection attacks. This vulnerability was fixed in Firefox 139 and Thunderbird 139...