CVE-2025-68088 WordPress Huger for Elementor plugin <= 1.1.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in merkulove Huger for Elementor huger-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Huger for Elementor: from n/a through = 1.1.5...

CVE-2025-68070

CVE-2025-68070 affects VK Google Job Posting Manager plugin for WordPress (

CVE-2025-68071 WordPress Essential Real Estate plugin <= 5.3.2 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in g5theme Essential Real Estate essential-real-estate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Real Estate: from n/a through = 5.3.2...

CVE-2025-68056

CVE-2025-68056 affects the WordPress plugin LBG Zoominoutslider (LambertGroup)

CVE-2025-68053

CVE-2025-68053 concerns the WordPress plugin xPromoter (LambertGroup)

CVE-2025-67962

The CVE-2025-67962 entry concerns the WordPress plugin Broken Link Checker (AIOSEO) up to version 1.2.6, with an SQL Injection characterized as Improper Neutralization of Special Elements in SQL Commands. Public sources (Wordfence and CVE feeds) confirm the affected software and that the issue pe...

CVE-2025-66162 WordPress Spoter for Elementor plugin <= 1.04 - Broken Access Control vulnerability

Missing Authorization vulnerability in merkulove Spoter for Elementor spoter-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spoter for Elementor: from n/a through = 1.04...

CVE-2025-66129 WordPress Pochipp plugin <= 1.18.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in wppochipp Pochipp pochipp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pochipp: from n/a through = 1.18.0...

CVE-2025-66121 WordPress SiteGround Security plugin <= 1.5.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in SiteGround SiteGround Security sg-security allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteGround Security: from n/a through = 1.5.8...

CVE-2025-64631 WordPress WCFM Marketplace plugin <= 3.7.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in WC Lovers WCFM Marketplace wc-multivendor-marketplace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM Marketplace: from n/a through = 3.7.1...

CVE-2025-64246 WordPress Accessibility by AudioEye plugin <= 1.0.49 - Broken Access Control vulnerability

Missing Authorization vulnerability in netopsae Accessibility by AudioEye accessibility-by-audioeye allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accessibility by AudioEye: from n/a through = 1.0.49...

CVE-2025-12362 myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Program <= 2.9.7 - Missing Authorization to Unauthenticated Withdrawal Request Approval

The myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Program plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.9.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This mak...

CVE-2025-14395 Popover Windows <= 1.2 - Missing Authorization to Authenticated (Subscriber+) Popover Configuration Update via AJAX Actions

The Popover Windows plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple ajax actions e.g., popsubmit, popthemesubmit in all versions up to, and including, 1.2. This makes it possible for authenticated attackers, with subscriber-lev...

WordPress Ultimate Auction plugin <= 4.3.2 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by daroo in WordPress Plugin Ultimate Auction versions = 4.3.2...

CVE-2025-13993

CVE-2025-13993 - MailerLite – Signup forms (official) plugin for WordPress is affected up to version 1.7.16. The vulnerability is a Stored Cross-Site Scripting (Stored XSS) in the parameters form_description and success_message caused by insufficient input sanitization and output escaping. Exploi...

CVE-2025-67640

Jenkins Git client Plugin vulnerability CVE-2025-67640 affects versions 6.4.0 and earlier. The issue arises from improper escaping of the workspace directory path in a temporary shell script generated by the plugin, enabling an attacker who controls the workspace name to inject and execute arbitr...

CVE-2025-14390 Video Merchant <= 5.0.4 - Cross-Site Request Forgery to Arbitrary File Upload

The Video Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in version = 5.0.4. This is due to missing or incorrect nonce validation on the videomerchantaddvideofile function. This makes it possible for unauthenticated attackers to upload arbitrary files that make remote...

Fedora 44 : containernetworking-plugins (2025-c67591d0a2)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-c67591d0a2 advisory. Automatic update for containernetworking-plugins-1.9.0-1.fc44. Changelog Tue Dec 9 2025 Bradley G Smith - 1.9.0-1 - Update to release v1.9.0 -...

CVE-2025-63070

CVE-2025-63070 corresponds to a WordPress Download Manager plugin vulnerability (versions up to 3.3.32) that causes information disclosure by exposing embedded sensitive data due to inadequate protection of sensitive information. The issue is described across multiple sources as an information di...

CVE-2025-63071

The CVE-2025-63071 entry describes an information-disclosure vulnerability in the WordPress plugin Shortcodes and extra features for Phlox theme (auxin-elements). The issue is an insertion of sensitive information into data sent by the plugin, allowing retrieval of embedded sensitive data. Affect...