9.8
CVE-2025-7444 - LoginPress Pro <= 5.0.1 - Authentication Bypass via WordPress.com OAuth provider
The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.0.1. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing uβ¦
4
CVE-2024-32124 -
An improper access control vulnerability [CWE-284] in FortiIsolator version 2.4.4, version 2.4.3, 2.3 all versions logging component may allow a remote authenticated read-only attacker to alter logs via a crafted HTTP request.
6.3
CVE-2024-27779 -
An insufficient session expiration vulnerability [CWE-613] in FortiSandbox FortiSandbox version 4.4.4 and below, version 4.2.6 and below, 4.0 all versions, 3.2 all versions and FortiIsolator version 2.4 and below, 2.3 all versions, 2.2 all versions, 2.1 all versions, 2.0 all versions, 1.2 all versiβ¦
4.2
CVE-2025-6197 - grafana: Open Redirect in Grafana
An open redirect vulnerability has been identified in Grafana OSS organization switching functionality. Prerequisites for exploitation: - Multiple organizations must exist in the Grafana instance - Victim must be on a different organization than the one specified in the URL
7.6
CVE-2025-6023 - grafana: Cross Site Scripting in Grafana
An open redirect vulnerability has been identified in Grafana OSS that can be exploited to achieve XSS attacks. The vulnerability was introduced in Grafana v11.5.0. The open redirect can be chained with path traversal vulnerabilities to achieve XSS. Fixed in versions 12.0.2+security-01, 11.6.3+seβ¦
9.8
CVE-2025-26855 - Extension - joomcar.net - SQL injection in Articles Calendar 1.0.0 - 1.0.1.0007 for Joomla
A SQL injection in Articles Calendar extension 1.0.0 - 1.0.1.0007 for Joomla allows attackers to execute arbitrary SQL commands.
9.8
CVE-2025-26854 - Extension - joomcar.net - SQL injection in Articles Good Search 1.0.0 - 1.2.4.0011 for Joomla
A SQL injection in Articles Good Search extension 1.0.0 - 1.2.4.0011 for Joomla allows attackers to execute arbitrary SQL commands.
7.5
CVE-2025-7438 - MasterStudy LMS β Online Courses, eLearning PRO Plus <= 4.7.9 - Authenticated (Subscriber+) Arbitraβ¦
The MasterStudy LMS Pro plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'install_and_activate_plugin' function in all versions up to, and including, 4.7.9. This makes it possible for authenticated attackers, with Subscriber-level access aβ¦
6.5
CVE-2025-7772 - Malcure Malware Scanner β #1 Toolset for WordPress Malware Removal <= 16.8 - Missing Authorization β¦
The Malcure Malware Scanner β #1 Toolset for WordPress Malware Removal plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 16.8 via the wpmr_inspect_file() function due to a missing capability check. This makes it possible for authenticated attackers, witβ¦
5.3
CVE-2025-5811 - Listly: Listicles For WordPress <= 2.7 - Unauthenticated Arbitrary Transient Deletion
The Listly: Listicles For WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the Init() function in all versions up to, and including, 2.7. This makes it possible for unauthenticated attackers to delete arbitrary transient values oβ¦