WordPress List Attachments Shortcode plugin <= 0.4.1a - Authenticated (Author+) Stored Cross-Site Scripting via list-attachments Shortcode vulnerability

Authenticated Author+ Stored Cross-Site Scripting via list-attachments Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin List Attachments Shortcode versions = 0.4.1a...

"Getting to Yes": An Anti-Sales Guide for MSPs

Most MSPs and MSSPs know how to deliver effective security. The challenge is helping prospects understand why it matters in business terms. Too often, sales conversations stall because prospects are overwhelmed, skeptical, or tired of fear-based messaging. That's why we created "Getting to Yes": ...

WordPress Envo Extra plugin <= 1.9.11 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Abu Hurayra in WordPress Plugin Envo Extra versions = 1.9.11...

WordPress WP-SOS-Donate Donation Sidebar Plugin plugin <= 0.9.2 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability

Reflected Cross-Site Scripting via $SERVER'PHPSELF' vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin WP-SOS-Donate versions = 0.9.2...

WordPress My auctions allegro plugin <= 3.6.32 - Unauthenticated Local File Inclusion via controller vulnerability

Unauthenticated Local File Inclusion via controller vulnerability discovered by type5afe in WordPress Plugin My auctions allegro versions = 3.6.32...

WordPress User Verification plugin <= 2.0.44 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by luckybuddy in WordPress Plugin User Verification versions = 2.0.44...

WordPress Weekly Planner plugin <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Ivan Cese in WordPress Plugin Weekly Planner versions = 1.0...

WordPress Voidek Employee Portal plugin <= 1.0.6 - Missing Authorization vulnerability

Missing Authorization vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Voidek Employee Portal versions = 1.0.6...

WordPress FitVids for WordPress plugin <= 4.0.1 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin FitVids for WordPress versions = 4.0.1...

WordPress WebP Express plugin <= 0.25.9 - Unauthenticated Information Exposure vulnerability

Unauthenticated Information Exposure vulnerability discovered by Rafshanzani Suhada in WordPress Plugin WebP Express versions = 0.25.9...

WordPress Autoptimize plugin <= 3.1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Autoptimize versions = 3.1.13...

WordPress Upload.am plugin < 1.0.1 - Contributor+ Arbitrary Option Disclosure vulnerability

Contributor+ Arbitrary Option Disclosure vulnerability discovered by Beatriz Fresno Naumova beafn28 in WordPress Plugin Upload.am versions 1.0.1...

WordPress Studiocart plugin <= 2.9.0 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin WordPress eCommerce Plugin – Studiocart versions = 2.9.0...

WordPress Backup Migration plugin <= 1.4.9 - Information Exposure to Unauthenticated Back-up Download vulnerability

Information Exposure to Unauthenticated Back-up Download vulnerability discovered by ymmfty0 in WordPress Plugin Backup Migration versions = 1.4.9...

WordPress BlockArt Blocks plugin <= 2.2.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via `timestamp` Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via timestamp Attribute vulnerability discovered by Farhan Dio Arrafiq in WordPress Plugin BlockArt Blocks versions = 2.2.13...

WordPress Arconix Shortcodes plugin <= 2.1.19 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Rooting in WordPress Plugin Arconix Shortcodes versions = 2.1.19...

WordPress FluentCommunity plugin <= 2.0.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin FluentCommunity versions = 2.0.0...

WordPress Gutenverse plugin <= 3.2.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Denver Jackson in WordPress Plugin Gutenverse versions = 3.2.1...

TencentOS Server 4: kernel (TSSA-2025:0437)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0437 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

WordPress Appointment Booking Calendar plugin <= 1.3.95 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Appointment Booking Calendar versions = 1.3.95...