WordPress Camelia Theme <= 1.2.13 is vulnerable to Local File Inclusion

Software Camelia Type Theme Vulnerable versions = 1.2.13 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 861b50981f0a Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

WordPress Doccure Theme <= 1.4.8 is vulnerable to Arbitrary File Upload

Software Doccure Type Theme Vulnerable versions = 1.4.8 Fixed in N/A OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2025-9113 Patch priority High CVSS severity High 10 Developer Claim ownership PSID a390d4c607ad Credits István Márton Required privilege Unauthenticated...

WordPress ELEX WooCommerce Google Shopping (Google Product Feed) plugin <= 1.4.3 - Authenticated (Admin+) SQL Inejction vulnerability

Authenticated Admin+ SQL Inejction vulnerability discovered by dutafi in WordPress Plugin ELEX WooCommerce Google Shopping versions = 1.4.3...

WordPress Biagiotti Core plugin <= 2.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by István Márton in WordPress Plugin Biagiotti Core versions = 2.1.3...

WordPress Simple Text Slider Plugin <= 1.0.5 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Mika in WordPress Plugin Simple Text Slider versions = 1.0.5...

WordPress Site Info Plugin <= 1.1 - Sensitive Data Exposure Vulnerability

Sensitive Data Exposure Vulnerability discovered by Bao BlueRock in WordPress Plugin Site Info versions = 1.1...

WordPress eDS Responsive Menu Plugin <= 1.2 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Drew / mcdruid in WordPress Plugin eDS Responsive Menu versions = 1.2...

WordPress SS Font Awesome Icon Plugin <= 4.1.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Mika in WordPress Plugin SS Font Awesome Icon versions = 4.1.3...

WordPress Developer Tools Blocker Plugin <= 3.2.1 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nabil Irawan in WordPress Plugin Developer Tools Blocker versions = 3.2.1...

WordPress Aitasi Coming Soon Plugin <= 2.0.2 - Deserialization of untrusted data Vulnerability

Deserialization of untrusted data Vulnerability discovered by Drew / mcdruid in WordPress Plugin Aitasi Coming Soon versions = 2.0.2...

WordPress Shk Corporate Theme <= 2.4.1.1 is vulnerable to Broken Access Control

Software Shk Corporate Type Theme Vulnerable versions = 2.4.1.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2025-58824 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 45c7c66747ba Credits Martino Spagnuolo r3verii Requir...

WordPress Quick Paypal Payments Plugin <= 5.7.46 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Quick Paypal Payments versions = 5.7.46...

WordPress atec Debug plugin <= 1.2.22 - Authenticated (Administrator+) Remote Code Execution vulnerability

Authenticated Administrator+ Remote Code Execution vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin atec Debug versions = 1.2.22...

WordPress Dadevarzan WordPress Common Plugin <= 2.2.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Dadevarzan WordPress Common versions = 2.2.2...

WordPress Exchange Rates Plugin <= 1.2.5 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Exchange Rates versions = 1.2.5...

WordPress Pie Calendar Plugin <= 1.2.8 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by zaim in WordPress Plugin Pie Calendar versions = 1.2.8...

WordPress Classified Listing Plugin <= 5.0.6 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Denver Jackson in WordPress Plugin Classified Listing versions = 5.0.6...

CVE-2025-7039

A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to...

SUSE-SU-2025:20648-1 Security update for kernel-livepatch-MICRO-6-0-RT_Update_3

This update for kernel-livepatch-MICRO-6-0-RTUpdate3 fixes the following issues: - CVE-2025-38079: crypto: algifhash - fix double free in hashaccept bsc1245218 - CVE-2025-38083: netsched: prio: fix a race in priotune bsc1245350 - CVE-2025-38494: HID: core: do not bypass hidhwrawrequest bsc1247350...

SUSE-SU-2025:20681-1 Security update for kernel-livepatch-MICRO-6-0_Update_2

This update for kernel-livepatch-MICRO-6-0Update2 fixes the following issues: - CVE-2025-38079: crypto: algifhash - fix double free in hashaccept bsc1245218 - CVE-2025-38083: netsched: prio: fix a race in priotune bsc1245350 - CVE-2025-38494: HID: core: do not bypass hidhwrawrequest bsc1247350 -...