WordPress Kleo Theme < 5.4.4 is vulnerable to Broken Access Control

Software Kleo Type Theme Vulnerable versions 5.4.4 Fixed in 5.4.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2025-39367 Patch priority Low CVSS severity Low 5.3 Developer EPC PSID 7bef03870816 Credits Ananda Dhakal Patchstack Required privilege...

Portability and Developer Control: 5 Key Takeaways from NAB 2025

...

WordPress Mailing Group Listserv plugin <= 3.0.4 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by timomangcut in WordPress Plugin Mailing Group Listserv versions = 3.0.4...

WordPress Advanced Accordion Gutenberg Block plugin <= 5.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Avraham Shemesh in WordPress Plugin Advanced Accordion Gutenberg Block versions = 5.0.2...

WordPress Lottie Player plugin <= 1.1.8 - Authenticated (Author+) Stored Cross-Site Scripting via File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via File Upload vulnerability discovered by Avraham Shemesh in WordPress Plugin Lottie Player block - Implement Lottie animations. versions = 1.1.8...

Evaluating Argon2 Adoption and Effectiveness in Real-World Software

Modern password hashing remains a critical defense against credential cracking, yet the transition from theoretically secure algorithms to robust real-world implementations remains fraught with challenges. This paper presents a dual analysis of Argon2, the Password Hashing Competition winner,...

BusyBox 安全漏洞

BusyBox is a suite of applications containing several linux commands and tools by Denis Vlasenko, a Ukrainian individual developer. A security vulnerability exists in BusyBox 1.37.0 and earlier versions, which originates from the fact that tar can hide filenames via terminal escape sequences...

WordPress Hospital Management System plugin <= 47.0(20-11-2023) - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Jingle Bells in WordPress Plugin Hospital Management System versions = 47.020-11-2023...

WordPress Hospital Management System plugin <= 47.0(20-11-2023) - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Jingle Bells in WordPress Plugin Hospital Management System versions = 47.020-11-2023...

WordPress Control Listings plugin <= 1.0.4.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Aiden Thái An in WordPress Plugin Control Listings versions = 1.0.4.1...

WordPress Frontend Dashboard plugin <= 2.2.5 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Nguyen Ngoc Quang Bach maysbachs in WordPress Plugin Frontend Dashboard versions = 2.2.5...

WordPress GutenKit plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Khalid Yusuf in WordPress Plugin GutenKit versions = 2.2.2...

WordPress Simple Download Counter plugin <= 2.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Simple Download Counter versions = 2.2...

WordPress Event post plugin <= 5.9.11 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by astra.r3verii in WordPress Plugin Event post versions = 5.9.11...

WordPress MPL-Publisher plugin <= 2.18.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin MPL-Publisher versions = 2.18.0...

WordPress Post in page for Elementor plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Gab Patchstack Alliance in WordPress Plugin Post in page for Elementor versions = 1.0.1...

WordPress Car Park Booking System for WordPress plugin <= 2.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Car Park Booking System for WordPress versions = 2.6...

WordPress JNews Theme <= 11.6.5 is vulnerable to Broken Access Control

Software JNews Type Theme Vulnerable versions = 11.6.5 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2025-39373 Patch priority Low CVSS severity Low 5.3 Developer EPC PSID 775c2569b9cb Credits Ananda Dhakal Patchstack Required privilege...

WordPress Smart Maintenance Mode plugin <= 1.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Dogus Demirkiran in WordPress Plugin Smart Maintenance Mode versions = 1.5.1...

WordPress Revy plugin <= 2.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Jingle Bells in WordPress Plugin Revy versions = 2.1...