EUVD-2025-21951

Malicious code in bioql PyPI...

EUVD-2025-21952

Malicious code in bioql PyPI...

CVE-2025-6721

The Vchasno Kasa plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the mrkvvchasnokasawcdometaboxaction function in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers to generate invoices for arbitrar...

WordPress Vchasno Kasa plugin <= 1.0.3 - Missing Authorization to Unauthenticated Invoice Generation vulnerability

Missing Authorization to Unauthenticated Invoice Generation vulnerability discovered by Poli in WordPress Plugin Vchasno Kasa versions = 1.0.3...

WordPress Vchasno Kasa plugin <= 1.0.3 - Unauthenticated Log File Clearing vulnerability

Unauthenticated Log File Clearing vulnerability discovered by Poli in WordPress Plugin Vchasno Kasa versions = 1.0.3...

CVE-2025-6720

The Vchasno Kasa plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the clearalllog function in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers to clear log files...

CVE-2025-6720 Vchasno Kasa <= 1.0.3 - Unauthenticated Log File Clearing

The Vchasno Kasa plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the clearalllog function in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers to clear log files...

CVE-2025-6720 Vchasno Kasa <= 1.0.3 - Unauthenticated Log File Clearing

The Vchasno Kasa plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the clearalllog function in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers to clear log files...

CVE-2025-6721 Vchasno Kasa <= 1.0.3 - Missing Authorization to Unauthenticated Invoice Generation

The Vchasno Kasa plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the mrkvvchasnokasawcdometaboxaction function in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers to generate invoices for arbitrar...

CVE-2025-6721

The CVE-2025-6721 affects the Vchasno Kasa WordPress plugin (MORKVA Vchasno Kasa Integration) up to version 1.0.3. Root cause: missing capability check in the mrkv_vchasno_kasa_wc_do_metabox_action() function, enabling unauthenticated users to generate invoices for arbitrary orders. This is an un...

CVE-2025-6721 Vchasno Kasa <= 1.0.3 - Missing Authorization to Unauthenticated Invoice Generation

The Vchasno Kasa plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the mrkvvchasnokasawcdometaboxaction function in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers to generate invoices for arbitrar...

WordPress plugin Vchasno Kasa 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security...

WordPress plugin Vchasno Kasa 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security...

PT-2025-30118 · WordPress · Vchasno Kasa

Name of the Vulnerable Software and Affected Versions: Vchasno Kasa plugin for WordPress versions up to and including 1.0.3 Description: The Vchasno Kasa plugin for WordPress is susceptible to unauthorized data access due to a missing capability check within the mrkv vchasno kasa wc do metabox...

PT-2025-30117 · WordPress · Vchasno Kasa

Name of the Vulnerable Software and Affected Versions: Vchasno Kasa plugin for WordPress versions up to and including 1.0.3 Description: The Vchasno Kasa plugin for WordPress is susceptible to unauthorized data loss. This is due to a missing capability check within the clear all log function,...

CVE-2024-46548

TP-Link Tapo P125M and Kasa KP125M v1.0.3 was discovered to improperly validate certificates, allowing attackers to eavesdrop on communications and access sensitive information via a man-in-the-middle attack...

CVE-2024-46549

An issue in the TP-Link MQTT Broker and API gateway of TP-Link Kasa KP125M v1.0.3 allows attackers to establish connections by impersonating devices owned by other users...

CVE-2024-35495

An Information Disclosure vulnerability in the Telemetry component in TP-Link Kasa KP125M V1.0.0 and Tapo P125M 1.0.0 Build 220930 Rel.143947 allows attackers to observe device state via observing network traffic...

The vulnerability of the Telemetry component of TP-Link Tapo P125M and Kasa KP125M software devices allows a intruder to gain unauthorized access to protected information.

The vulnerability of the Telemetry component in the microprogramming software of TP-Link Tapo P125M and Kasa KP125M lies in the lack of protection for operational data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to the protected...

The vulnerability of TP-Link’s MQTT Broker and API gateway software for micro-programmed TP-Link devices like the KP125M and Tapo P125M allows a malicious actor to gain increased privileges.

The vulnerability of TP-Link’s MQTT broker and API gateway, which are part of the micro-programming software for TP-Link Kasa KP125M and Tapo P125M devices, is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to enhance their privileges remote...