CVE-2025-1322

The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 16.26.10 via the 'feed' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated...

CVE-2025-1322

CVE-2025-1322 affects the WordPress plugin “WP-Recall – Registration, Profile, Commerce & More” up to version 16.26.10. The vulnerability is an information exposure through the feed shortcode caused by insufficient restrictions on which posts can be included, allowing (per NVD/Wordfence) data fro...

CVE-2024-13816

The Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability checks on multiple functions in all versions up to, and including, 2.3.6. This mak...

CVE-2025-2088

creationtimestamp| type| source ---|---|--- 2025-03-07 15:04:06+00:00| seen| https://bsky.app/profile/potato.software/post/3ljsbriaoub2k 2025-03-07 15:35:23+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/6843 2025-03-07 16:00:43+00:00| published-proof-of-concept|...

CVE-2025-1463

The Spreadsheet Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.2. This is due to improper nonce validation within the class-wpgsi-show.php script. This makes it possible for unauthenticated attackers to publish arbitrary post...

CVE-2024-13635

The CVE-2024-13635 entry concerns VK Blocks for WordPress. Affected: VK Blocks plugin versions up to and including 1.94.2.2. Vulnerability type: Sensitive Information Exposure via the page content block. Impact: authenticated attackers with Contributor-level access and above can read sensitive da...

CVE-2024-12610

The School Management System for Wordpress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'mjsmgtremovefeetype' and 'mjsmgtremovecategorynew' AJAX actions in all versions up to, and including, 93.0.0. This makes it possible for...

CVE-2024-12610

The School Management System for Wordpress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'mjsmgtremovefeetype' and 'mjsmgtremovecategorynew' AJAX actions in all versions up to, and including, 93.0.0. This makes it possible for...

CVE-2024-12876

creationtimestamp| type| source ---|---|--- 2025-03-07 08:34:51+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/6808 2025-03-07 11:48:59+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/114120991585951470 2025-03-07 12:04:56+00:00| seen|...

CVE-2025-27816

creationtimestamp| type| source ---|---|--- 2025-03-07 08:34:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ljrlz526dj2f 2025-03-07 08:35:13+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/6823 2025-03-07 09:48:56+00:00| seen|...

CVE-2024-12610

CVE-2024-12610 affects the School Management System for Wordpress plugin for WordPress (≤ 93.0.0). Root cause: missing capability check on AJAX actions mj_smgt_remove_feetype and mj_smgt_remove_category_new, enabling unauthenticated attackers to delete arbitrary posts. Impact per sources: unautho...

WordPress plugin School Management System 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPress...

WordPress Related Post plugin <= 2.0.59 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Related Post versions 2.0.59...

CVE-2025-25361

creationtimestamp| type| source ---|---|--- 2025-03-06 22:12:27+00:00| seen| https://t.me/cvedetector/19740 2025-03-07 20:40:30+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/6883 2025-03-07 21:49:00+00:00| seen|...

CVE-2025-27658

creationtimestamp| type| source ---|---|--- 2025-03-06 00:00:24+00:00| seen| https://bsky.app/profile/vulnalerts.bsky.social/post/3ljo6sbtbi42f 2025-03-06 12:00:17+00:00| seen| https://bsky.app/profile/vulnalerts.bsky.social/post/3ljpgzpp5jw23...

CVE-2025-27656

creationtimestamp| type| source ---|---|--- 2025-03-06 00:00:22+00:00| seen| https://bsky.app/profile/vulnalerts.bsky.social/post/3ljo6sbhg4d2e 2025-03-06 12:00:15+00:00| seen| https://bsky.app/profile/vulnalerts.bsky.social/post/3ljpgzpdndx2p...

CVE-2025-27652

creationtimestamp| type| source ---|---|--- 2025-03-06 00:00:21+00:00| seen| https://bsky.app/profile/vulnalerts.bsky.social/post/3ljo6sb24mm2q 2025-03-06 02:16:25+00:00| seen| Telegram/djmea3PYi4q79vHmmPTef919tUUGLS31NWeGDL-g3p4ra3An 2025-03-06 12:00:14+00:00| seen|...

CVE-2024-35347

creationtimestamp| type| source ---|---|--- 2025-03-05 19:28:27+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3ljnpmfnfd622 2025-03-06 03:49:46+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3ljolmtb27u2a 2025-03-06 04:34:48+00:00| seen|...

CVE-2025-20206

creationtimestamp| type| source ---|---|--- 2025-03-05 16:32:22+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/6559 2025-03-05 19:59:26+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ljnrdrruvj2f 2025-03-05 21:07:30+00:00| seen| https://t.me/cvedetector/19649 2025-03-07...

CVE-2025-25170

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DotsquaresLtd Migrate Posts migrate-post allows Reflected XSS.This issue affects Migrate Posts: from n/a through = 1.0...