Mageia: Security Advisory (MGASA-2025-0264)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2025-45248

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in e-plugins Institutions Directory institutions-directory allows Reflected XSS.This issue affects Institutions Directory: from n/a through = 1.3.3...

CVE-2025-12401

The Label Plugins plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5. This is due to missing or incorrect nonce validation on the labelpluginsoptions function. This makes it possible for unauthenticated attackers to update settings and injec...

WordPress plugin Features 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Cross-site Scripting (XSS)

Overview OctoPrint is a snappy web interface for your 3D printer Affected versions of this package are vulnerable to Cross-site Scripting XSS in the Action Command Notification plugin and the Action Command Prompt plugin. An attacker can execute arbitrary scripts in the context of the user's...

Improper Input Validation

@digitalocean/do-markdownit is vulnerable to Improper Input Validation. The vulnerability is due to the callout and fenceenvironment plugins using .includes substring matching when allowedClasses or allowedEnvironments are strings instead of arrays, which allows an attacker to bypass intended...

WordPress Label Plugins plugin <= 0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin Label Plugins versions = 0.5...

CVE-2025-10896

CVE-2025-10896 affects multiple WordPress plugins in the Jewel Theme Recommended Plugins Library. The vulnerability is Unrestricted Upload of File with Dangerous Type via arbitrary plugin installation due to missing capability checks in the *_recommended_upgrade_plugin function, enabling authenti...

CVE-2025-10896 Multiple Plugins <= Multiple Versions - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Upload

Multiple plugins for WordPress with the Jewel Theme Recommended Plugins Library are vulnerable to Unrestricted Upload of File with Dangerous Type via arbitrary plugin installation in all versions up to, and including, 1.0.2.3. This is due to missing capability checks on the...

CVE-2025-12401

The Label Plugins plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5. This is due to missing or incorrect nonce validation on the labelpluginsoptions function. This makes it possible for unauthenticated attackers to update settings and injec...

CVE-2025-12401

CVE-2025-12401 – Label Plugins (WordPress): The WordPress Label Plugins plugin (versions up to 0.5) is affected by Cross-Site Request Forgery due to missing or incorrect nonce validation in label_plugins_options(), enabling unauthenticated attackers to update settings and inject malicious scripts...

CVE-2025-12401 Label Plugins <= 0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Label Plugins plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5. This is due to missing or incorrect nonce validation on the labelpluginsoptions function. This makes it possible for unauthenticated attackers to update settings and injec...

CVE-2025-12401 Label Plugins <= 0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Label Plugins plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5. This is due to missing or incorrect nonce validation on the labelpluginsoptions function. This makes it possible for unauthenticated attackers to update settings and injec...

PT-2025-44920

Name of the Vulnerable Software and Affected Versions Label Plugins versions prior to 0.5 Description The Label Plugins plugin for WordPress is susceptible to Cross-Site Request Forgery. This is caused by a lack of, or incorrect, nonce validation within the label plugins options function. An...

PT-2025-44934

Name of the Vulnerable Software and Affected Versions WordPress plugins with the Jewel Theme Recommended Plugins Library versions up to and including 1.0.2.3 Description The software is susceptible to unrestricted file upload due to missing capability checks within the recommended upgrade plugin...

WordPress plugin多款产品 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host personal blog sites on PHP and MySQL-based...

WordPress plugin Label Plugins 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

Important: Red Hat Security Advisory: Red Hat Developer Hub 1.7.2 release.

Red Hat Developer Hub 1.7.2 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

CLSA-2025-1762181347 containernetworking-plugins: Fix of CVE-2023-24540

rebuild with newer golang to fix CVE-2023-24540 sanitize templates with whitespace outside the allowed character set in JavaScript contexts...

CVE-2024-14003 Nagios XI < 2024R1.2 RCE via NRDP Server Plugins

Nagios XI versions prior to 2024R1.2 are vulnerable to remote code execution RCE through its NRDP Nagios Remote Data Processor server plugins. Insufficient validation of inbound NRDP request parameters allows crafted input to reach command execution paths, enabling attackers to execute arbitrary...