NPM: Mermaid Gantt Charts are vulnerable to an Infinite Loop DoS

NPM: Mermaid Gantt Charts are vulnerable to an Infinite Loop DoS vulnerability discovered by ? in WordPress Npm mermaid versions = 10.9.5...

NPM: Mermaid: Improper sanitization of `classDef` in state diagrams leads to HTML injection

NPM: Mermaid: Improper sanitization of classDef in state diagrams leads to HTML injection vulnerability discovered by ? in WordPress Npm mermaid versions = 10.9.5...

NPM: Mermaid: Improper sanitization of `classDefs` in diagrams leads to CSS injection

NPM: Mermaid: Improper sanitization of classDefs in diagrams leads to CSS injection vulnerability discovered by ? in WordPress Npm mermaid versions = 10.9.5...

WordPress WP SEO Structured Data Schema plugin <= 2.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP SEO Structured Data Schema versions = 2.8.1...

WordPress BJ Lazy Load plugin <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin BJ Lazy Load versions = 1.0.9...

WordPress Rate Star Review Vote – AJAX Reviews, Votes, Star Ratings plugin <= 1.6.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Post Modification vulnerability discovered by cpforensic in WordPress Plugin Rate Star Review versions = 1.6.4...

WordPress Next Date plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin Next Date versions = 1.0...

WordPress SP Blog Designer plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin SP Blog Designer versions = 1.0.0...

WordPress Woo Commerce Minimum Weight plugin <= 3.0.1 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Woo Commerce Minimum Weight versions = 3.0.1...

WordPress GWD Conex plugin <= 2.9 - Unauthenticated Limited Code Execution vulnerability

Unauthenticated Limited Code Execution vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin GWD Conex versions = 2.9...

WordPress Slek Gateway for WooCommerce plugin <= 1.0 - Unauthenticated Insufficiently Protected Credentials vulnerability

Unauthenticated Insufficiently Protected Credentials vulnerability discovered by KEVIN LEE crattack - OPCIA in WordPress Plugin Slek Gateway for WooCommerce versions = 1.0...

WordPress Zawgyi Embed plugin <= 2.1.1 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Zawgyi Embed versions = 2.1.1...

WordPress WP-Redirection plugin <= 1.0.3 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin WP-Redirection versions = 1.0.3...

WordPress Tm – WordPress Redirection plugin <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Tm – WordPress Redirection versions = 1.2...

WordPress Forms Rb plugin <= 1.1.9 - Missing Authorization to Authenticated (Contributor+) Arbitrary Modification vulnerability

Missing Authorization to Authenticated Contributor+ Arbitrary Modification vulnerability discovered by ? in WordPress Plugin Forms Rb versions = 1.1.9...

WordPress Shortcodely plugin <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by ? in WordPress Plugin Shortcodely versions = 1.0.1...

WordPress Skysa Text Ticker App plugin <= 1.4 - Cross-Site Request Forgery to Settings Modification vulnerability

Cross-Site Request Forgery to Settings Modification vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Skysa Text Ticker App versions = 1.4...

WordPress Voyage Plus plugin <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by MAJidox in WordPress Plugin Voyage Plus versions = 1.0.6...

WordPress HEL Online Classroom: AI-powered Online Classrooms plugin <= 1.0.3 - Missing Authorization to Unauthenticated Arbitrary Classroom Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary Classroom Deletion vulnerability discovered by Legion Hunter in WordPress Plugin HEL Online Classroom: AI-powered Online Classrooms versions = 1.0.3...

WordPress Coinbase Commerce for Contact Form 7 plugin <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) API Key Modification vulnerability

Missing Authorization to Authenticated Subscriber+ API Key Modification vulnerability discovered by Legion Hunter in WordPress Plugin Coinbase Commerce for Contact Form 7 versions = 1.1.2...

WordPress Fancy Image Show plugin <= 9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin Fancy Image Show versions = 9.1...

WordPress Smart Appointment & Booking plugin <= 1.0.8 - Missing Authorization to Unauthenticated Arbitrary Booking Cancellation vulnerability

Missing Authorization to Unauthenticated Arbitrary Booking Cancellation vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin Smart Appointment & Booking versions = 1.0.8...

WordPress Bootstrap Shortcode plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Bootstrap Shortcode versions = 1.0...

WordPress Advanced Social Media Icons plugin <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Advanced Social Media Icons versions = 1.2...

WordPress Credits Shortcode plugin <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by MAJidox in WordPress Plugin Credits Shortcode versions = 1.2...

WordPress scratchblocks for WP plugin <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by MAJidox in WordPress Plugin scratchblocks for WP versions = 1.0.1...

WordPress Quick Table plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by MAJidox in WordPress Plugin Quick Table versions = 1.0.0...

NPM: automagik-genie has a command injection vulnerability

NPM: automagik-genie has a command injection vulnerability discovered by ? in WordPress Npm automagik-genie versions 2.5.27...

NPM: Next.js has a Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up

Incomplete Fix Follow-Up vulnerability discovered by ? in WordPress Npm next versions = 15.2.0, 15.5.18...

NPM: Angular Expressions - Remote Code Execution using filters

Remote Code Execution using filters vulnerability discovered by ? in WordPress Npm angular-expressions versions = 1.5.1...

NPM: Budibase vulnerable to SSRF via trivial `.tar.gz` substring bypass in Plugin URL upload (`/api/plugin`)

NPM: Budibase vulnerable to SSRF via trivial .tar.gz substring bypass in Plugin URL upload /api/plugin vulnerability discovered by ? in WordPress Npm budibase versions = 3.34.11...

NPM: Next.js's Middleware / Proxy redirects can be cache-poisoned

NPM: Next.js's Middleware / Proxy redirects can be cache-poisoned vulnerability discovered by ? in WordPress Npm next versions = 12.2.0, 15.5.16...

NPM: Next.js vulnerable to cross-site scripting in App Router applications using CSP nonces

NPM: Next.js vulnerable to cross-site scripting in App Router applications using CSP nonces vulnerability discovered by ? in WordPress Npm next versions = 13.4.0, 15.5.16...

NPM: Next.js vulnerable to cache poisoning via collisions in React Server Component cache-busting

NPM: Next.js vulnerable to cache poisoning via collisions in React Server Component cache-busting vulnerability discovered by ? in WordPress Npm next versions = 13.4.6, 15.5.16...

NPM: Next.js has cross-site scripting in beforeInteractive scripts with untrusted input

NPM: Next.js has cross-site scripting in beforeInteractive scripts with untrusted input vulnerability discovered by ? in WordPress Npm next versions = 13.0.0, 15.5.16...

NPM: Next.js vulnerable to Denial of Service via connection exhaustion in applications using Cache Components

NPM: Next.js vulnerable to Denial of Service via connection exhaustion in applications using Cache Components vulnerability discovered by ? in WordPress Npm next versions = 15.0.0, 15.5.16...

NPM: Next.js has a Denial of Service in the Image Optimization API

NPM: Next.js has a Denial of Service in the Image Optimization API vulnerability discovered by ? in WordPress Npm next versions = 10.0.0, 15.5.16...

NPM: Next.js vulnerable to server-side request forgery in applications using WebSocket upgrades

NPM: Next.js vulnerable to server-side request forgery in applications using WebSocket upgrades vulnerability discovered by ? in WordPress Npm next versions = 13.4.13, 15.5.16...

NPM: Next.js vulnerable to cache poisoning in React Server Component responses

NPM: Next.js vulnerable to cache poisoning in React Server Component responses vulnerability discovered by ? in WordPress Npm next versions = 14.2.0, 15.5.16...

NPM: Next.js has a Middleware / Proxy bypass in App Router applications via segment-prefetch routes

NPM: Next.js has a Middleware / Proxy bypass in App Router applications via segment-prefetch routes vulnerability discovered by ? in WordPress Npm next versions = 15.2.0, 15.5.16...

NPM: Next.js has a Middleware / Proxy bypass through dynamic route parameter injection

NPM: Next.js has a Middleware / Proxy bypass through dynamic route parameter injection vulnerability discovered by ? in WordPress Npm next versions = 15.4.0, 15.5.16...

NPM: Next.js has a Middleware / Proxy bypass in Pages Router applications using i18n

NPM: Next.js has a Middleware / Proxy bypass in Pages Router applications using i18n vulnerability discovered by ? in WordPress Npm next versions = 12.2.0, 15.5.16...

NPM: Next.js Vulnerable to Denial of Service with Server Components

NPM: Next.js Vulnerable to Denial of Service with Server Components vulnerability discovered by ? in WordPress Npm next versions = 13.0.0, 15.5.16...

NPM: Facebook React has a Denial of Service Vulnerability in React Server Components

NPM: Facebook React has a Denial of Service Vulnerability in React Server Components discovered by ? in WordPress Npm react-server-dom-turbopack versions = 19.0.0, 19.0.6...

NPM: Facebook React has a Denial of Service Vulnerability in React Server Components

NPM: Facebook React has a Denial of Service Vulnerability in React Server Components discovered by ? in WordPress Npm react-server-dom-parcel versions = 19.0.0, 19.0.6...

NPM: Facebook React has a Denial of Service Vulnerability in React Server Components

NPM: Facebook React has a Denial of Service Vulnerability in React Server Components discovered by ? in WordPress Npm react-server-dom-webpack versions = 19.0.0, 19.0.6...

WordPress SureTriggers plugin < 1.1.23 - Unauthenticated SQLi vulnerability

Unauthenticated SQLi vulnerability discovered by mcdruid in WordPress Plugin OttoKit versions 1.1.23...

WordPress Email Marketing for WooCommerce by Omnisend plugin <= 1.18.0 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by Bima Ikhsan in WordPress Plugin Email Marketing for WooCommerce by Omnisend versions = 1.18.0...

WordPress Bookly plugin <= 27.4 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Tiago Ventura @perses in WordPress Plugin Bookly versions = 27.4...

WordPress Salon booking system plugin <= 10.30.25 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Evan in WordPress Plugin Salon booking system versions = 10.30.25...