WordPress Skyword API Plugin plugin <= 2.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by theviper17y in WordPress Plugin Skyword API Plugin versions = 2.5.2...

PT-2025-39126

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory allocation issue was identified within the EDMA driver in the Linux kernel. The queue priority map was allocated with an insufficient memory size during the edma setup from hw...

WordPress Indutri Theme < 1.3.0 is vulnerable to Local File Inclusion

Software Indutri Type Theme Vulnerable versions 1.3.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-58214 Patch priority High CVSS severity High 8.1 Developer DDM PSID 682e3e6619f4 Credits Bonds Required privilege Unauthenticated Published 30 August, 202...

WordPress Booster for WooCommerce plugin <= 7.2.4 - Unauthenticated Double Extension Arbitrary File Upload vulnerability

Unauthenticated Double Extension Arbitrary File Upload vulnerability discovered by luckybuddy in WordPress Plugin Booster for WooCommerce versions = 7.2.4...

Security update for kernel-livepatch-MICRO-6-0_Update_7

This update for kernel-livepatch-MICRO-6-0Update7 fixes the following issues: CVE-2025-38079: crypto: algifhash - fix double free in hashaccept bsc1245218 CVE-2025-38083: netsched: prio: fix a race in priotune bsc1245350 CVE-2025-38494: HID: core: do not bypass hidhwrawrequest bsc1247350...

SUSE-SU-2025:20678-1 Security update for kernel-livepatch-MICRO-6-0_Update_5

This update for kernel-livepatch-MICRO-6-0Update5 fixes the following issues: - CVE-2025-38079: crypto: algifhash - fix double free in hashaccept bsc1245218 - CVE-2025-38083: netsched: prio: fix a race in priotune bsc1245350 - CVE-2025-38494: HID: core: do not bypass hidhwrawrequest bsc1247350 -...

SUSE-SU-2025:20643-1 Security update for kernel-livepatch-MICRO-6-0_Update_7

This update for kernel-livepatch-MICRO-6-0Update7 fixes the following issues: - CVE-2025-38079: crypto: algifhash - fix double free in hashaccept bsc1245218 - CVE-2025-38083: netsched: prio: fix a race in priotune bsc1245350 - CVE-2025-38494: HID: core: do not bypass hidhwrawrequest bsc1247350 -...

SUSE-SU-2025:20687-1 Security update for kernel-livepatch-MICRO-6-0-RT_Update_6

This update for kernel-livepatch-MICRO-6-0-RTUpdate6 fixes the following issues: - CVE-2025-38079: crypto: algifhash - fix double free in hashaccept bsc1245218 - CVE-2025-38083: netsched: prio: fix a race in priotune bsc1245350 - CVE-2025-38494: HID: core: do not bypass hidhwrawrequest bsc1247350...

SUSE-SU-2025:20635-1 Security update for kernel-livepatch-MICRO-6-0-RT_Update_5

This update for kernel-livepatch-MICRO-6-0-RTUpdate5 fixes the following issues: - CVE-2025-38079: crypto: algifhash - fix double free in hashaccept bsc1245218 - CVE-2025-38083: netsched: prio: fix a race in priotune bsc1245350 - CVE-2025-38494: HID: core: do not bypass hidhwrawrequest bsc1247350...

WordPress WpEvently Plugin <= 4.4.8 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin WpEvently versions = 4.4.8...

WordPress Otter - Gutenberg Block Plugin <= 3.1.0 - Sensitive Data Exposure Vulnerability

WordPress Otter - Gutenberg Block Plugin = 3.1.0 - Sensitive Data Exposure Vulnerability discovered by Abu Hurayra in WordPress Plugin Otter - Gutenberg Block versions = 3.1.0...

WordPress Nest Addons Plugin <= 1.6.3 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Bonds in WordPress Plugin Nest Addons versions = 1.6.3...

WordPress Pin WP Theme < 7.2 is vulnerable to Arbitrary File Upload

Software Pin WP Type Theme Vulnerable versions 7.2 Fixed in 7.2 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2025-53251 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 85f8a3209836 Credits Bonds Required privilege Subscriber Published 27 August...

WordPress All-in-One WP Migration and Backup plugin <= 7.97 - Authenticated (Administrator+) Stored Cross-Site Scripting via Import vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Import vulnerability discovered by Jack Pas Dark. in WordPress Plugin All-in-One WP Migration versions = 7.97...

WordPress Drag and Drop File Upload for Elementor Forms Plugin <= 1.5.3 - Arbitrary File Upload Vulnerability

Arbitrary File Upload Vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Drag and Drop File Upload for Elementor Forms versions = 1.5.3...

WordPress Zephyr Project Manager Plugin <= 3.3.201 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Denver Jackson in WordPress Plugin Zephyr Project Manager versions = 3.3.201...

WordPress Golo Theme <= 1.7.1 is vulnerable to Cross Site Scripting (XSS)

Software Golo Type Theme Vulnerable versions = 1.7.1 Fixed in 1.7.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-54724 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 9a5f34e954ab Credits Bonds Required privilege Unauthenticated...

WordPress Tourfic plugin <= 2.14.5 - Missing Authorization in Multiple Functions vulnerability

Missing Authorization in Multiple Functions vulnerability discovered by WordFence in WordPress Plugin Tourfic versions = 2.14.5...

WordPress Goal Tracker for Patreon plugin <= 0.4.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Vinit Lakra Patchstack Alliance in WordPress Plugin Goal Tracker for Patreon versions = 0.4.6...

WordPress Invisible Optin plugin <= 1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross Site Request Forgery CSRF to Stored XSS vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin Invisible Optin versions = 1.0...