10
CVE-2025-12219 - Vulnerable Components in Azure Access OS
Vulnerable Components in Azure Access OS.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
10
CVE-2025-12218 - Weak Default Credentials
Weak Default Credentials.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
6.9
CVE-2025-12217 - SNMP Default Community String (public)
SNMP Default Community String (public).This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
10
CVE-2025-12216 - Malicious / Malformed App can be Installed but not Uninstalled
Malicious / Malformed App can be Installed but not Uninstalled/may lead to unavailability.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
6.4
CVE-2025-11897 - The7 โ Ultimate WordPress & WooCommerce Theme <= 12.9.1 - Authenticated (Contributor+) Stored Crossโฆ
The The7 โ Website and eCommerce Builder for WordPress theme for WordPress is vulnerable to Stored Cross-Site Scripting via the โ the7_fancy_title_cssโ parameter in all versions up to, and including, 12.9.1 due to insufficient input sanitization and output escaping. This makes it possible for autheโฆ
6.4
CVE-2025-11875 - SpendeOnline.org <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The SpendeOnline.org plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spendeonline' shortcode in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticatโฆ
4.3
CVE-2025-11976 - FuseWP โ WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, Actโฆ
The FuseWP โ WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.23.0. This is due to missing or incorrect nonce validation on the save_โฆ
7.5
CVE-2025-8416 - Product Filter by WBW <= 2.9.7 - Unauthenticated SQL Injection
The Product Filter by WBW plugin for WordPress is vulnerable to SQL Injection via the 'filtersDataBackend' parameter in all versions up to, and including, 2.9.7. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This maโฆ
7.5
CVE-2025-4203 - wpForo Forum <= 2.4.8 - Unauthenticated SQL Injection via get_members Function
The wpForo Forum plugin for WordPress is vulnerable to errorโbased or time-based SQL Injection via the get_members() function in all versions up to, and including, 2.4.8 due to missing integer validation on the 'offset' and 'row_count' parameters. The function blindly interpolates 'row_count' into โฆ
5.3
CVE-2025-10637 - Social Feed Gallery <= 4.9.2 - Missing Authorization to Unauthenticated Information Exposure
The Social Feed Gallery plugin for WordPress is vulnerable to Information Exposure in versions less than, or equal to, 4.9.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to exfiltrate Instagramโฆ