WordPress Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin <= 1.1.1 - Settings Change Vulnerability

Settings Change Vulnerability discovered by ch4r0n in WordPress Plugin Experto CTA Widget Call To Action, Sticky CTA, Floating Button Plugin versions = 1.1.1...

WordPress UiPress lite plugin <= 3.5.07 - Authenticated (Subscriber+) Remote Code Execution vulnerability

Authenticated Subscriber+ Remote Code Execution vulnerability discovered by WordFence in WordPress Plugin UiPress lite versions = 3.5.07...

WordPress WP Content Security Plugin plugin <= 2.3 - Unauthenticated Stored Cross-Site Scripting via CSP-Report Fields vulnerability

Unauthenticated Stored Cross-Site Scripting via CSP-Report Fields vulnerability discovered by Nguyễn Trung Kiên in WordPress Plugin WP Content Security Plugin versions = 2.3...

WordPress PeepSo Core: File Uploads plugin <= 6.4.6.0 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Exposure via file_download vulnerability

Insecure Direct Object Reference to Unauthenticated Sensitive Information Exposure via filedownload vulnerability discovered by Bikram Kharal in WordPress Plugin PeepSo Core: File Uploads versions = 6.4.6.0...

WordPress Bimber - Viral Magazine WordPress Theme Theme <= 9.2.5 is vulnerable to Local File Inclusion

Software Bimber - Viral Magazine WordPress Theme Type Theme Vulnerable versions = 9.2.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-47576 Patch priority Low CVSS severity Low 8.8 Developer EPC PSID 08c8e83478ea Credits Ananda Dhakal Patchstack Required...

WordPress Opal Woo Custom Product Variation plugin <= 1.2.0 - Arbitrary File Deletion Vulnerability

Arbitrary File Deletion Vulnerability discovered by timomangcut in WordPress Plugin Opal Woo Custom Product Variation versions = 1.2.0...

WordPress WPFunnels plugin <= 3.5.18 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by timomangcut in WordPress Plugin WPFunnels versions = 3.5.18...

WordPress Groundhogg plugin <= 4.1.1.2 - Authenticated (Administrator+) Arbitrary File Deletion vulnerability

Authenticated Administrator+ Arbitrary File Deletion vulnerability discovered by Phat Do in WordPress Plugin Groundhogg versions = 4.1.1.2...

OESA-2025-1484 tomcat security update

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Security Fixes: Improper Input Validation...

WordPress Drag and Drop Multiple File Upload for WooCommerce plugin <= 1.1.6 - Unauthenticated Arbitrary File Upload via upload Function vulnerability

Unauthenticated Arbitrary File Upload via upload Function vulnerability discovered by Milinxee in WordPress Plugin Drag and Drop Multiple File Upload for WooCommerce versions = 1.1.6...

WordPress 1 Click WordPress Migration Plugin plugin <= 2.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by Kate Kligman Sunsword in WordPress Plugin 1 Click WordPress Migration versions = 2.2...

CVE-2025-45790

TOTOLINK A3100R V5.9c.1527 is vulnerable to Buffer Overflow via the priority parameter in the setMacQos interface of /lib/cstemodules/firewall.so...

CVE-2025-45790

TOTOLINK A3100R V5.9c.1527 is vulnerable to Buffer Overflow via the priority parameter in the setMacQos interface of /lib/cstemodules/firewall.so...

tomcat: Apache Tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame

A flaw was found in Apache Tomcat. This vulnerability allows an application-level denial of service DoS, causing it to become unresponsive or slow via maliciously crafted HTTP/2 prioritization headers. It performs an incomplete cleanup of failed requests, which triggers a memory leak...

tomcat: Apache Tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame

A flaw was found in Apache Tomcat. This vulnerability allows an application-level denial of service DoS, causing it to become unresponsive or slow via maliciously crafted HTTP/2 prioritization headers. It performs an incomplete cleanup of failed requests, which triggers a memory leak...

CVE-2025-45790

TOTOLINK A3100R V5.9c.1527 is vulnerable to Buffer Overflow via the priority parameter in the setMacQos interface of /lib/cstemodules/firewall.so...

TOTOLINK A3100R 安全漏洞

TOTOLINK A3100R is a series of wireless routers from China's Gion Electronics TOTOLINK. The TOTOLINK A3100R suffers from a buffer overflow vulnerability that originates from the failure of the priority parameter of the setMacQos interface in /lib/cstemodules/firewall.so to correctly validate the...

CVE-2025-45790

TOTOLINK A3100R V5.9c.1527 is affected by a buffer overflow in the setMacQos interface of /lib/cste_modules/firewall.so, triggered by the priority parameter. Public sources describe the vulnerability as arising from a failure to validate the input data length in /lib/cste_modules/firewall.so. Som...

WordPress Meks Flexible Shortcodes plugin <= 1.3.6 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Meks Flexible Shortcodes versions = 1.3.6...

WordPress Calculate Prices based on Distance For WooCommerce plugin <= 1.3.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by ch4r0n in WordPress Plugin Calculate Prices based on Distance For WooCommerce versions = 1.3.5...