8338 matches found
WordPress plugin WP Legal Pages 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2025-38306
Name of the Vulnerable Software and Affected Versions WP Legal Pages plugin for WordPress versions up to and including 3.4.3 Description The WP Legal Pages plugin for WordPress is susceptible to unauthorized access of functionality due to a missing capability check on the wplp gdpr install plugin...
ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.charlyghislain.keycloak:keycloak-importexport (>=21.0.0 <=23.0.1) +137 more potentially affected by CVE-2025-8419 via org.keycloak:keycloak-services (>=1.0-alpha-1 <=26.2.5)
org.keycloak:keycloak-services MAVEN version =1.0-alpha-1, =0.1.0, =21.0.0, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.0.1, =1.0.2 - com.kleegroup.accelerator:accelerator-security-keycloakmfa =1.0.1 and more Source cves: CVE-2025-8419 Source advisory:...
ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1878 more potentially affected by CVE-2025-59476 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.516.2)
org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =55.v51410e712e0c, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.23 and more Source cves: CVE-2025-59476 Source advisory: OSV:GHSA-QRH5-JG98-CR48...
Path Traversal
github.com/mattermost/mattermost-server is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths during plugin import operations, which allows an attacker with restricted admin privileges to install unauthorized custom plugins by bypassing plugin signature...
Important: Red Hat Security Advisory: Red Hat Developer Hub 1.7.1 release.
Red Hat Developer Hub 1.7.1 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...
Obsidian Plugin Persistence
This module searches for Obsidian vaults for a user, and uploads a malicious community plugin to the vault. The vaults must be opened with community plugins enabled NOT restricted mode, but the plugin will be enabled automatically. Tested against Obsidian 1.7.7 on Kali, Ubuntu 22.04, and Windows...
Medium: gstreamer1-plugins-good
Issue Overview: GStreamer is a library for constructing graphs of media-handling components. The function qtdemuxparsesbgp in qtdemux.c is affected by a null dereference vulnerability. This vulnerability is fixed in 1.24.10. CVE-2024-47544 In GStreamer through 1.26.1, the isomp4 plugin's...
Medium: gstreamer1-plugins-base
Issue Overview: In GStreamer through 1.26.1, the subparse plugin's parsesubriptime function may write data past the bounds of a stack buffer, leading to a crash. CVE-2025-47806 In GStreamer through 1.26.1, the subparse plugin's subripunescapeformatting function may dereference a NULL pointer whil...
Amazon Linux 2 : gstreamer1-plugins-good, --advisory ALAS2-2025-3003 (ALAS-2025-3003)
The version of gstreamer1-plugins-good installed on the remote host is prior to 1.18.4-6. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3003 advisory. GStreamer is a library for constructing graphs of media-handling components. The function qtdemuxparsesbg...
fimap
fimap is a Python tool designed to find, prepare, audit, exploit, and even automatically Google for local and remote file inclusion LFI/RFI bugs in web applications. It can identify and exploit file inclusion bugs, including include, includeonce, require, and requireonce functions. The tool has a...
CVE-2025-9463
The Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 1.117.5 due to insufficient escaping on the user supplied parameter and...
Wordfence Intelligence Weekly WordPress Vulnerability Report (September 1, 2025 to September 7, 2025)
Calling all Vulnerability Researchers and Bug Bounty Hunters! Operation: Maximum Impact Challenge ! Now through November 10, 2025, earn 2X bounty rewards forall in-scope submissions in software with at least 5,000 active installs and fewer than 5 million active installs. Bounties up to $31,200 pe...
CVE-2025-9161
A security issue exists within FactoryTalk Optix MQTT broker due to the lack of URI sanitization. This flaw enables the loading of remote Mosquito plugins, which can be used to achieve remote code execution...
CVE-2025-9463 Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net <= 1.117.5 - Authenticated (Contributor+) SQL Injection via order_by Parameter
The Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 1.117.5 due to insufficient escaping on the user supplied parameter and...
CVE-2025-9463
CVE-2025-9463 concerns the PeachPay Payments plugin for WooCommerce (and related Payments Plugin for WooCommerce) with a time-based SQL Injection via the order_by parameter. Wordfence’s details specify that all versions up to 1.117.5 are affected due to insufficient escaping and query preparation...
PT-2025-37021
Name of the Vulnerable Software and Affected Versions: Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net versions prior to 1.117.6 Description: The Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net plugin for...
Linux Distros Unpatched Vulnerability : CVE-2020-15251
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Channelmgnt plug-in for Sopel a Python IRC bot before version 1.0.3, malicious users are able to op/voice and take over a channel. This is an ACL bypass...
The Price of ‘Free’: How Nulled Plugins Are Used to Weaken Your Defense
The Wordfence Threat Intelligence Team has discovered a new malware campaign that highlights the hidden risks associated with "nulled plugins", or premium plugins that have been tampered with by third parties. This campaign is particularly concerning because it doesn't just infect websites: it...
CVE-2025-9161 Rockwell Automation FactoryTalk Optix Remote Code Execution Vulnerability
A security issue exists within FactoryTalk Optix MQTT broker due to the lack of URI sanitization. This flaw enables the loading of remote Mosquito plugins, which can be used to achieve remote code execution...