CVE-2025-12372

The CVE-2025-12372 entry concerns The Permalinks Cascade plugin for WordPress (up to version 2.2). The root cause is Missing Authorization in the handleTPCAdminAjaxRequest path, enabling authenticated users with subscriber-level access and above to perform unauthorized administrative actions (e.g...

CVE-2025-12372 The Permalinks Cascade <= 2.2 - Missing Authorization To Authenticated (Subscriber+) Plugin Settings Update

The Permalinks Cascade plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.2. This is due to the plugin not properly verifying that a user is authorized to perform an action in the handleTPCAdminAjaxRequest function. This makes it possible for...

Information disclosure

SonicWall SonicOS on Network Security Appliance NSA 2017 Q4 devices has XSS via the CFS Custom Category and Cloud AV DB Exclusion Settings screens...

CVE-2018-5281

SonicWall SonicOS on Network Security Appliance (NSA) 2017 Q4 devices is affected by a cross-site scripting (XSS) vulnerability via the CFS Custom Category and Cloud AV DB Exclusion Settings screens. The available connected data confirms the affected product and the vulnerability class, but does ...

CVE-2018-5281

SonicWall SonicOS on Network Security Appliance NSA 2017 Q4 devices has XSS via the CFS Custom Category and Cloud AV DB Exclusion Settings screens...