WordPress Connector to CiviCRM with CiviMcRestFace plugin <= 1.0.8 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Connector to CiviCRM with CiviMcRestFace versions = 1.0.8...

WordPress WP Table Builder plugin <= 2.0.5 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Plugin WP Table Builder versions = 2.0.5...

WordPress Eazy Plugin Manager plugin <= 4.3.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Aiden in WordPress Plugin Eazy Plugin Manager versions = 4.3.0...

WordPress EventON plugin <= 2.4 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Dimas Maulana in WordPress Plugin EventON versions = 2.4...

WordPress WooCommerce Pickupp plugin <= 2.4.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by LVT-tholv2k in WordPress Plugin WooCommerce Pickupp versions = 2.4.3...

WordPress Motors plugin <= 1.4.71 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by LVT-tholv2k in WordPress Plugin Motors versions = 1.4.71...

WordPress Review Stars Count For WooCommerce plugin <= 2.0 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Aiden Thái An in WordPress Plugin Review Stars Count For WooCommerce versions = 2.0...

WordPress Database Toolset Plugin <= 1.8.4 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by LVT-tholv2k in WordPress Plugin Database Toolset versions = 1.8.4...

WordPress Accordion plugin <= 2.3.11 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by LVT-tholv2k in WordPress Plugin Accordion versions = 2.3.11...

Fixed in Apache Tomcat 11.0.6

Low: Rewrite rule bypass CVE-2025-31651 For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, those constraints could be bypassed. This was fixed with...

WordPress Vayu Blocks plugin 1.0.4-1.2.1 - Missing Authorization to Unauthenticated Limited Arbitrary Options Update vulnerability

Missing Authorization to Unauthenticated Limited Arbitrary Options Update vulnerability discovered by kr0d in WordPress Plugin Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce versions 1.0.4-1.2.1...

WordPress Insert or Embed Articulate Content into WordPress plugin <= 4.3000000025 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Phan Trong Quan - VNPT Cyber Immunity in WordPress Plugin Insert or Embed Articulate Content into WordPress versions = 4.3000000025...

PT-2025-18102

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 8.5.90 through 8.5.100 Apache Tomcat versions 9.0.76 through 9.0.102 Apache Tomcat versions 10.1.10 through 10.1.39 Apache Tomcat versions 11.0.0-M2 through 11.0.5 Description Improper input validation in Apache Tomcat...

WordPress Motors plugin <= 1.4.64 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Plugin Installation vulnerability discovered by mikemyers in WordPress Plugin Motors versions = 1.4.64...

WordPress coreActivity: Activity Logging for WordPress plugin <= 2.7 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by Yassine NEGGAOUI in WordPress Plugin coreActivity: Activity Logging plugin for WordPress versions = 2.7...

tomcat: Apache Tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame

A flaw was found in Apache Tomcat. This vulnerability allows an application-level denial of service DoS, causing it to become unresponsive or slow via maliciously crafted HTTP/2 prioritization headers. It performs an incomplete cleanup of failed requests, which triggers a memory leak...

tomcat: Apache Tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame

A flaw was found in Apache Tomcat. This vulnerability allows an application-level denial of service DoS, causing it to become unresponsive or slow via maliciously crafted HTTP/2 prioritization headers. It performs an incomplete cleanup of failed requests, which triggers a memory leak...

WordPress Popping Content Light plugin <= 2.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin Popping Content Light versions = 2.4...

WordPress Tutor LMS plugin <= 3.4.0 - HTML Injection vulnerability

HTML Injection vulnerability discovered by Revan Arifio in WordPress Plugin Tutor LMS versions = 3.4.0...

WordPress Broadstreet plugin <= 1.52.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Mika in WordPress Plugin Broadstreet Ads versions = 1.52.1...