CVE-2025-56379

CVE-2025-56379: A stored XSS in ERPNext v15.67.0 blog module (Frappe v15.72.4) via the blog post content field. An authenticated user who can create/edit posts can inject crafted HTML/JS; payload is stored and can execute in other users’ browsers viewing the post. Affected components: ERPNext Blo...

CVE-2025-9230

creationtimestamp| type| source ---|---|--- 2025-09-30 22:26:09+00:00| seen| https://bsky.app/profile/omo.bsky.social/post/3m23kyhzcgk2z 2025-09-30 23:41:12+00:00| seen| https://bsky.app/profile/checkmarxzero.bsky.social/post/3m23p6r2cdo2d 2025-10-01 06:25:35+00:00| seen|...

CVE-2025-8961

creationtimestamp| type| source ---|---|--- 2025-09-30 01:33:03+00:00| seen| https://bsky.app/profile/bluesky.awakari.com/post/3lzzexup6y22u 2025-09-30 01:33:04+00:00| seen| https://bsky.app/profile/bluesky.awakari.com/post/3lzzexviigf23 2025-09-30 07:27:35+00:00| seen|...

WordPress Query Posts plugin <= 0.3.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Query Posts versions = 0.3.2...

CVE-2025-59934

creationtimestamp| type| source ---|---|--- 2025-09-27 10:48:35+00:00| seen| https://bsky.app/profile/crowdcyber.bsky.social/post/3lzssmhc5bm2l 2025-09-27 11:25:39+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3lzsuoqm2li2l 2025-09-28 09:16:19+00:00| published-proof-of-concept|...

CVE-2025-9984

The Featured Image from URL FIFU plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the fifuapidebugposts function in all versions up to, and including, 5.2.7. This makes it possible for unauthenticated attackers to read private/password protect...

WordPress Popular Posts by Webline plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Popular Posts by Webline versions = 1.1.1...

CVE-2025-9984

The Featured Image from URL FIFU plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the fifuapidebugposts function in all versions up to, and including, 5.2.7. This makes it possible for unauthenticated attackers to read private/password protect...

CVE-2025-10037 Featured Image from URL (FIFU) <= 5.2.7 - Authenticated (Admin+) SQL Injection

The Featured Image from URL FIFU plugin for WordPress is vulnerable to SQL Injection via the getpostswithinternalfeaturedimage function in all versions up to, and including, 5.2.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

CVE-2025-9984 Featured Image from URL (FIFU) <= 5.2.7 - Missing Authorization to Password Protected Post Disclosure

The Featured Image from URL FIFU plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the fifuapidebugposts function in all versions up to, and including, 5.2.7. This makes it possible for unauthenticated attackers to read private/password protect...

CVE-2025-9984 Featured Image from URL (FIFU) <= 5.2.7 - Missing Authorization to Password Protected Post Disclosure

The Featured Image from URL FIFU plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the fifuapidebugposts function in all versions up to, and including, 5.2.7. This makes it possible for unauthenticated attackers to read private/password protect...

CVE-2025-9984

CVE-2025-9984 (FIFU, Featured Image from URL, WordPress) : The FIFU plugin is vulnerable to an unauthorized access exposure due to a missing capability check in fifu_api_debug_posts(). This allows unauthenticated attackers to read private/password protected posts in all versions up to 5.2.7. Conn...

WordPress plugin Featured Image from URL 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

PT-2025-39498

Name of the Vulnerable Software and Affected Versions Featured Image from URL FIFU plugin for WordPress versions through 5.2.7 Description The plugin is susceptible to unauthorized data access because of a missing capability check within the fifu api debug posts function. This allows...

GHSA-8MJQ-32X3-22QF Duplicate Advisory: Malicious versions of Nx were published

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-cxm3-wv7p-598c. This link is maintained to preserve external references. Original Description Malicious code was inserted into the Nx build system package and several related plugins. The tampered package was...

CVE-2025-57205

iNiLabs School Express SMS Express 6.2 is affected by a Stored Cross-Site Scripting XSS vulnerability in the content-management features available to authenticated admin users. The vulnerability resides in POSTed editor parameters submitted to the /posts/edit/id endpoint and similarly in Notice a...

CVE-2025-57205

iNiLabs School Express SMS Express 6.2 is affected by a Stored Cross-Site Scripting XSS vulnerability in the content-management features available to authenticated admin users. The vulnerability resides in POSTed editor parameters submitted to the /posts/edit/id endpoint and similarly in Notice a...

CVE-2025-57205

iNiLabs School Express SMS Express 6.2 is affected by a Stored Cross-Site Scripting XSS vulnerability in the content-management features available to authenticated admin users. The vulnerability resides in POSTed editor parameters submitted to the /posts/edit/id endpoint and similarly in Notice a...

CVE-2025-57205

Inilabs School Express (SMS Express) 6.2 is affected by a Stored XSS in content-management editors (POST /posts/edit/{id} and similar for Notices/Pages). The root cause is insufficient input sanitization and output encoding for editor parameters; payloads are saved and later rendered unsanitized,...

CVE-2025-9905

creationtimestamp| type| source ---|---|--- 2025-09-19 10:32:08+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3lz6nxomxeo2b 2025-09-19 11:27:46+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lz6r36ijyp2t 2025-09-19 16:28:32+00:00| published-proof-of-concept|...