CVE-2025-10380

The CVE-2025-10380 entry describes a Server-Side Template Injection (SSTI) in the WordPress plugin Advanced Views – Display Posts, Custom Fields, and More (ACF-Views) affecting all versions up to and including 3.7.19. Root cause: insufficient input sanitization and lack of access control when pro...

CVE-2025-10380 Advanced Views – Display Posts, Custom Fields, and More <= 3.7.19 - Authenticated (Author+) Remote Code Execution via SSTI

The Advanced Views – Display Posts, Custom Fields, and More plugin for WordPress is vulnerable to Server-Side Template Injection in all versions up to, and including, 3.7.19. This is due to insufficient input sanitization and lack of access control when processing custom Twig templates in the Mod...

PT-2025-39110

Name of the Vulnerable Software and Affected Versions Advanced Views – Display Posts, Custom Fields, and More plugin for WordPress versions up to and including 3.7.19 Description The Advanced Views – Display Posts, Custom Fields, and More plugin for WordPress is susceptible to Server-Side Templat...

CVE-2023-34382

Deserialization of Untrusted Data vulnerability in weDevs Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy.This issue affects Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy: from n/a through 3.7.19...

Path traversal

A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This...