WordPress COVID-19 (Coronavirus) Update Your Customers plugin <= 1.5.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nguyen Ngoc Quang Bach maysbachs in WordPress Plugin COVID-19 Coronavirus Update Your Customers versions = 1.5.1...

WordPress Able Player plugin <= 1.2.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by johska in WordPress Plugin Able Player versions = 1.2.1...

WordPress WP Custom Post Popup plugin <= 1.0.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by johska in WordPress Plugin WP Custom Post Popup versions = 1.0.1...

WordPress WoWHead Tooltips plugin <= 2.0.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by johska in WordPress Plugin WoWHead Tooltips versions = 2.0.1...

WordPress Image Style Hover plugin <= 1.0.6 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by johska in WordPress Plugin Image Style Hover versions = 1.0.6...

WordPress Lottie Player plugin <= 1.1.8 - Authenticated (Author+) Stored Cross-Site Scripting via File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via File Upload vulnerability discovered by Avraham Shemesh in WordPress Plugin Lottie Player block - Implement Lottie animations. versions = 1.1.8...

WordPress UiCore Elements plugin <= 1.0.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Multiple Widgets vulnerability discovered by Webbernaut in WordPress Plugin UiCore Elements versions = 1.0.16...

WordPress Control Listings plugin <= 1.0.4.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Aiden Thái An in WordPress Plugin Control Listings versions = 1.0.4.1...

WordPress GutenKit plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Khalid Yusuf in WordPress Plugin GutenKit versions = 2.2.2...

WordPress Theme Switcha plugin <= 3.4 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Theme Switcha versions = 3.4...

WordPress Event post plugin <= 5.9.11 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by astra.r3verii in WordPress Plugin Event post versions = 5.9.11...

WordPress MPL-Publisher plugin <= 2.18.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin MPL-Publisher versions = 2.18.0...

WordPress User Registration plugin < 4.2.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Psai in WordPress Plugin User Registration versions 4.2.0...

WordPress wProject Theme < 5.8.0 is vulnerable to Privilege Escalation

Software wProject Type Theme Vulnerable versions 5.8.0 Fixed in 5.8.0 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2025-39366 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID dc57f98abe0c Credits Dave Jong Patchstack Required privileg...

WordPress Altair Theme <= 5.2.2 is vulnerable to PHP Object Injection

Software Altair Type Theme Vulnerable versions = 5.2.2 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-32928 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 644e001022df Credits Bonds Required privilege Unauthenticated Published 2...

SUSE CVE-2025-38104

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV RLCG Register Access is a way for virtual functions to safely access GPU registers in a virtualized environment., including TLB...

CVE-2025-38104

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV RLCG Register Access is a way for virtual functions to safely access GPU registers in a virtualized environment., including TLB...

DEBIAN-CVE-2025-38104

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV RLCG Register Access is a way for virtual functions to safely access GPU registers in a virtualized environment., including TLB...

CVE-2025-38104

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV RLCG Register Access is a way for virtual functions to safely access GPU registers in a virtualized environment., including TLB...

UBUNTU-CVE-2025-38104

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV RLCG Register Access is a way for virtual functions to safely access GPU registers in a virtualized environment., including TLB...