WordPress Conference Scheduler plugin <= 2.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via className Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via className Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Conference Scheduler versions = 2.5.1...

novel-plus 安全漏洞

novel-plus is a novel reading software by xxy individual developer. A security vulnerability exists in novel-plus versions prior to 5.1.0, which stems from an unvalidated filePath parameter that could lead to a directory traversal attack...

Google ChromeOS Permission Issues Vulnerability

Google ChromeOS is a Linux kernel-based operating system developed by Google. Google ChromeOS suffers from a privilege issue vulnerability. The vulnerability stems from a privilege bypass in extension management, which can be exploited by an attacker to disable extensions on ChromeOS and access...

WordPress App Builder plugin <= 5.5.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Hiro Code016Hiro in WordPress Plugin App Builder versions = 5.5.6...

WordPress ATP Call Now plugin <= 1.0.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin ATP Call Now versions = 1.0.3...

WordPress WP-Members plugin <= 3.5.4 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by zaim Patchstack Alliance in WordPress Plugin WP-Members versions = 3.5.4...

CVE-2025-6267

A vulnerability was found in zhilink 智互联深圳科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. It has been rated as critical. This issue affects some unknown processing of the file /adpweb/a/base/barcodeDetail/. The manipulation of the argument barcodeNo/barcode/itemNo leads to sql injection...

CVE-2025-6267

The CVE-2025-6267 entry concerns zhilink ADP Application Developer Platform (version 1.0.0). A SQL injection vulnerability arises from improper handling of the parameters barcodeNo, barcode, and itemNo in the file /adpweb/a/base/barcodeDetail/. This could allow remote attacker-controlled input to...

WordPress Fitness Park Theme <= 1.1.1 is vulnerable to Cross Site Scripting (XSS)

Software Fitness Park Type Theme Vulnerable versions = 1.1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-50033 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f81317695731 Credits Peter Thaleikis Required privilege Contribut...

A Bootiful Podcast: Micrometer.io lead Tommy Ludwig on the latest-and-greatest in observability for the Spring developer

Hi, Spring fans! In this episode, I talk to Micrometer.io lead Tommy Ludwig on the latest-and-greatest in observability for the Spring developer...

WordPress OceanWP Theme <= 4.0.9 is vulnerable to Cross Site Scripting (XSS)

Software OceanWP Type Theme Vulnerable versions = 4.0.9 Fixed in 4.1.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2025-5524 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID aa9ebeb90689 Credits Asaf Mozes Required privilege...

CVE-2025-6179

Permissions Bypass in Extension Management in Google ChromeOS 16181.27.0 on managed Chrome devices allows a local attacker to disable extensions and access Developer Mode, including loading additional extensions via exploiting vulnerabilities using the ExtHang3r and ExtPrint3r tools...

WordPress Ultimate Addons for Contact Form 7 plugin <= 3.5.12 - Authenticated (Administrator+) Arbitrary File Upload via 'save_options' vulnerability

Authenticated Administrator+ Arbitrary File Upload via 'saveoptions' vulnerability discovered by Ryan Kozak in WordPress Plugin Ultimate Addons for Contact Form 7 versions = 3.5.12...

WordPress Target Video Easy Publish plugin <= 3.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via width Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Target Video Easy Publish versions = 3.8.5...

WordPress Master Slider plugin <= 3.10.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via masterslider_pb and ms_slide Shortcodes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via mastersliderpb and msslide Shortcodes vulnerability discovered by muhammad yudha in WordPress Plugin Master Slider versions = 3.10.8...

WordPress Ajax Load More plugin <= 7.4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin Ajax Load More versions = 7.4.0.1...

WordPress Simple Logo Carousel plugin <= 1.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via id Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Simple Logo Carousel versions = 1.9.3...

WordPress Click to Chat plugin <= 4.22 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via data-no_number Parameter vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via data-nonumber Parameter vulnerability discovered by Asaf Mozes in WordPress Plugin Click to Chat versions = 4.22...

CVE-2025-6179

Permissions Bypass in Extension Management in Google ChromeOS 16181.27.0 on managed Chrome devices allows a local attacker to disable extensions and access Developer Mode, including loading additional extensions via exploiting vulnerabilities using the ExtHang3r and ExtPrint3r tools...

CVE-2025-6177

Privilege Escalation in MiniOS in Google ChromeOS 16063.45.2 and potentially others on enrolled devices allows a local attacker to gain root code execution via exploiting a debug shell VT3 console accessible through specific key combinations during developer mode entry and MiniOS access, even whe...