WordPress Team Showcase plugin < 25.05.13 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Tran Nguyen Bao KhanhVCI - VNPT in WordPress Plugin Team Showcase versions 25.05.13...

WordPress Testimonials Showcase plugin <= 1.9.16 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Tran Nguyen Bao KhanhVCI - VNPT in WordPress Plugin Testimonials Showcase versions = 1.9.16...

WordPress Shortcodes Ultimate plugin <= 7.3.5 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Shortcodes Ultimate versions = 7.3.5...

Important: Red Hat Security Advisory: Red Hat Developer Hub 1.5.2 release.

Red Hat Developer Hub 1.5.2 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

WordPress Backup and Staging by WP Time Capsule plugin <= 1.22.23 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Backup and Staging by WP Time Capsule versions = 1.22.23...

Unifiedtransform 安全漏洞

Unifiedtransform is an open source school management software by Hasib Mahmud Individual Developer. A security vulnerability exists in Unifiedtransform version v2.0, which stems from the /course/edit/id endpoint vulnerability and could lead to remote elevation of privilege...

WordPress Campus Directory plugin <= 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by muhammad yudha in WordPress Plugin Campus Directory versions = 1.9.0...

Security Bulletin: IBM Rational Developer for i is affected by an unspecified Java runtime encryption vulnerability (CVE-2025-21587).

Summary IBM Rational Developer for i is affected by an unspecified Java runtime encryption vulnerability. IBM Rational Developer for i has addressed the vulnerability with a fix as described in the remediation/fixes section. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified...

WordPress Motors - Events plugin <= 1.4.7 - Unauthenticated Local File Inclusion vulnerability

WordPress Motors - Events plugin = 1.4.7 - Unauthenticated Local File Inclusion vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Motors - Events versions = 1.4.7...

WordPress WooCommerce Ultimate Gift Card plugin <= 2.9.6 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Bonds in WordPress Plugin WooCommerce Ultimate Gift Card versions = 2.9.6...

WordPress WooCommerce Photo Reviews plugin <= 1.3.13 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Seb in WordPress Plugin WooCommerce Photo Reviews versions = 1.3.13...

CVE-2025-4429

The Gearside Developer Dashboard WordPress plugin through 1.0.72 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2025-5325

A vulnerability has been found in zhilink 智互联深圳科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /adpweb/a/ica/api/service/rfa/testService. The manipulation leads to improper neutralization of...

WordPress Royal Elementor Addons and Templates plugin <= 1.7.1020 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Brian Sans-Souci liardom in WordPress Plugin Royal Elementor Addons versions = 1.7.1020...

WordPress Blog Designer PRO plugin <= 3.4.7 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Seb in WordPress Plugin Blog Designer PRO versions = 3.4.7...

WordPress LA-Studio Element Kit for Elementor plugin <= 1.5.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via data-lakit-element-link Parameter vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting via data-lakit-element-link Parameter vulnerability discovered by Webbernaut in WordPress Plugin LA-Studio Element Kit for Elementor versions = 1.5.2...

CVE-2025-4429

The Gearside Developer Dashboard WordPress plugin through 1.0.72 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

SUSE CVE-2025-5271

Previewing a response in Devtools ignored CSP headers, which could have allowed content injection attacks. This vulnerability was fixed in Firefox 139 and Thunderbird 139...

WordPress plugin Gearside Developer Dashboard 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Asymmetry by Design: Boosting Cyber Defenders with Differential Access to AI

As AI-enabled cyber capabilities become more advanced, we propose "differential access" as a strategy to tilt the cybersecurity balance toward defense by shaping access to these capabilities. We introduce three possible approaches that form a continuum, becoming progressively more restrictive for...