CVE-2025-3104 WP Staging Pro <= 6.1.2 - Unauthenticated Information Exposure via getOutdatedPluginsRequest Function

The WP STAGING Pro WordPress Backup Plugin for WordPress is vulnerable to Information Exposure in all versions up to and including 6.1.2 due to missing capability checks on the getOutdatedPluginsRequest function. This makes it possible for unauthenticated attackers to reveal outdated installed...

CVE-2025-3104

CVE-2025-3104 affects the WP STAGING Pro WordPress Backup Plugin for WordPress (versions up to 6.1.2). The issue arises from missing capability checks in getOutdatedPluginsRequest(), enabling unauthenticated disclosure of outdated installed plugins. Impact is information exposure; CVSS 3.1 base s...

PT-2025-16929

Name of the Vulnerable Software and Affected Versions Nullsoft Scriptable Install System NSIS versions prior to 3.11 Description The issue allows local users to escalate privileges to SYSTEM during an installation. This occurs because the temporary plugins directory is created under %WINDIR%temp...

CVE-2025-2225

The Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘raeltitletag' parameter in all versions up to, and including, 1.6.9 due to insufficient input sanitization and output escaping. Thi...

Malicious code in flex-plugins (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 004deff66b34b25158642a09f2766c44910f05ec7a322c2933f768f34249151b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3211 Malicious code in flex-plugins (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 004deff66b34b25158642a09f2766c44910f05ec7a322c2933f768f34249151b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

ai.h2o:h2o-orc-parser (>=3.10.0.5 <=3.10.3.6), co.cask.hydrator:hive-plugins (>=1.2.0 <=2.1.2) +548 more potentially affected by CVE-2025-3588 via org.jsonschema2pojo:jsonschema2pojo-core (>=0.4.0 <=1.2.2)

org.jsonschema2pojo:jsonschema2pojo-core MAVEN version =0.4.0, =3.10.0.5, =1.2.0, =1.0.1, =1.5.17 and more Source cves: CVE-2025-3588 Source advisory: OSV:GHSA-66RC-VG9F-48M7...

CVE-2025-32585

Path Traversal: '.../...//' vulnerability in Trusty Plugins Shop Products Filter trusty-woo-products-filter allows PHP Local File Inclusion.This issue affects Shop Products Filter: from n/a through = 1.2...

[SECURITY] Fedora 42 Update: nextcloud-31.0.2-1.fc42

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

CVE-2025-32661

Cross-Site Request Forgery CSRF vulnerability in WP Map Plugins Interactive US Map interactive-us-map allows Stored XSS.This issue affects Interactive US Map: from n/a through = 2.7...

CVE-2025-32585

Path Traversal: '.../...//' vulnerability in Trusty Plugins Shop Products Filter trusty-woo-products-filter allows PHP Local File Inclusion.This issue affects Shop Products Filter: from n/a through = 1.2...

CVE-2025-32585 WordPress Shop Products Filter Plugin <= 1.2 - Local File Inclusion vulnerability

Path Traversal: '.../...//' vulnerability in Trusty Plugins Shop Products Filter trusty-woo-products-filter allows PHP Local File Inclusion.This issue affects Shop Products Filter: from n/a through = 1.2...

CVE-2025-32585

CVE-2025-32585 describes a path traversal leading to PHP Local File Inclusion in the WordPress plugin Shop Products Filter (Trusty Plugins). The vulnerability is reported as an Authenticated (Subscriber+) Local File Inclusion affecting Shop Products Filter up to version 1.2 (no public fix details...

PT-2025-16075 · Unknown · Trusty Plugins Shop Products Filter

Name of the Vulnerable Software and Affected Versions: Trusty Plugins Shop Products Filter versions 1.2 and earlier Description: The issue affects Trusty Plugins Shop Products Filter, allowing PHP Local File Inclusion due to a Path Traversal vulnerability. Recommendations: For Trusty Plugins Shop...

CVE-2025-2876

The MelaPress Login Security and MelaPress Login Security Premium plugins for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'monitoradminactions' function in version 2.1.0. This makes it possible for unauthenticated attackers to delete any user...

CVE-2025-32243

Missing Authorization vulnerability in Toast Plugins Internal Link Optimiser internal-link-finder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Internal Link Optimiser: from n/a through = 5.1.2...

CVE-2025-32243

CVE-2025-32243 : Missing Authorization in WordPress Internal Link Optimiser (internal-link-finder). Connected data ties this to WordPress Internal Link Optimiser (plugin) with vulnerability class Missing Authorization to Unauthenticated Settings Update, affecting versions up to 5.1.2. The CVE ent...

PT-2025-15957 · Toast Plugins · Toast Plugins Internal Link Optimiser

Name of the Vulnerable Software and Affected Versions: Toast Plugins Internal Link Optimiser versions 5.1.2 and earlier Description: The issue is related to a Missing Authorization vulnerability in Toast Plugins Internal Link Optimiser, which allows exploiting incorrectly configured access contro...

CVE-2025-32661

Cross-Site Request Forgery CSRF vulnerability in WP Map Plugins Interactive US Map interactive-us-map allows Stored XSS.This issue affects Interactive US Map: from n/a through = 2.7...

Shopware allows Denial Of Service via password length

Impact It's possible to pass long passwords that leads to Denial Of Service via forms in Storefront forms or Store-API. Patches Update to Shopware 6.6.10.3 or 6.5.8.17 Workarounds For older versions of 6.4, corresponding security measures are also available via a plugin. For the full range of...