4.3
CVE-2025-69344 - WordPress Oneline Lite theme <= 6.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in themehunk Oneline Lite oneline-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Oneline Lite: from n/a through <= 6.6.
9.1
CVE-2025-68637 - Apache Uniffle: Insecure SSL Configuration in Uniffle HTTP Client
The Uniffle HTTP client is configured to trust all SSL certificates and disables hostname verification by default. This insecure configuration exposes all REST API communication between the Uniffle CLI/client and the Uniffle Coordinator service to potential Man-in-the-Middle (MITM) attacks. This…
5.3
CVE-2025-13722 - Fluent Forms <= 6.1.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Form Creatio…
The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.1.7. This is due to missing capability checks on the `fluentform_ai_create_form` AJAX action. This makes it …
4.4
CVE-2025-14057 - Multi-column Tag Map <= 17.0.39 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'm…
The Multi-column Tag Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 17.0.39 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permis…
4.3
CVE-2025-14077 - Simcast <= 1.0.0 - Cross-Site Request Forgery to Settings Update
The Simcast plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the settingsPage function. This makes it possible for unauthenticated attackers to modify plugin settings via a forged re…
6.4
CVE-2025-15058 - Responsive Pricing Table <= 5.1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via '…
The Responsive Pricing Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'table_currency' parameter in all versions up to, and including, 5.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contrib…
6.4
CVE-2025-14114 - 1180px Shortcodes <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class' S…
The 1180px Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' shortcode attribute in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-le…
5.3
CVE-2025-14460 - Piraeus Bank WooCommerce Payment Gateway <= 3.1.4 - Missing Authorization to Unauthenticated Arbitr…
The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is vulnerable to unauthorized order status modification in all versions up to, and including, 3.1.4. This is due to missing authorization checks on the payment callback endpoint handler when processing the 'fail' callback from the pa…
6.4
CVE-2025-14122 - AD Sliding FAQ <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attr…
The AD Sliding FAQ plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sliding_faq' shortcode in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, …
4.4
CVE-2025-13974 - Email Customizer for WooCommerce | Drag and Drop Email Templates Builder <= 2.6.7 - Authenticated (…
The Email Customizer for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email template content in all versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administ…