WP Dream Carousel < 1.0.1b - Cross-Site Scripting

WP Dream Carousel WordPress plugin 1.0.1b contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute arbitrary scripts in the context of high privilege users, exploit requires victim to load a...

Friday Squid Blogging: Do Squid Dream?

An exploration of the interesting question...

Google Reports State-Backed Hackers Using Gemini AI for Recon and Attack Support

Google on Thursday said it observed the North Korea-linked threat actor known as UNC2970 using its generative artificial intelligence AI model Gemini to conduct reconnaissance on its targets, as various hacking groups continue to weaponize the tool for accelerating various phases of the cyber...

CVE-2023-29100

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Dream-Theme The7 plugin = 11.6.0 versions...

DREAM: Dynamic Red-Teaming across Environments for AI Models

Large Language Models LLMs are increasingly used in agentic systems, where their interactions with diverse tools and environments create complex, multi-stage safety challenges. However, existing benchmarks mostly rely on static, single-turn assessments that miss vulnerabilities from adaptive,...

CVE-2025-63074

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Dream-Theme The7 dt-the7 allows PHP Local File Inclusion.This issue affects The7: from n/a through 12.8.1.1...

CVE-2025-63073

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dream-Theme The7 dt-the7 allows DOM-Based XSS.This issue affects The7: from n/a through 12.9.0...

CVE-2025-63076

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Dream-Theme The7 Elements dt-the7-core allows PHP Local File Inclusion.This issue affects The7 Elements: from n/a through = 2.7.11...

EUVD-2025-201941

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Dream-Theme The7 Elements dt-the7-core allows PHP Local File Inclusion.This issue affects The7 Elements: from n/a through = 2.7.11...

EUVD-2025-201956

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dream-Theme The7 dt-the7 allows DOM-Based XSS.This issue affects The7: from n/a through = 12.8.0.2...

CVE-2025-63073

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dream-Theme The7 dt-the7 allows DOM-Based XSS.This issue affects The7: from n/a through 12.9.0...

CVE-2025-63076

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Dream-Theme The7 Elements dt-the7-core allows PHP Local File Inclusion.This issue affects The7 Elements: from n/a through = 2.7.11...

CVE-2025-63074

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Dream-Theme The7 dt-the7 allows PHP Local File Inclusion.This issue affects The7: from n/a through 12.8.1.1...

CVE-2025-63074 WordPress The7 theme < 12.8.1.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Dream-Theme The7 dt-the7 allows PHP Local File Inclusion.This issue affects The7: from n/a through 12.8.1.1...

PT-2025-50074

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Dream-Theme The7 dt-the7 allows PHP Local File Inclusion.This issue affects The7: from n/a through = 12.8.0.2...

PT-2025-50076

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Dream-Theme The7 Elements dt-the7-core allows PHP Local File Inclusion.This issue affects The7 Elements: from n/a through = 2.7.11...

PT-2025-50073

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dream-Theme The7 dt-the7 allows DOM-Based XSS.This issue affects The7: from n/a through = 12.8.0.2...

CVE-2025-13621

The dream gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'dreampluginsmain' AJAX action. This makes it possible for unauthenticated attackers to update the plugin's...

WordPress dream gallery plugin <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'dreampluginsmain' AJAX Action vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting via 'dreampluginsmain' AJAX Action vulnerability discovered by dayea song - Ahnlab in WordPress Plugin dream gallery versions = 1.0...

EUVD-2025-201380

The dream gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'dreampluginsmain' AJAX action. This makes it possible for unauthenticated attackers to update the plugin's...