6.1
CVE-2025-4199 - Abundatrade Plugin <= 1.8.02 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The Abundatrade Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.02. This is due to missing or incorrect nonce validation on the 'abundatrade' page. This makes it possible for unauthenticated attackers to update settings and inject maโฆ
9.8
CVE-2025-3918 - Job Listings 0.1 - 0.1.1 - Unauthenticated Privilege Escalation via register_action Function
The Job Listings plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization within the register_action() function in versions 0.1 to 0.1.1. The pluginโs registration handler reads the client-supplied $_POST['user_role'] and passes it directly to wp_insert_user() withouโฆ
6.1
CVE-2025-4198 - Alink Tap <= 1.3.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The Alink Tap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the 'alink-tap' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web โฆ
6.4
CVE-2025-4168 - Subpage List <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Subpage List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'subpages' shortcode in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacโฆ
6.1
CVE-2025-4188 - Advanced Reorder Image Text Slider <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scriptiโฆ
The Advanced Reorder Image Text Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'reorder-simple-image-text-slider-setting' page. This makes it possible for unauthenticated โฆ
6.4
CVE-2025-4170 - Xavin's Review Ratings <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Xavin's Review Ratings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'xrr' shortcode in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticโฆ
6.4
CVE-2025-4172 - VerticalResponse Newsletter Widget <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
The VerticalResponse Newsletter Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'verticalresponse' shortcode in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possโฆ
5.5
CVE-2025-37799 - vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp
In the Linux kernel, the following vulnerability has been resolved: vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp vmxnet3 driver's XDP handling is buggy for packet sizes using ring0 (that is, packet sizes between 128 - 3k bytes). We noticed MTU-related connectivity issues with Ciliโฆ
8.1
CVE-2025-47245 -
In BlueWave Checkmate through 2.0.2 before d4a6072, an invite request can be modified to specify a privileged role.
4
CVE-2025-47241 -
In browser-use (aka Browser Use) before 0.1.45, URL parsing of allowed_domains is mishandled because userinfo can be placed in the authority component.