7.1
CVE-2025-14737 - Command Injection Vulnerability in TP-Link WA850RE
Command Injection vulnerability in TP-Link WA850RE (httpd modules) allows authenticated adjacent attacker to inject arbitrary commands.This issue affects: β€ WA850RE V2_160527, β€ WA850RE V3_160922.
8.6
CVE-2025-14884 - D-Link DIR-605 Firmware Update Service command injection
A vulnerability was detected in D-Link DIR-605 202WWB03. Affected by this issue is some unknown functionality of the component Firmware Update Service. Performing manipulation results in command injection. The attack can be initiated remotely. The exploit is now public and may be used. This vulneraβ¦
9.3
CVE-2025-14879 - Tenda WH450 HTTP Request onSSIDChange stack-based overflow
A weakness has been identified in Tenda WH450 1.0.0.18. Affected is an unknown function of the file /goform/onSSIDChange of the component HTTP Request Handler. This manipulation of the argument ssid_index causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploiβ¦
5.4
CVE-2025-62960 - WordPress Construction Light theme <= 1.6.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in Sparkle WP Construction Light allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Construction Light: from n/a through 1.6.7.
5.4
CVE-2025-62961 - WordPress Sparkle FSE theme <= 1.0.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in Sparkle WP Sparkle FSE allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sparkle FSE: from n/a through 1.0.9.
5
CVE-2025-62998 - WordPress WP AI CoPilot plugin <= 1.2.7 - Sensitive Data Exposure vulnerability
Insertion of Sensitive Information Into Sent Data vulnerability in WP Messiah WP AI CoPilot allows Retrieve Embedded Sensitive Data.This issue affects WP AI CoPilot: from n/a through 1.2.7.
5.3
CVE-2025-63002 - WordPress Sermon Manager plugin <= 2.30.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in wpforchurch Sermon Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sermon Manager: from n/a through 2.30.0.
5.3
CVE-2025-63043 - WordPress Post Grid and Gutenberg Blocks plugin <= 2.3.19 - Insecure Direct Object References (IDORβ¦
Authorization Bypass Through User-Controlled Key vulnerability in PickPlugins Post Grid and Gutenberg Blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Grid and Gutenberg Blocks: from n/a through 2.3.19.
6.5
CVE-2025-64235 - WordPress Tuturn plugin < 3.6 - Arbitrary File Download vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AmentoTech Tuturn allows Path Traversal.This issue affects Tuturn: from n/a before 3.6.
9.8
CVE-2025-64236 - WordPress Tuturn plugin < 3.6 - Broken Authentication vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in AmentoTech Tuturn allows Authentication Abuse.This issue affects Tuturn: from n/a before 3.6.