WordPress Perfect Brands for WooCommerce plugin <= 3.6.2 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Perfect Brands for WooCommerce versions = 3.6.2...

WordPress Easy Elementor Addons Plugin <= 2.2.8 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by LVT-tholv2k in WordPress Plugin Easy Elementor Addons versions = 2.2.8...

WordPress Ibtana Plugin <= 1.2.5.3 - Arbitrary Content Deletion Vulnerability

Arbitrary Content Deletion Vulnerability discovered by Denver Jackson in WordPress Plugin Ibtana versions = 1.2.5.3...

WordPress Penci Filter Everything Plugin < 1.7 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Penci Filter Everything versions 1.7...

WordPress Make Column Clickable Elementor Plugin <= 1.6.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Ritsuy in WordPress Plugin Make Column Clickable Elementor versions = 1.6.0...

SUSE CVE-2023-53369

In the Linux kernel, the following vulnerability has been resolved: net: dcb: choose correct policy to parse DCBATTRBCN The dcbnlbcnsetcfg uses erroneous policy to parse tbDCBATTRBCN, which is introduced in commit 859ee3c43812 "DCB: Add support for DCB BCN". Please see the comment in below code...

WordPress WP Hotel Booking plugin < 2.2.3 - Subscriber+ Rating Manipulation vulnerability

Subscriber+ Rating Manipulation vulnerability discovered by Muhammed Çelik in WordPress Plugin WP Hotel Booking versions 2.2.3...

SUSE CVE-2023-53169

In the Linux kernel, the following vulnerability has been resolved: x86/resctrl: Clear stagedconfig before and after it is used As a temporary storage, stagedconfig in rdtdomain should be cleared before and after it is used. The stale value in stagedconfig could cause an MSR access error. Here is...

WordPress The Events Calendar plugin <= 6.15.1 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by mikemyers in WordPress Plugin The Events Calendar versions = 6.15.1...

WordPress User Meta – User Profile Builder and User management plugin plugin <= 3.1.2 - Authenticated (Subscriber+) Arbitrary File Deletion vulnerability

Authenticated Subscriber+ Arbitrary File Deletion vulnerability discovered by Kishan Vyas in WordPress Plugin User Meta versions = 3.1.2...

WordPress Plugin updates blocker plugin <= 0.2 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Nabil Irawan in WordPress Plugin Plugin updates blocker versions = 0.2...

Linux Distros Unpatched Vulnerability : CVE-2016-2497

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - services/core/java/com/android/server/pm/PackageManagerService.java in the framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, a...

WordPress Responsive Filterable Portfolio plugin <= 1.0.24 - Authenticated (Admin+) Arbitrary File Upload vulnerability

Authenticated Admin+ Arbitrary File Upload vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Responsive Filterable Portfolio versions = 1.0.24...

WordPress Tutor LMS Plugin <= 3.7.4 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by YCInfosec in WordPress Plugin Tutor LMS versions = 3.7.4...

CVE-2025-47416 ConsoleFindCommandMatchList

A vulnerability exists in the ConsoleFindCommandMatchList function in libsymproc. so imported by ctpd that may lead to unauthorized execution of an attacker-defined file that gets prioritized by the ConsoleFindCommandMatchList. A third-party researcher discovered that the...

WordPress Categorify plugin <= 1.0.7.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Categorify versions = 1.0.7.5...

WordPress AI ANN Theme <= 1.1.0 is vulnerable to Local File Inclusion

Software AI ANN Type Theme Vulnerable versions = 1.1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID db0cdc544b6f Credits Bonds Required privilege Unauthenticated Published 8...

WordPress Doccure Theme <= 1.4.8 is vulnerable to Arbitrary File Upload

Software Doccure Type Theme Vulnerable versions = 1.4.8 Fixed in N/A OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2025-9113 Patch priority High CVSS severity High 10 Developer Claim ownership PSID a390d4c607ad Credits István Márton Required privilege Unauthenticated...

WordPress Gutentype Theme <= 2.1.11 is vulnerable to Local File Inclusion

Software Gutentype Type Theme Vulnerable versions = 2.1.11 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 42f4a10f514e Credits Bonds Required privilege Unauthenticated Publish...

WordPress Camelia Theme <= 1.2.13 is vulnerable to Local File Inclusion

Software Camelia Type Theme Vulnerable versions = 1.2.13 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 861b50981f0a Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...