PT-2025-47275

Name of the Vulnerable Software and Affected Versions Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links plugin for WordPress versions through 1.2.5 Description The plugin is susceptible to unauthorized post modification because of insufficient authorization checks. Th...

CVE-2025-12847 All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic <= 4.8.9 - Missing Authorization to Authenticated (Contributor+) Arbitrary Media Deletion

The All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic plugin for WordPress is vulnerable to unauthorized arbitrary media attachment deletion due to a missing authorization check in all versions up to, and including, 4.8.9. This is due to the REST API endpoint...

PT-2025-47041

Name of the Vulnerable Software and Affected Versions All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic versions prior to 4.8.10 Description The All in One SEO plugin for WordPress has a flaw that allows unauthorized deletion of media attachments. The issue stems from ...

Vulnerabilities fixed in Cisco Catalyst Center

Cisco has fixed vulnerabilities in Cisco Catalyst Center. This vulnerability with reference CVE-2025-20341, arises from insufficient validation of user input. A malicious party could exploit this, by sending a specially crafted HTTP request, enabling unauthorized system changes, such as creating...

EUVD-2025-175336

A vulnerability in the REST API of Cisco Catalyst Center could allow an authenticated, remote attacker to execute arbitrary commands in a restricted container as the root user. This vulnerability is due to insufficient validation of user-supplied input in REST API request parameters. An attacker...

CVE-2025-20349 Cisco DNA Center API Command Injection Vulnerability

A vulnerability in the REST API of Cisco Catalyst Center could allow an authenticated, remote attacker to execute arbitrary commands in a restricted container as the root user. This vulnerability is due to insufficient validation of user-supplied input in REST API request parameters. An attacker...

CVE-2025-20349 Cisco DNA Center API Command Injection Vulnerability

A vulnerability in the REST API of Cisco Catalyst Center could allow an authenticated, remote attacker to execute arbitrary commands in a restricted container as the root user. This vulnerability is due to insufficient validation of user-supplied input in REST API request parameters. An attacker...

EUVD-2025-150405

The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to privilege escalation. This is due to the plugin not properly validating a user's identity prior to allowing them to modify their own role via the REST API. The permission check in the...

CVE-2025-11923

CVE-2025-11923 (LifterLMS) — Summary for the WordPress plugin vulnerability Affected product: LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes (WordPress plugin). Root cause: Privilege escalation due to insufficient identity validation before allowing role modification via the REST API...

CVE-2025-12633 Booking Calendar | Appointment Booking | Bookit <= 2.5.0 - Missing Authorization to Unauthenticated Stripe Connection

The Booking Calendar | Appointment Booking | Bookit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/wp-json/bookit/v1/commerce/stripe/return' REST API Endpoint in all versions up to, and including, 2.5.0. This makes it possible fo...

CVE-2025-11451

The Auto Amazon Links – Amazon Associates Affiliate Plugin plugin for WordPress is vulnerable to arbitrary files reads in all versions up to, and including, 5.4.3 via the '/wp-json/wp/v2/aalajaxunitloading' RST API endpoint. This makes it possible for unauthenticated attackers to read the content...

EUVD-2025-60977

The Shelf Planner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several REST API endpoints in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to modify several of the plugin's settings li...

CVE-2025-11894 Shelf Planner <= 2.7.0 - Missing Authorization to Unauthenticated Settings Update

The Shelf Planner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several REST API endpoints in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to modify several of the plugin's settings li...

CVE-2025-12468

The FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.4.1 via the '/wc-coupons/' REST API endpoint. This is due to the endpoint being marked as a...

WordPress plugin AI Engine 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. An information...

WordPress Folderly plugin unauthorized data modification vulnerability

WordPress Folderly plugin is WordPress plugin for virtual folder management that supports categorization and organization of documents, media files and posts. The WordPress Folderly plugin suffers from an unauthorized data modification vulnerability that stems from insufficient capability checkin...

PT-2025-45015

Name of the Vulnerable Software and Affected Versions Radiometrics VizAir affected versions not specified Description Radiometrics VizAir is susceptible to exposure of its REST API key through a publicly accessible configuration file. Successful exploitation allows attackers to remotely alter...

CVE-2025-12137

The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.14.16. This is due to the plugin's REST API endpoint accepting arbitrary absolute file paths without proper validation in the...

CVE-2025-12038 Folderly <= 0.3 - Incorrect Authorization to Authenticated (Author+) Term Deletion

The Folderly plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the /wp-json/folderly/v1/config/clear-all-data REST API endpoint in all versions up to, and including, 0.3. This makes it possible for authenticated attackers, with...

CVE-2025-12180 Qi Blocks <= 1.4.3 - Missing Authorization to Authenticated (Contributor+) Plugin Settings Update

The Qi Blocks plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.4.3. This is due to the plugin storing arbitrary CSS styles submitted via the qi-blocks/v1/update-styles REST API endpoint without proper sanitization in the updateglobalstylescallbac...