WordPress FastX theme <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Installation and Activation vulnerability

Missing Authorization to Authenticated Subscriber+ Limited Plugin Installation and Activation vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Theme FastX versions = 1.0.2...

WordPress Account Switcher plugin <= 1.0.2 - Authenticated (Subscriber+) Authentication Bypass to Privilege Escalation vulnerability

Authenticated Subscriber+ Authentication Bypass to Privilege Escalation vulnerability discovered by Ren Voza in WordPress Plugin Account Switcher versions = 1.0.2...

WordPress WP Statistics plugin <= 14.16.4 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure and Privacy Audit Manipulation vulnerability

Missing Authorization to Authenticated Subscriber+ Sensitive Information Exposure and Privacy Audit Manipulation vulnerability discovered by Jack Pas Dark. - Black Lantern Security in WordPress Plugin WP Statistics versions = 14.16.4...

WordPress Advanced Ads - Ad Manager & AdSense plugin <= 2.0.14 - Missing Authorization to Authenticated (Subscriber+) Ad Placements Update vulnerability

WordPress Advanced Ads - Ad Manager & AdSense plugin = 2.0.14 - Missing Authorization to Authenticated Subscriber+ Ad Placements Update vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin Advanced Ads versions = 2.0.14...

WordPress PDF Invoices & Packing Slips for WooCommerce plugin <= 5.6.0 - Missing Authorization to Authenticated (Subscriber+) Peppol Identifier Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Peppol Identifier Modification vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin WooCommerce PDF Invoices & Packing Slips versions = 5.6.0...

WordPress BuddyBoss Platform plugin < 2.6.0 - Subscriber+ Comment on Private Post via IDOR vulnerability

Subscriber+ Comment on Private Post via IDOR vulnerability discovered by Faris Krivic in WordPress Plugin Buddyboss Platform versions 2.6.0...

WordPress Blog2Social plugin <= 8.7.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Trashing vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Post Trashing vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Blog2Social versions = 8.7.0...

EUVD-2021-11468

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2025-58160

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber wa...

AZL-73223 CVE-2025-58160 affecting package rust 1.90.0-3

tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into...

WordPress wProject theme < 5.8.0 - Subscriber+ Privilege Escalation vulnerability

Subscriber+ Privilege Escalation vulnerability discovered by Dave Jong Patchstack in WordPress Theme wProject versions 5.8.0...

WordPress Search Filter Pro plugin <= 2.5.19 - Missing Authorization to Authenticated (Subscriber+) Post Meta Exposure vulnerability

Missing Authorization to Authenticated Subscriber+ Post Meta Exposure vulnerability discovered by Tom Broucke in WordPress Plugin Search Filter Pro versions = 2.5.19...

WordPress Infility Global plugin <= 2.9.8 - Authenticated (Subscriber+) Missing Authorization to Plugin Options Update vulnerability

Authenticated Subscriber+ Missing Authorization to Plugin Options Update vulnerability discovered by Francesco Carlucci in WordPress Plugin Infility Global versions = 2.9.8...

WordPress Timetics plugin <= 1.0.27 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary User Deletion vulnerability discovered by Thanh Nam Tran in WordPress Plugin Timetics versions = 1.0.27...

CVE-2024-37439 WordPress Uncanny Toolkit Pro for LearnDash plugin < 4.1.4.1 - Subscriber+ Arbitrary Post/Page Duplication vulnerability

Missing Authorization vulnerability in Uncanny Owl Uncanny Toolkit Pro for LearnDash allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Toolkit Pro for LearnDash: from n/a through 4.1.4.0...

WordPress QA Analytics plugin <= 4.1.1.1 - Missing Authorization to Authenticated (Subscriber+) Settings Update vulnerability

Missing Authorization to Authenticated Subscriber+ Settings Update vulnerability discovered by Peter Thaleikis in WordPress Plugin QA Analytics versions = 4.1.1.1...

WordPress Frontend Post Submission Manager Lite plugin <= 1.2.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update vulnerability

Missing Authorization to Authenticated Subscriber+ Settings Update vulnerability discovered by Lucio Sá in WordPress Plugin Frontend Post Submission Manager Lite versions = 1.2.2...

WordPress MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin <= 5.7.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary File Deletion vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin MP3 Audio Player for Music, Radio & Podcast by Sonaar versions = 5.7.0.1...

WordPress BookingPress plugin <= 1.1.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update and Arbitrary File Upload vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Options Update and Arbitrary File Upload vulnerability discovered by shaman0x01 in WordPress Plugin BookingPress versions = 1.1.5...

WordPress Simple Photoswipe plugin <= 0.1 - Subscriber+ Arbitrary Settings Update vulnerability

Subscriber+ Arbitrary Settings Update vulnerability discovered by Felipe Caon in WordPress Plugin Simple Photoswipe versions = 0.1...