Vibe-Coded Malicious VS Code Extension Found with Built-In Ransomware Capabilities

Cybersecurity researchers have flagged a malicious Visual Studio Code VS Code extension with basic ransomware capabilities that appears to be created with the help of artificial intelligence – in other words, vibe-coded. Secure Annex researcher John Tuckner, who flagged the extension "susvsex,"...

EUVD-2025-38120

Incorrect Privilege Assignment vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Privilege Escalation.This issue affects Atarim: from n/a through = 4.2...

EUVD-2025-38127

Insertion of Sensitive Information Into Sent Data vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Retrieve Embedded Sensitive Data.This issue affects Atarim: from n/a through = 4.2...

CVE-2025-60195

Incorrect Privilege Assignment vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Privilege Escalation.This issue affects Atarim: from n/a through = 4.2.1...

CVE-2025-60187

Unrestricted Upload of File with Dangerous Type vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Using Malicious Files.This issue affects Atarim: from n/a through = 4.2.1...

CVE-2025-60188

Insertion of Sensitive Information Into Sent Data vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Retrieve Embedded Sensitive Data.This issue affects Atarim: from n/a through = 4.2.1...

CVE-2025-60195 WordPress Atarim plugin <= 4.2.1 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Privilege Escalation.This issue affects Atarim: from n/a through = 4.2.1...

CVE-2025-60188

CVE-2025-60188 affects the WordPress Atarim visual-collaboration plugin (Atarim &lt;= 4.2.x). The vulnerability is an insertion of sensitive information into sent data caused by improper handling of embedded sensitive data, enabling retrieval of embedded sensitive data remotely. Impact is informa...

CVE-2025-60188 WordPress Atarim plugin <= 4.2.1 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Retrieve Embedded Sensitive Data.This issue affects Atarim: from n/a through = 4.2.1...

CVE-2025-11987

The Visual Link Preview plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's visual-link-preview shortcode in versions up to, and including, 2.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

PT-2025-45268

Incorrect Privilege Assignment vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Privilege Escalation.This issue affects Atarim: from n/a through = 4.2...

PT-2025-45261

Name of the Vulnerable Software and Affected Versions Atarim versions prior to 4.2.2 Description An issue exists in Vito Peleg Atarim that allows retrieval of embedded sensitive data due to insertion of sensitive information into sent data. Recommendations Update Atarim to version 4.2.2 or later...

MGASA-2025-0260 Updated mediawiki packages fix security vulnerabilities

i18n XSS vulnerability in HTMLMultiSelectField when sections are used. CVE-2025-3469 "reupload-own" restriction can be bypassed by reverting file. CVE-2025-32696 Cascading protection is not preventing file reversions. CVE-2025-32697 LogPager.php: Restriction enforcer functions do not correctly...

CVE-2025-11987

The Visual Link Preview plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's visual-link-preview shortcode in versions up to, and including, 2.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-11987 Visual Link Preview <= 2.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via visual-link-preview Shortcode

The Visual Link Preview plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's visual-link-preview shortcode in versions up to, and including, 2.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-11987 Visual Link Preview <= 2.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via visual-link-preview Shortcode

The Visual Link Preview plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's visual-link-preview shortcode in versions up to, and including, 2.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-11987

CVE-2025-11987 — Visual Link Preview (WordPress) is a stored cross-site scripting vulnerability in the Visual Link Preview plugin for WordPress, exploitable via the plugin’s visual-link-preview shortcode. Affected versions are up to and including 2.2.7, where insufficient input sanitization and o...

WordPress Visual Link Preview plugin <= 2.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via visual-link-preview Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via visual-link-preview Shortcode vulnerability discovered by Rafshanzani Suhada in WordPress Plugin Visual Link Preview versions = 2.2.7...

WordPress plugin Visual Link Preview 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

PT-2025-45098

Name of the Vulnerable Software and Affected Versions Visual Link Preview plugin for WordPress versions up to and including 2.2.7 Description The software is susceptible to Stored Cross-Site Scripting through the visual-link-preview shortcode. Insufficient input sanitization and output escaping o...