CVE-2023-53981

creationtimestamp| type| source ---|---|--- 2025-12-22 23:45:12+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mamg3vdpcl2b 2025-12-22 23:46:52+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mamg7cgt262x...

CVE-2025-11543

creationtimestamp| type| source ---|---|--- 2025-12-22 09:05:37+00:00| seen| https://infosec.exchange/users/offseq/statuses/115762419200846171 2025-12-22 09:05:51+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3makuxkek6e2n 2025-12-22 09:21:46+00:00| seen|...

CVE-2023-53952

Dotclear 2.25.3 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension through the blog post creation interface. Attackers can upload files containing PHP system commands that execute when the uploaded file is accessed...

CVE-2025-14071

The Live Composer – Free WordPress Website Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.2 via deserialization of untrusted input in the dslcmodulepostsoutput shortcode. This makes it possible for authenticated attackers, with...

CVE-2025-14080

The Frontend Post Submission Manager Lite plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.5. This is due to missing authorization checks on the post update functionality in the fpsmlformprocess AJAX action. This makes it possible for...

CVE-2025-14080

The Frontend Post Submission Manager Lite plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.5. This is due to missing authorization checks on the post update functionality in the fpsmlformprocess AJAX action. This makes it possible for...

CVE-2025-14071 Live Composer – Free WordPress Website Builder <= 2.0.2 - Authenticated (Contributor+) PHP Object Injection via dslc_module_posts_output Shortcode

The Live Composer – Free WordPress Website Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.2 via deserialization of untrusted input in the dslcmodulepostsoutput shortcode. This makes it possible for authenticated attackers, with...

CVE-2025-14071 Live Composer – Free WordPress Website Builder <= 2.0.2 - Authenticated (Contributor+) PHP Object Injection via dslc_module_posts_output Shortcode

The Live Composer – Free WordPress Website Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.2 via deserialization of untrusted input in the dslcmodulepostsoutput shortcode. This makes it possible for authenticated attackers, with...

CVE-2025-14080

CVE-2025-14080 concerns the WordPress plugin Frontend Post Submission Manager Lite. The vulnerability is due to missing authorization on the fpsml_form_process AJAX action, allowing unauthenticated attackers to modify arbitrary posts by supplying a post_id via the guest posting form. Reported imp...

CVE-2025-14177

creationtimestamp| type| source ---|---|--- 2025-12-20 02:01:22+00:00| seen| https://bsky.app/profile/slackers.it/post/3maf4czwhdn26 2025-12-20 02:01:34+00:00| seen| https://bsky.app/profile/slackers.it/post/3maf4d6dt3p2l 2025-12-21 11:53:36+00:00| seen|...

CVE-2025-14178

creationtimestamp| type| source ---|---|--- 2025-12-20 02:01:22+00:00| seen| https://bsky.app/profile/slackers.it/post/3maf4czwhdn26 2025-12-20 02:01:33+00:00| seen| https://bsky.app/profile/slackers.it/post/3maf4d6dt3p2l 2025-12-21 11:53:36+00:00| seen|...

CVE-2023-53952

CVE-2023-53952 affects Dotclear 2.25.3, which contains a remote code execution vulnerability exploitable by authenticated attackers through the blog post creation interface. The issue arises from allowing uploads of PHP files with a .phar extension; such uploaded files can execute PHP system comm...

CVE-2023-53952 Dotclear 2.25.3 Authenticated Remote Code Execution via File Upload

Dotclear 2.25.3 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension through the blog post creation interface. Attackers can upload files containing PHP system commands that execute when the uploaded file is accessed...

CVE-2025-11747

The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the colibriblogposts shortcode in all versions up to, and including, 1.0.345 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-11747

CVE-2025-11747 affects the Colibri Page Builder WordPress plugin. The Wordfence report documents a stored cross-site scripting vulnerability in the colibri_blog_posts shortcode caused by insufficient input sanitization and lack of proper output escaping, affecting all versions up to and including...

EUVD-2025-204478

The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the colibriblogposts shortcode in all versions up to, and including, 1.0.345 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

PT-2025-52435

The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the colibri blog posts shortcode in all versions up to, and including, 1.0.345 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-68386

creationtimestamp| type| source ---|---|--- 2025-12-18 23:08:03+00:00| seen| https://bsky.app/profile/potato.software/post/3macc65yxl32k 2025-12-18 23:53:35+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3macepn7fbv2q...

CVE-2025-68161

creationtimestamp| type| source ---|---|--- 2025-12-18 18:15:51+00:00| seen| https://seclists.org/oss-sec/2025/q4/285 2025-12-18 19:27:49+00:00| seen| https://mstdn.social/users/jschauma/statuses/115742216551427386 2025-12-18 19:28:16+00:00| seen|...

CVE-2025-64371

creationtimestamp| type| source ---|---|--- 2025-12-18 09:26:42+00:00| seen| https://gist.github.com/Darkcrai86/ef6ee82ad15d64b1f97e57ae569cd6cf 2025-12-18 10:57:20+00:00| seen| https://gist.github.com/Darkcrai86/3aa71eeca6e6d567384ccc6041062ce6...