CVE-2025-32669 WordPress Mergado Pack plugin <= 4.2.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in MERGADO Mergado Pack mergado-marketing-pack allows Stored XSS.This issue affects Mergado Pack: from n/a through = 4.2.1...

CVE-2025-32669

CVE-2025-32669 describes a CSRF-to-Stored XSS in the WordPress plugin set “Mergado Pack.” The connected documents confirm the impact is stored XSS triggered via CSRF and that affected software is Mergado Pack up to version 4.1.1 . Technical details in the connected sources identify the vulnerabil...

WordPress Mergado Pack plugin <= 4.2.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Mergado Pack versions = 4.2.1...

WordPress plugin WP Performance Pack 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site reques...

WordPress plugin Mergado Pack 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site reques...

Description of the security update for SharePoint Enterprise Server 2016: April 8, 2025 (KB5002692)

Description of the security update for SharePoint Enterprise Server 2016: April 8, 2025 KB5002692 Notice KB 5002692 is now revised and available again for download. Please see the "How to get and install the update" section. Summary This security update resolves a Microsoft SharePoint remote code...

CVE-2025-32190

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in smartwpress Musician's Pack For Elementor music-pack-for-elementor allows DOM-Based XSS.This issue affects Musician's Pack For Elementor: from n/a through = 1.8.7...

CVE-2025-32190

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in smartwpress Musician's Pack For Elementor music-pack-for-elementor allows DOM-Based XSS.This issue affects Musician's Pack For Elementor: from n/a through = 1.8.7...

CVE-2025-32190 WordPress Musician's Pack For Elementor plugin <= 1.8.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in smartwpress Musician's Pack For Elementor music-pack-for-elementor allows DOM-Based XSS.This issue affects Musician's Pack For Elementor: from n/a through = 1.8.7...

CVE-2025-32190

CVE-2025-32190 refers to a stored XSS in Musician’s Pack for Elementor (WordPress plugin). The connected Wordfence entry shows an authenticated (Contributor+) Stored Cross-Site Scripting issue affecting Musician’s Pack for Elementor up to version 1.8.4.1. The initial document lists Cross-site Scr...

CVE-2025-32190 WordPress Musician's Pack for Elementor plugin <= 1.8.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in smartwpress Musician's Pack for Elementor allows DOM-Based XSS. This issue affects Musician's Pack for Elementor: from n/a through 1.8.4...

WordPress Musician's Pack For Elementor plugin <= 1.8.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Gab in WordPress Plugin Musician's Pack For Elementor versions = 1.8.7...

WordPress plugin Musician s Pack for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2025-31082

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in InfornWeb News & Blog Designer Pack blog-designer-pack allows PHP Local File Inclusion.This issue affects News & Blog Designer Pack: from n/a through = 4.0...

CVE-2025-31539

Missing Authorization vulnerability in Blocksera Cryptocurrency Widgets Pack cryptocurrency-widgets-pack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cryptocurrency Widgets Pack: from n/a through = 2.0.1...

Malicious code in @hongfangze/pack (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7e73a080830e05ba03056d448f8fc7711301bb1c7c5e13797c1f192b7373be10 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-31082

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in InfornWeb News & Blog Designer Pack blog-designer-pack allows PHP Local File Inclusion.This issue affects News & Blog Designer Pack: from n/a through = 4.0...

VulnCheck KEV: CVE-2025-31082

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in InfornWeb News & Blog Designer Pack blog-designer-pack allows PHP Local File Inclusion.This issue affects News & Blog Designer Pack: from n/a through = 4.0...

@andrewzagorski/admin (>=4.25.19-patch.2 <=4.25.19-patch.3), @andrewzagorski/pack-up (=4.23.1-prerelease.2) +25 more potentially affected by CVE-2025-31125 via vite (>=6.0.0 <=6.0.11)

vite NPM version =6.0.0, =4.25.19-patch.2, =19.1.5, =19.1.5, =5.0.0-alpha.37, =19.1.0, =19.1.0, =2.11.0, =2.11.0, =11.23.0, =0.0.0-experimental-13bd4c2-20250203-4e3af844, =0.0.0-snapshot-1d99fea7d2ce2c7a5d9ed0a3752f8a7bda6bc3db, =0.3.0-dev.12 and more Source cves: CVE-2025-31125 Source advisory:...

WordPress Cryptocurrency Widgets Pack plugin <= 2.0.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Peter Thaleikis in WordPress Plugin Cryptocurrency Widgets Pack versions = 2.0.1...