9.3
CVE-2025-34110 - ColoradoFTP Server <= 1.3 Build 8 Path Traversal Information Disclosure
A directory traversal vulnerability exists in ColoradoFTP Server β€ 1.3 Build 8 for Windows, allowing unauthenticated attackers to read or write arbitrary files outside the configured FTP root directory. The flaw is due to insufficient sanitation of user-supplied file paths in the FTP GET and PUT coβ¦
8.1
CVE-2025-7667 - Restrict File Access <= 1.1.2 - Cross-Site Request Forgery to Arbitrary File Deletion
The Restrict File Access plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the 'restrict-file-access' page. This makes it possible for unauthenticated attackers to to delete arbitraryβ¦
0.0
CVE-2025-53954 -
Not used
0.0
CVE-2025-53955 -
Not used
0.0
CVE-2025-53956 -
Not used
0.0
CVE-2025-53957 -
Not used
0.0
CVE-2025-53958 -
Not used
0.0
CVE-2025-53953 -
Not used
0.0
CVE-2025-53952 -
Not used
5.5
CVE-2025-4369 - Companion Auto Update <= 3.9.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via updβ¦
The Companion Auto Update plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βupdate_delay_daysβ parameter in all versions up to, and including, 3.9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administβ¦