CVE-2025-12067

The Table Field Add-on for ACF and SCF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table Cell Content in all versions up to, and including, 1.3.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-2172

The Malware Scanner plugin and the Web Application Firewall plugin for WordPress both by MiniOrange are vulnerable to privilege escalation due to a missing capability check on the mowpnsinit function in all versions up to, and including, 4.7.2 for Malware Scanner and 2.1.1 for Web Application...

Medium: cni-plugins

Issue Overview: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not...

CVE-2025-30631

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AA-Team Woocommerce Sales Funnel Builder, AA-Team Amazon Affiliates Addon for WPBakery Page Builder formerly Visual Composer allows Reflected XSS.This issue affects Woocommerce Sales Funnel Builder...

CVE-2025-30631

CVE-2025-30631 is a Reflected XSS in AA-Team Woocommerce Sales Funnel Builder and AA-Team Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer). Affected: Woocommerce Sales Funnel Builder up to version 1.1; Amazon Affiliates Addon for WPBakery Page Builder up to 1.2. Root c...

CVE-2025-30631 Reflected Cross Site Scripting (XSS) vulnerability in AA-Team WordPress plugins

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AA-Team Woocommerce Sales Funnel Builder, AA-Team Amazon Affiliates Addon for WPBakery Page Builder formerly Visual Composer allows Reflected XSS.This issue affects Woocommerce Sales Funnel Builder...

CVE-2025-30631 WordPress Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer) <= 1.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AA-Team Amazon Affiliates Addon for WPBakery Page Builder formerly Visual Composer azon-addon-js-composer allows Reflected XSS.This issue affects Amazon Affiliates Addon for WPBakery Page Builder...

CVE-2025-29004 WordPress Responsive Coming Soon Landing Page / Holding Page for WordPress plugin <= 3.0 - Privilege Escalation Vulnerability

Incorrect Privilege Assignment vulnerability in AA-Team Responsive Coming Soon Landing Page / Holding Page for WordPress wordpress-flat-countdown allows Privilege Escalation.This issue affects Responsive Coming Soon Landing Page / Holding Page for WordPress: from n/a through = 3.0...

CVE-2025-65212

An issue was discovered in NJHYST HY511 POE core before 2.1 and plugins before 0.1. The vulnerability stems from the device's insufficient cookie verification, allowing an attacker to directly request the configuration file address and download the core configuration file without logging into the...

CVE-2025-65212

CVE-2025-65212 (NJHYST HY511 POE core) : The vulnerability affects HY511 POE core prior to 2.1 and plugins prior to 0.1, arising from insufficient cookie verification. An attacker can directly request the configuration file address and download the core configuration file without authenticating t...

PT-2026-1439

Name of the Vulnerable Software and Affected Versions NJHYST HY511 POE core versions prior to 2.1 NJHYST HY511 POE plugins versions prior to 0.1 Description The device exhibits insufficient cookie verification, enabling an attacker to directly request the configuration file address and download t...

WordPress多款产品 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host a personal blog site on a PHP and MySQL bas...

PT-2026-1465

Name of the Vulnerable Software and Affected Versions e-plugins JobBank versions through 1.2.2 Description The software contains a flaw due to improper handling of user-supplied data when creating web pages, leading to a Reflected Cross-Site Scripting XSS condition. This allows an attacker to...

Amazon Linux 2 : cni-plugins, --advisory ALAS2-2025-3098 (ALAS-2025-3098)

The version of cni-plugins installed on the remote host is prior to 1.7.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3098 advisory. crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a...

Medium: cni-plugins

Issue Overview: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not...

FreeBSD : gstreamer1-plugins-bad -- Out-of-bounds reads in MIDI parser (500cc49c-e93b-11f0-b8d8-4ccc6adda413)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 500cc49c-e93b-11f0-b8d8-4ccc6adda413 advisory. The GStreamer Security Center reports: Multiple out-of-bounds reads in the MIDI parser that ca...

CVE-2025-62115

Missing Authorization vulnerability in ThemeBoy Hide Plugins hide-plugins allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hide Plugins: from n/a through = 1.0.4...

PT-2026-21721

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 148 Firefox ESR versions prior to 115.33 Firefox ESR versions prior to 140.8 Thunderbird versions prior to 148 Thunderbird versions prior to 140.8 Description The Audio/Video: GMP component contains incorrect boundary...

PT-2026-26509

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0202 Description Vim, a command line text editor, contains a flaw in its glob function on Unix-like systems. Including a newline character within a pattern provided to glob could allow an attacker to execute arbitrary...

CVE-2025-62115

Missing Authorization vulnerability in ThemeBoy Hide Plugins hide-plugins allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hide Plugins: from n/a through = 1.0.4...