WordPress WP-SOS-Donate Donation Sidebar Plugin plugin <= 0.9.2 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability

Reflected Cross-Site Scripting via $SERVER'PHPSELF' vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin WP-SOS-Donate versions = 0.9.2...

WordPress My auctions allegro plugin <= 3.6.32 - Unauthenticated Local File Inclusion via controller vulnerability

Unauthenticated Local File Inclusion via controller vulnerability discovered by type5afe in WordPress Plugin My auctions allegro versions = 3.6.32...

WordPress User Verification plugin <= 2.0.44 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by luckybuddy in WordPress Plugin User Verification versions = 2.0.44...

WordPress Weekly Planner plugin <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Ivan Cese in WordPress Plugin Weekly Planner versions = 1.0...

WordPress Voidek Employee Portal plugin <= 1.0.6 - Missing Authorization vulnerability

Missing Authorization vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Voidek Employee Portal versions = 1.0.6...

WordPress FitVids for WordPress plugin <= 4.0.1 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin FitVids for WordPress versions = 4.0.1...

WordPress WebP Express plugin <= 0.25.9 - Unauthenticated Information Exposure vulnerability

Unauthenticated Information Exposure vulnerability discovered by Rafshanzani Suhada in WordPress Plugin WebP Express versions = 0.25.9...

WordPress Autoptimize plugin <= 3.1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Autoptimize versions = 3.1.13...

WordPress Upload.am plugin < 1.0.1 - Contributor+ Arbitrary Option Disclosure vulnerability

Contributor+ Arbitrary Option Disclosure vulnerability discovered by Beatriz Fresno Naumova beafn28 in WordPress Plugin Upload.am versions 1.0.1...

WordPress Studiocart plugin <= 2.9.0 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin WordPress eCommerce Plugin – Studiocart versions = 2.9.0...

WordPress Backup Migration plugin <= 1.4.9 - Information Exposure to Unauthenticated Back-up Download vulnerability

Information Exposure to Unauthenticated Back-up Download vulnerability discovered by ymmfty0 in WordPress Plugin Backup Migration versions = 1.4.9...

WordPress BlockArt Blocks plugin <= 2.2.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via `timestamp` Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via timestamp Attribute vulnerability discovered by Farhan Dio Arrafiq in WordPress Plugin BlockArt Blocks versions = 2.2.13...

WordPress Arconix Shortcodes plugin <= 2.1.19 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Rooting in WordPress Plugin Arconix Shortcodes versions = 2.1.19...

WordPress FluentCommunity plugin <= 2.0.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin FluentCommunity versions = 2.0.0...

WordPress Gutenverse plugin <= 3.2.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Denver Jackson in WordPress Plugin Gutenverse versions = 3.2.1...

TencentOS Server 4: kernel (TSSA-2025:0437)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0437 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

WordPress Appointment Booking Calendar plugin <= 1.3.95 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Appointment Booking Calendar versions = 1.3.95...

WordPress Survey Maker plugin <= 5.1.9.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Survey Maker versions = 5.1.9.4...

WordPress WP Plugin Manager plugin <= 1.4.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Mika in WordPress Plugin WP Plugin Manager versions = 1.4.7...

WordPress WP Headless CMS Framework plugin <= 1.15 - Unauthenticated Protection Mechanism Bypass vulnerability

Unauthenticated Protection Mechanism Bypass vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin WP Headless CMS Framework versions = 1.15...