CVE-2025-39389

CVE-2025-39389 – AnalyticsWP (WordPress plugin) The vulnerability is an SQL Injection in AnalyticsWP versions from n/a through 2.1.2. It carries a high severity (CVSS 3.1 base score 9.3; network attack vector, no user interaction). The root cause is improper neutralization of SQL elements, enabli...

CVE-2025-39411

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in IndiePlugins WhatsApp Click to Chat Plugin for WordPress wpt-whatsapp.This issue affects WhatsApp Click to Chat Plugin for WordPress: from n/a through = 2.2.12...

CVE-2025-39411 WordPress WhatsApp Click to Chat Plugin for WordPress plugin <= 2.2.12 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in IndiePlugins WhatsApp Click to Chat Plugin for WordPress wpt-whatsapp.This issue affects WhatsApp Click to Chat Plugin for WordPress: from n/a through = 2.2.12...

CVE-2025-39388

Missing Authorization vulnerability in Solid Plugins AnalyticsWP allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects AnalyticsWP: from n/a through 2.0.0...

CVE-2025-39394

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Solid Plugins AnalyticsWP allows Retrieve Embedded Sensitive Data.This issue affects AnalyticsWP: from n/a through 2.1.2...

CVE-2025-39388 WordPress AnalyticsWP plugin <= 2.0.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Solid Plugins AnalyticsWP allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects AnalyticsWP: from n/a through 2.0.0...

grafana: Cross-site Scripting (XSS) in Grafana via Custom Frontend Plugins and Open Redirect

A flaw was found in Grafana's custom frontend plugin handling. This vulnerability allows an attacker to perform a cross-site scripting XSS attack by exploiting a client path traversal and an open redirect issue, leading to arbitrary JavaScript execution and potential user redirection to malicious...

grafana: Cross-site Scripting (XSS) in Grafana via Custom Frontend Plugins and Open Redirect

A flaw was found in Grafana's custom frontend plugin handling. This vulnerability allows an attacker to perform a cross-site scripting XSS attack by exploiting a client path traversal and an open redirect issue, leading to arbitrary JavaScript execution and potential user redirection to malicious...

grafana: Cross-site Scripting (XSS) in Grafana via Custom Frontend Plugins and Open Redirect

A flaw was found in Grafana's custom frontend plugin handling. This vulnerability allows an attacker to perform a cross-site scripting XSS attack by exploiting a client path traversal and an open redirect issue, leading to arbitrary JavaScript execution and potential user redirection to malicious...

PT-2025-22079 · WordPress · Indie Plugins Whatsapp Click To Chat Plugin

Name of the Vulnerable Software and Affected Versions: Indie Plugins WhatsApp Click to Chat Plugin for WordPress versions n/a through 2.2.12 Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion'...

Metasploit Wrap-Up 05/16/2025

New modules for everyone This week’s release is packed with new module content. We have RCE modules for Car Rental System 1.0, Wordpress plugins SureTriggers, User Registration and Membership. We also have a persistence module for LINQPad software and an auxiliary module for POWERCOM UPSMON PRO. ...

CVE-2025-48132 WordPress X Addons for Elementor <= 1.0.14 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pencilwp X Addons for Elementor allows Stored XSS. This issue affects X Addons for Elementor: from n/a through 1.0.14...

Malicious code in grew-plugins (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d4ee10df9b214f88ce9a202b5f7cc418a407053cc3ef0518b2751e4dbe7d06c4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3891 Malicious code in grew-plugins (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d4ee10df9b214f88ce9a202b5f7cc418a407053cc3ef0518b2751e4dbe7d06c4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in flow-plugins (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8cf17ab0e3206656aa1196545f14592f01b8a02353963e6c158dbb80af69dc75 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3890 Malicious code in flow-plugins (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8cf17ab0e3206656aa1196545f14592f01b8a02353963e6c158dbb80af69dc75 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in beautiful-plugins (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 366a123a150cfa4f12f17cdb337ca0d39a1b8c22e7d861302e8632619e51bf4f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3874 Malicious code in beautiful-plugins (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 366a123a150cfa4f12f17cdb337ca0d39a1b8c22e7d861302e8632619e51bf4f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2022-29526 affecting package containernetworking-plugins for versions less than 1.6.1-4

CVE-2022-29526 affecting package containernetworking-plugins for versions less than 1.6.1-4. An upgraded version of the package is available that resolves this issue...

CVE-2022-32149 affecting package containernetworking-plugins for versions less than 1.6.1-4

CVE-2022-32149 affecting package containernetworking-plugins for versions less than 1.6.1-4. An upgraded version of the package is available that resolves this issue...