6.4
CVE-2025-3779 - Personizely <= 0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via widgetId Paramet…
The Personizely plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘widgetId’ parameter in all versions up to, and including, 0.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and…
6.1
CVE-2025-4199 - Abundatrade Plugin <= 1.8.02 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The Abundatrade Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.02. This is due to missing or incorrect nonce validation on the 'abundatrade' page. This makes it possible for unauthenticated attackers to update settings and inject ma…
9.8
CVE-2025-3918 - Job Listings 0.1 - 0.1.1 - Unauthenticated Privilege Escalation via register_action Function
The Job Listings plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization within the register_action() function in versions 0.1 to 0.1.1. The plugin’s registration handler reads the client-supplied $_POST['user_role'] and passes it directly to wp_insert_user() withou…
6.1
CVE-2025-4198 - Alink Tap <= 1.3.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The Alink Tap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the 'alink-tap' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web …
6.4
CVE-2025-4168 - Subpage List <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Subpage List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'subpages' shortcode in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attac…
6.1
CVE-2025-4188 - Advanced Reorder Image Text Slider <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripti…
The Advanced Reorder Image Text Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'reorder-simple-image-text-slider-setting' page. This makes it possible for unauthenticated …
6.4
CVE-2025-4170 - Xavin's Review Ratings <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Xavin's Review Ratings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'xrr' shortcode in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authentic…
6.4
CVE-2025-4172 - VerticalResponse Newsletter Widget <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
The VerticalResponse Newsletter Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'verticalresponse' shortcode in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it poss…
5.5
CVE-2025-37799 - vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp
In the Linux kernel, the following vulnerability has been resolved: vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp vmxnet3 driver's XDP handling is buggy for packet sizes using ring0 (that is, packet sizes between 128 - 3k bytes). We noticed MTU-related connectivity issues with Cili…
8.1
CVE-2025-47245 -
In BlueWave Checkmate through 2.0.2 before d4a6072, an invite request can be modified to specify a privileged role.