5.4

CVSS3.1

CVE-2025-55179 -

Incomplete validation of rich response messages in WhatsApp for iOS prior to v2.25.23.73, WhatsApp Business for iOS v2.25.23.82, and WhatsApp for Mac v2.25.23.83 could have allowed a user to trigger processing of media content from an arbitrary URL on another user’s device. We have not seen evidenc…

📅 Published: Nov. 18, 2025, 1:56 p.m. 🔄 Last Modified: Nov. 18, 2025, 1:56 p.m.

5.3

CVSS3.1

CVE-2025-12545 - Pixel Manager for WooCommerce – Track Conversions and Analytics, Google Ads, TikTok and more <= 1.4…

The Pixel Manager for WooCommerce – Track Conversions and Analytics, Google Ads, TikTok and more plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.49.2 via the ajax_pmw_get_product_ids() function due to insufficient restrictions on which products can…

📅 Published: Nov. 18, 2025, 1:54 p.m. 🔄 Last Modified: Nov. 18, 2025, 1:54 p.m.

6.4

CVSS3.1

CVE-2025-12376 - Icon List Block – Add Icon-Based Lists with Custom Styles <= 1.2.1 - Authenticated (Subscriber+) Se…

The Icon List Block – Add Icon-Based Lists with Custom Styles plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2.1 via the fs_api_request function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to…

📅 Published: Nov. 18, 2025, 1:54 p.m. 🔄 Last Modified: Nov. 18, 2025, 1:54 p.m.

0.0