8.8
CVE-2025-12138 - URL Image Importer <= 1.0.6 - Authenticated (Author+) Arbitrary File Upload
The URL Image Importer plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in all versions up to, and including, 1.0.6. This is due to the plugin relying on a user-controlled Content-Type HTTP header to validate file uploads in the 'uimptr_import_imβ¦
6.4
CVE-2025-11765 - Stock Tools <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Stock Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'image_height' and 'image_width' shortcode attributes in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attβ¦
5.3
CVE-2025-12170 - Checkbox <= 2.8.10 - Missing Authorization to Unauthenticated Log Clearing
The Checkbox plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wp_ajax_nopriv_checkbox_clean_log' AJAX endpoint in all versions up to, and including, 2.8.10. This makes it possible for unauthenticated attackers to clear log files.
4.3
CVE-2025-12086 - Return Refund and Exchange For WooCommerce <= 4.5.5 - Insecure Direct Object Reference to Authenticβ¦
The Return Refund and Exchange For WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.5.5 via the 'wps_rma_cancel_return_request' AJAX endpoint due to missing validation on a user controlled key. This makes it possible for authβ¦
6.4
CVE-2025-12661 - Pollcaster Shortcode Plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Sβ¦
The Pollcaster Shortcode Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'height' parameter in the 'pollcaster' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes iβ¦
8.1
CVE-2025-13322 - WP AUDIO GALLERY <= 2.0 - Authenticated (Subscriber+) Arbitrary File Deletion via 'audio_upload' Paβ¦
The WP AUDIO GALLERY plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in all versions up to, and including, 2.0. This is due to the `wpag_uploadaudio_callback()` AJAX handler not properly validating user-supplied file paths in the `audio_upload`β¦
6.4
CVE-2025-12660 - Padlet Shortcode <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Padlet Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'key' parameter in the 'wallwisher' shortcode in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possiβ¦
6.1
CVE-2025-12746 - Tainacan <= 1.0.0 - Reflected Cross-Site Scripting
The Tainacan plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts iβ¦
8.4
CVE-2025-64695 -
Uncontrolled search path element issue exists in the installer of LogStare Collector (for Windows). If exploited, arbitrary code may be executed with the privilege of the user invoking the installer.
6.9
CVE-2025-64299 -
LogStare Collector improperly handles the password hash data. An administrative user may obtain the other users' password hashes.