6.3
CVE-2025-36361 - IBM App Connect Enterprise runtime is vulnerable to a lack of authorization on windows environments…
IBM App Connect Enterprise 13.0.1.0 through 13.0.4.2, and 12.0.1.0 through 12.0.12.17 could allow an authenticated user to perform unauthorized actions on customer defined resources due to missing authorization.
5.3
CVE-2025-12134 - ZoloBlocks <= 2.3.11 - Missing Authorization to Unauthenticated Popup Enable/Disable
The ZoloBlocks – Gutenberg Block Editor Plugin with Advanced Blocks, Dynamic Content, Templates & Patterns plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_popup_status() function in all versions up to, and including, 2.3.11. Th…
6.8
CVE-2025-12136 - Real Cookie Banner: GDPR & ePrivacy Cookie Consent <= 5.2.4 - Authenticated (Admin+) Server-Side Re…
The Real Cookie Banner: GDPR & ePrivacy Cookie Consent plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.2.4. This is due to insufficient validation on the user-supplied URL in the '/scanner/scan-without-login' REST API endpoint. This makes it…
9.8
CVE-2025-11253 - SQLi in Aksis Technologies' Netty ERP
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aksis Technology Inc. Netty ERP allows SQL Injection.This issue affects Netty ERP: before V.1.1000.
5.4
CVE-2025-10749 - Microsoft Azure Storage for WordPress <= 4.5.1 - Missing Authorization to Authenticated (Subscriber…
The Microsoft Azure Storage for WordPress plugin for WordPress is vulnerable to Unauthorized Arbitrary Media Deletion in all versions up to, and including, 4.5.1. This is due to missing capability checks on the 'azure-storage-media-replace' AJAX action. This makes it possible for authenticated atta…
6.1
CVE-2025-12017 - VNPAY for Woocommerce <= 1.0.0 - Reflected Cross-Site Scripting
The VNPAY Payment gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary…
4.3
CVE-2025-11172 - Check Plagiarism <= 2.0 - Missing Authorization to Authenticated (Subscriber+) Settings Update
The Check Plagiarism plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the chk_plag_mine_plugin_wpse10500_admin_action() function in all versions up to, and including, 2.0. This makes it possible for authenticated attackers, with Subscriber…
4.3
CVE-2025-10901 - Originality.ai AI Checker <= 1.0.16 - Missing Authorization to Authenticated (Subscriber+) Sensitiv…
The Originality.ai AI Checker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ai_get_table' function in all versions up to, and including, 1.0.16. This makes it possible for authenticated attackers, with Subscriber-level access and above, …
4.3
CVE-2025-10902 - Originality.ai AI Checker <= 1.0.15 - Missing Authorization to Authenticated (Subscriber+) Scan Log…
The Originality.ai AI Checker plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'ai_scan_result_remove' function in all versions up to, and including, 1.0.15. This makes it possible for authenticated attackers, with Subscriber-level access and …
4.3
CVE-2025-12014 - NGINX Cache Optimizer <= 1.1 - Missing Authorization to Authenticated (Subscriber+) Dynamic Caching…
The NGINX Cache Optimizer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'nginxcacheoptimizer-blacklist-update' AJAX action in all versions up to, and including, 1.1. This makes it possible for authenticated attackers, with Subscribe…