CVE-2025-69412

KDE messagelib vulnerable before version 25.11.90 due to ignoring SSL errors for threatMatches:find in the Google Safe Browsing Lookup API, potentially allowing spoofed threat data. The issue is mitigated by updating to KDE messagelib 25.11.90 or applying the vendor security patch described in th...

CVE-2023-7332

PocketMine-MP (server software for Minecraft: Bedrock) is affected in versions prior to 4.18.1 by an improper input validation flaw in inventory transaction handling. The root cause is inadequate validation in the handling of dropped items during an inventory transaction, which allows a remote at...

CVE-2025-53235

The CVE-2025-53235 entry concerns the WordPress Easy Social plugin (osuthorpe Easy Social) versions up to 1.3. The vulnerability is a Reflected Cross-Site Scripting (XSS) flaw caused by improper input neutralization during web page generation. Impact is reflected in the ability for an attacker to...

CVE-2025-52739

CVE-2025-52739 affects WordPress Sala theme versions up to 1.1.3. The root cause is improper neutralization of input during web page generation, enabling Reflected XSS. Impact described in multiple feeds: reflected XSS affecting Sala from n/a through 1.1.3 with published CVSS 3.1 vector (AV:N/AC:...

CVE-2025-50053

CVE-2025-50053 affects the WordPress Blappsta Mobile App Plugin and related native mobile apps (iPhone/Android) up to version 0.8.8.8. The issue is a Reflected Cross-Site Scripting (XSS) flaw caused by improper input neutralization during web page generation, enabling injected scripts in pages vi...

CVE-2025-47566

CVE-2025-47566 refers to a Cross‑Site Scripting vulnerability in the ZoomSounds WordPress plugin. The description and connected docs confirm it is a Reflected XSS caused by improper neutralization of input during web page generation, affecting ZoomSounds:

CVE-2025-31054

CVE-2025-31054 describes a vulnerability in the WordPress theme Bloggie (Themefy) up to version 2.0.8. The connected sources indicate a Cross‑Site Request Forgery (CSRF) issue that enables a Reflected XSS in Bloggie, affecting versions from n/a through 2.0.8. The CVE is discussed by multiple feed...

CVE-2025-30628

CVE-2025-30628 affects the AA-Team Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer). The issue is an SQL Injection caused by improper neutralization of special elements in SQL commands, affecting plugin versions up to and including 1.2. The CVSS v3.1 base score is 8.5 ...

CVE-2025-28973

Summary of CVE-2025-28973: The vulnerability is a Path Traversal flaw in the WordPress plugin “AA-Team Pro Bulk Watermark Plugin for WordPress” (also referred to as Pro Bulk Watermark Plugin for WordPress) affecting versions up to 2.0. The root cause is insufficient sanitization of user-supplied ...

CVE-2025-28949

CVE-2025-28949 for Mediabay - WordPress Media Library Folders: an Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) vulnerability allowing Blind SQL Injection in Mediabay = 1.5 or patch-level fixes) and confirm the affected software is the Mediabay plugin for Word...

CVE-2025-23757

CVE-2025-23757 corresponds to a Reflected Cross-Site Scripting (XSS) vulnerability in the WordPress plugin ZD Scribd iPaper (versions up to 1.0). The issue arises from improper input neutralization during web page generation, enabling reflected XSS that can affect ZD Scribd iPaper pages. The CVE ...

CVE-2025-23719

CVE-2025-23719 concerns the WordPress ZhinaTwitterWidget plugin (versions up to 1.0) and is described as an Improper Neutralization of Input During Web Page Generation leading to a Reflected Cross-Site Scripting (XSS) vulnerability. The issue affects ZhinaTwitterWidget from n/a through 1.0, per t...

CVE-2025-23707

CVE-2025-23707 is a reflected Cross‑Site Scripting (XSS) vulnerability in the WordPress plugin En Masse . Public details show the flaw affects the plugin version range “from n/a through 1.0” and stem from improper input neutralization during web page generation. Multiple sources (NVD, Red Hat CVE...

CVE-2025-23705

CVE-2025-23705 is a Reflected XSS in the WordPress plugin Zielke Design Project Gallery (versions up to 2.5.0) caused by improper input neutralization during web page generation. Affected component: Zielke Design Project Gallery plugin for WordPress. Impact per sources: Reflected XSS could affect...

CVE-2025-23667

CVE-2025-23667 concerns WordPress plugin custom-post-edit (

CVE-2025-66144

CVE-2025-66144 describes a Missing Authorization vulnerability in Merkulove Worker for Elementor affecting Worker for Elementor up to version 1.0.10 due to misconfigured access control. CVSS 3.1 base score 5.4 (Medium); attack vector NETWORK, complexity LOW, privileges Required LOW, no user inter...

CVE-2025-66145

Technical details about CVE-2025-66145 are not provided in the supplied documents. No information on affected versions, root cause, impact, or fixes is present here. Monitor for updates.

CVE-2025-66146

Technical details for CVE-2025-66146 are not publicly provided in the supplied documents; monitor for updates.

CVE-2025-66148

Technical details for CVE-2025-66148 are not disclosed in the provided connected documents. The supplied materials do not specify affected versions, root cause, impact, or remediation. Monitor official CVE entries for updates and published fixes.

CVE-2021-47743

The CVE-2021-47743 entry concerns COMMAX Biometric Access Control System 1.0.0 with an unauthenticated reflected XSS in cookie parameters CMX_ADMIN_NM and CMX_COMPLEX_NM. The vulnerability allows injection of HTML/JavaScript to run in a victim’s browser session. Documents do not specify affected ...