Search criteria
7912 vulnerabilities
CVE-2025-12850 (GCVE-0-2025-12850)
Vulnerability from cvelistv5 – Published: 2025-12-05 06:43 – Updated: 2025-12-05 06:43
VLAI?
Summary
The My auctions allegro plugin for WordPress is vulnerable to SQL Injection via the ‘auction_id’ parameter in all versions up to, and including, 3.6.32 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Severity ?
7.5 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wphocus | My auctions allegro |
Affected:
* , ≤ 3.6.32
(semver)
|
Credits
M Indra Purnama
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "My auctions allegro",
"vendor": "wphocus",
"versions": [
{
"lessThanOrEqual": "3.6.32",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "M Indra Purnama"
}
],
"descriptions": [
{
"lang": "en",
"value": "The My auctions allegro plugin for WordPress is vulnerable to SQL Injection via the \u2018auction_id\u2019 parameter in all versions up to, and including, 3.6.32 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T06:43:51.373Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dc4883b8-5783-49ff-ab3b-c568c9923227?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3402268/my-auctions-allegro-free-edition"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-06T23:48:12.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-12-04T18:36:48.000+00:00",
"value": "Disclosed"
}
],
"title": "My auctions allegro \u003c= 3.6.32 - Unauthenticated SQL Injection via auction_id"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-12850",
"datePublished": "2025-12-05T06:43:51.373Z",
"dateReserved": "2025-11-06T23:27:27.375Z",
"dateUpdated": "2025-12-05T06:43:51.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13515 (GCVE-0-2025-13515)
Vulnerability from cvelistv5 – Published: 2025-12-05 06:07 – Updated: 2025-12-05 06:07
VLAI?
Summary
The Nouri.sh Newsletter plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` parameter in all versions up to, and including, 1.0.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| danrajkumar | Nouri.sh Newsletter |
Affected:
* , ≤ 1.0.1.3
(semver)
|
Credits
Abdulsamad Yusuf
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Nouri.sh Newsletter",
"vendor": "danrajkumar",
"versions": [
{
"lessThanOrEqual": "1.0.1.3",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Abdulsamad Yusuf"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Nouri.sh Newsletter plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER[\u0027PHP_SELF\u0027]` parameter in all versions up to, and including, 1.0.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T06:07:20.455Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d5f0587e-1f84-472c-8fb7-13ddda63e2ec?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/newsletters-from-rss-to-email-newsletters-using-nourish/trunk/templates/options.phtml#L7"
},
{
"url": "https://plugins.trac.wordpress.org/browser/newsletters-from-rss-to-email-newsletters-using-nourish/tags/v1.0.13/templates/options.phtml#L7"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-04T17:34:35.000+00:00",
"value": "Disclosed"
}
],
"title": "Nouri.sh Newsletter \u003c= 1.0.1.3 - Reflected Cross-Site Scripting via $_SERVER[\u0027PHP_SELF\u0027]"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-13515",
"datePublished": "2025-12-05T06:07:20.455Z",
"dateReserved": "2025-11-21T18:35:41.238Z",
"dateUpdated": "2025-12-05T06:07:20.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12355 (GCVE-0-2025-12355)
Vulnerability from cvelistv5 – Published: 2025-12-05 06:07 – Updated: 2025-12-05 06:07
VLAI?
Summary
The Payaza plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_nopriv_update_order_status' AJAX endpoint in all versions up to, and including, 0.3.8. This makes it possible for unauthenticated attackers to update order statuses.
Severity ?
5.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Credits
Abhirup Konwar
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Payaza",
"vendor": "bigmaster",
"versions": [
{
"lessThanOrEqual": "0.3.8",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Abhirup Konwar"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Payaza plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the \u0027wp_ajax_nopriv_update_order_status\u0027 AJAX endpoint in all versions up to, and including, 0.3.8. This makes it possible for unauthenticated attackers to update order statuses."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T06:07:19.571Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/acc88688-76e0-4477-8b7c-eeff541881ab?source=cve"
},
{
"url": "https://wordpress.org/plugins/payaza/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-04T17:31:41.000+00:00",
"value": "Disclosed"
}
],
"title": "Payaza \u003c= 0.3.8 - Missing Authorization to Unauthenticated Order Status Update"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-12355",
"datePublished": "2025-12-05T06:07:19.571Z",
"dateReserved": "2025-10-27T15:32:06.345Z",
"dateUpdated": "2025-12-05T06:07:19.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12093 (GCVE-0-2025-12093)
Vulnerability from cvelistv5 – Published: 2025-12-05 06:07 – Updated: 2025-12-05 06:07
VLAI?
Summary
The Voidek Employee Portal plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX actions in all versions up to, and including, 1.0.6. This makes it possible for unauthenticated attackers to perform several actions like registering an account, deleting users, and modifying details within the employee portal.
Severity ?
5.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| voidek | Voidek Employee Portal |
Affected:
* , ≤ 1.0.6
(semver)
|
Credits
Athiwat Tiprasaharn
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Voidek Employee Portal",
"vendor": "voidek",
"versions": [
{
"lessThanOrEqual": "1.0.6",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Athiwat Tiprasaharn"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Voidek Employee Portal plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX actions in all versions up to, and including, 1.0.6. This makes it possible for unauthenticated attackers to perform several actions like registering an account, deleting users, and modifying details within the employee portal."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T06:07:19.994Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d33b83d5-cfc0-48b6-a54e-1ae8ac52aae1?source=cve"
},
{
"url": "https://wordpress.org/plugins/voidek-employee-portal/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-04T17:32:22.000+00:00",
"value": "Disclosed"
}
],
"title": "Voidek Employee Portal \u003c= 1.0.6 - Missing Authorization"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-12093",
"datePublished": "2025-12-05T06:07:19.994Z",
"dateReserved": "2025-10-22T19:17:58.754Z",
"dateUpdated": "2025-12-05T06:07:19.994Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12374 (GCVE-0-2025-12374)
Vulnerability from cvelistv5 – Published: 2025-12-05 06:07 – Updated: 2025-12-05 06:07
VLAI?
Summary
The Email Verification, Email OTP, Block Spam Email, Passwordless login, Hide Login, Magic Login – User Verification plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.0.39. This is due to the plugin not properly validating that an OTP was generated before comparing it to user input in the "user_verification_form_wrap_process_otpLogin" function. This makes it possible for unauthenticated attackers to log in as any user with a verified email address, such as an administrator, by submitting an empty OTP value.
Severity ?
9.8 (Critical)
CWE
- CWE-287 - Improper Authentication
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pickplugins | User Verification by PickPlugins |
Affected:
* , ≤ 2.0.39
(semver)
|
Credits
lucky_buddy
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "User Verification by PickPlugins",
"vendor": "pickplugins",
"versions": [
{
"lessThanOrEqual": "2.0.39",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "lucky_buddy"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Email Verification, Email OTP, Block Spam Email, Passwordless login, Hide Login, Magic Login \u2013 User Verification plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.0.39. This is due to the plugin not properly validating that an OTP was generated before comparing it to user input in the \"user_verification_form_wrap_process_otpLogin\" function. This makes it possible for unauthenticated attackers to log in as any user with a verified email address, such as an administrator, by submitting an empty OTP value."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T06:07:19.086Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8ccb1304-326e-43af-b75d-23874f92ba8b?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/user-verification/trunk/templates/email-otp-login-form/hook.php#L141"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-15T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-12-04T17:39:15.000+00:00",
"value": "Disclosed"
}
],
"title": "Email Verification, Email OTP, Block Spam Email, Passwordless login, Hide Login, Magic Login \u2013 User Verification \u003c= 2.0.39 - Authentication Bypass to Account Takeover"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-12374",
"datePublished": "2025-12-05T06:07:19.086Z",
"dateReserved": "2025-10-27T21:22:35.296Z",
"dateUpdated": "2025-12-05T06:07:19.086Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12373 (GCVE-0-2025-12373)
Vulnerability from cvelistv5 – Published: 2025-12-05 06:07 – Updated: 2025-12-05 06:07
VLAI?
Summary
The Torod – The smart shipping and delivery portal for e-shops and retailers plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9. This is due to missing or incorrect nonce validation on the save_settings function. This makes it possible for unauthenticated attackers to modify plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity ?
4.3 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| torod | Torod – The smart shipping and delivery portal for e-shops and retailers |
Affected:
* , ≤ 1.9
(semver)
|
Credits
Nabil Irawan
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Torod \u2013 The smart shipping and delivery portal for e-shops and retailers",
"vendor": "torod",
"versions": [
{
"lessThanOrEqual": "1.9",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nabil Irawan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Torod \u2013 The smart shipping and delivery portal for e-shops and retailers plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9. This is due to missing or incorrect nonce validation on the save_settings function. This makes it possible for unauthenticated attackers to modify plugin\u0027s settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T06:07:18.239Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1eedab61-e94b-4793-8bf6-cfadd94a5778?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/torod/tags/1.9/inc/torod_Settings.php#L80"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-15T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-12-04T17:32:53.000+00:00",
"value": "Disclosed"
}
],
"title": "Torod \u2013 The smart shipping and delivery portal for e-shops and retailers \u003c= 1.9 - Cross-Site Request Forgery To Plugin\u0027s Settings Modification"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-12373",
"datePublished": "2025-12-05T06:07:18.239Z",
"dateReserved": "2025-10-27T21:06:28.880Z",
"dateUpdated": "2025-12-05T06:07:18.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12354 (GCVE-0-2025-12354)
Vulnerability from cvelistv5 – Published: 2025-12-05 06:07 – Updated: 2025-12-05 06:07
VLAI?
Summary
The Live CSS Preview plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_frontend_save' AJAX endpoint in all versions up to, and including, 2.0.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's css setting.
Severity ?
4.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| dojodigital | Live CSS Preview |
Affected:
* , ≤ 2.0.0
(semver)
|
Credits
Abhirup Konwar
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Live CSS Preview",
"vendor": "dojodigital",
"versions": [
{
"lessThanOrEqual": "2.0.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Abhirup Konwar"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Live CSS Preview plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the \u0027wp_ajax_frontend_save\u0027 AJAX endpoint in all versions up to, and including, 2.0.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin\u0027s css setting."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T06:07:18.677Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3ebaadf6-5085-4f2d-a377-34e318351449?source=cve"
},
{
"url": "https://wordpress.org/plugins/live-css-preview/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-04T17:36:29.000+00:00",
"value": "Disclosed"
}
],
"title": "Live CSS Preview \u003c= 2.0.0 - Missing Authorization to Authenticated (Subscriber+) Settings Update"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-12354",
"datePublished": "2025-12-05T06:07:18.677Z",
"dateReserved": "2025-10-27T15:17:32.188Z",
"dateUpdated": "2025-12-05T06:07:18.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12186 (GCVE-0-2025-12186)
Vulnerability from cvelistv5 – Published: 2025-12-05 06:07 – Updated: 2025-12-05 06:07
VLAI?
Summary
The Weekly Planner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Severity ?
4.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| michael_j_reid | Weekly Planner |
Affected:
* , ≤ 1.0
(semver)
|
Credits
Ivan Cese
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Weekly Planner",
"vendor": "michael_j_reid",
"versions": [
{
"lessThanOrEqual": "1.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ivan Cese"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Weekly Planner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T06:07:17.545Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1cd2d269-5af2-40ab-b424-505c95c56688?source=cve"
},
{
"url": "https://wordpress.org/plugins/weekly-planner/#description"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-04T17:39:52.000+00:00",
"value": "Disclosed"
}
],
"title": "Weekly Planner \u003c= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-12186",
"datePublished": "2025-12-05T06:07:17.545Z",
"dateReserved": "2025-10-24T19:46:11.687Z",
"dateUpdated": "2025-12-05T06:07:17.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13528 (GCVE-0-2025-13528)
Vulnerability from cvelistv5 – Published: 2025-12-05 05:31 – Updated: 2025-12-05 05:31
VLAI?
Summary
The Feedback Modal for Website plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'handle_export' function in all versions up to, and including, 1.0.1. This makes it possible for unauthenticated attackers to export all feedback data in CSV or JSON format via the 'export_data' parameter.
Severity ?
5.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nedwp | Feedback Modal for Website |
Affected:
* , ≤ 1.0.1
(semver)
|
Credits
Abhirup Konwar
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Feedback Modal for Website",
"vendor": "nedwp",
"versions": [
{
"lessThanOrEqual": "1.0.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Abhirup Konwar"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Feedback Modal for Website plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the \u0027handle_export\u0027 function in all versions up to, and including, 1.0.1. This makes it possible for unauthenticated attackers to export all feedback data in CSV or JSON format via the \u0027export_data\u0027 parameter."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T05:31:29.864Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f3341c29-a69e-4618-a8a5-11f4141ff88f?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/feedback-modal-for-website/trunk/inc/admin/main.php#L1011"
},
{
"url": "https://plugins.trac.wordpress.org/browser/feedback-modal-for-website/tags/1.0.1/inc/admin/main.php#L1011"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-04T16:30:58.000+00:00",
"value": "Disclosed"
}
],
"title": "Feedback Modal for Website \u003c= 1.0.1 - Missing Authorization to Unauthenticated Arbitrary Feedback Data Exfiltration via \u0027export_data\u0027 Parameter"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-13528",
"datePublished": "2025-12-05T05:31:29.864Z",
"dateReserved": "2025-11-21T20:13:43.820Z",
"dateUpdated": "2025-12-05T05:31:29.864Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12154 (GCVE-0-2025-12154)
Vulnerability from cvelistv5 – Published: 2025-12-05 05:31 – Updated: 2025-12-05 05:31
VLAI?
Summary
The Auto Thumbnailer plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadThumb() function in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Severity ?
8.8 (High)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| moderntribe | Auto Thumbnailer |
Affected:
* , ≤ 1.0
(semver)
|
Credits
Kenneth Dunn
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Auto Thumbnailer",
"vendor": "moderntribe",
"versions": [
{
"lessThanOrEqual": "1.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kenneth Dunn"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Auto Thumbnailer plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadThumb() function in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on the affected site\u0027s server which may make remote code execution possible."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T05:31:29.082Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d7c98191-bf17-4e94-88cc-ad385b1fe97d?source=cve"
},
{
"url": "https://wordpress.org/plugins/auto-thumbnailer/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-04T17:20:29.000+00:00",
"value": "Disclosed"
}
],
"title": "Auto Thumbnailer \u003c= 1.0 - Authenticated (Contributor+) Arbitrary File Upload"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-12154",
"datePublished": "2025-12-05T05:31:29.082Z",
"dateReserved": "2025-10-24T13:06:55.464Z",
"dateUpdated": "2025-12-05T05:31:29.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13860 (GCVE-0-2025-13860)
Vulnerability from cvelistv5 – Published: 2025-12-05 05:31 – Updated: 2025-12-05 05:31
VLAI?
Summary
The Easy Jump Links Menus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `h_tags` parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity ?
6.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| webradykal | Easy Jump Links Menus |
Affected:
* , ≤ 1.0.0
(semver)
|
Credits
Youcef Hamdani
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Easy Jump Links Menus",
"vendor": "webradykal",
"versions": [
{
"lessThanOrEqual": "1.0.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Youcef Hamdani"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Easy Jump Links Menus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `h_tags` parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T05:31:29.457Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e3e88dc0-4798-4da8-87cf-4c398acc622c?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/easy-jump-links-menus/trunk/easy-jump-links-menus.php#L52"
},
{
"url": "https://plugins.trac.wordpress.org/browser/easy-jump-links-menus/tags/1.0.0/easy-jump-links-menus.php#L52"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-04T17:23:08.000+00:00",
"value": "Disclosed"
}
],
"title": "Easy Jump Links Menus \u003c= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-13860",
"datePublished": "2025-12-05T05:31:29.457Z",
"dateReserved": "2025-12-01T21:04:57.378Z",
"dateUpdated": "2025-12-05T05:31:29.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12190 (GCVE-0-2025-12190)
Vulnerability from cvelistv5 – Published: 2025-12-05 05:31 – Updated: 2025-12-05 05:31
VLAI?
Summary
The Image Optimizer by wps.sk plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.0. This is due to missing or incorrect nonce validation on the imagopby_ajax_optimize_gallery() function. This makes it possible for unauthenticated attackers to trigger bulk optimization via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity ?
4.3 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| duddi | Image Optimizer by wps.sk |
Affected:
* , ≤ 1.2.0
(semver)
|
Credits
Sarawut Poolkhet
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Image Optimizer by wps.sk",
"vendor": "duddi",
"versions": [
{
"lessThanOrEqual": "1.2.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sarawut Poolkhet"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Image Optimizer by wps.sk plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.0. This is due to missing or incorrect nonce validation on the imagopby_ajax_optimize_gallery() function. This makes it possible for unauthenticated attackers to trigger bulk optimization via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T05:31:28.703Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d321183a-f0ef-4b5b-855a-da95edb610b9?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/image-optimizer-wpssk/tags/1.2.0/image-optimizer-wpssk.php"
},
{
"url": "https://plugins.svn.wordpress.org/image-optimizer-wpssk/tags/1.2.0/image-optimizer-wpssk.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-04T16:39:41.000+00:00",
"value": "Disclosed"
}
],
"title": "Image Optimizer by wps.sk \u003c= 1.2.0 - Cross-Site Request Forgery to Bulk Image Optimization"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-12190",
"datePublished": "2025-12-05T05:31:28.703Z",
"dateReserved": "2025-10-24T20:04:51.655Z",
"dateUpdated": "2025-12-05T05:31:28.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12191 (GCVE-0-2025-12191)
Vulnerability from cvelistv5 – Published: 2025-12-05 05:31 – Updated: 2025-12-05 05:31
VLAI?
Summary
The PDF Catalog for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pdfcatalog' AJAX action in all versions up to, and including, 1.1.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ovologics | PDF Catalog for WooCommerce |
Affected:
* , ≤ 1.1.18
(semver)
|
Credits
Kenneth Dunn
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PDF Catalog for WooCommerce",
"vendor": "ovologics",
"versions": [
{
"lessThanOrEqual": "1.1.18",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kenneth Dunn"
}
],
"descriptions": [
{
"lang": "en",
"value": "The PDF Catalog for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u0027pdfcatalog\u0027 AJAX action in all versions up to, and including, 1.1.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T05:31:28.308Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cb5f5e33-e066-4a85-9367-4b8c2f948adf?source=cve"
},
{
"url": "https://wordpress.org/plugins/pdf-catalog-for-woocommerce/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-04T16:30:02.000+00:00",
"value": "Disclosed"
}
],
"title": "PDF Catalog for WooCommerce \u003c= 1.1.18 - Authenticated (Subscriber+) Stored Cross-Site Scripting"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-12191",
"datePublished": "2025-12-05T05:31:28.308Z",
"dateReserved": "2025-10-24T20:13:03.627Z",
"dateUpdated": "2025-12-05T05:31:28.308Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12128 (GCVE-0-2025-12128)
Vulnerability from cvelistv5 – Published: 2025-12-05 05:31 – Updated: 2025-12-05 05:31
VLAI?
Summary
The Hide Categories Or Products On Shop Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7. This is due to missing or incorrect nonce validation on the save_data_hcps() function. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity ?
4.3 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| kaushikankrani | Hide Categories Or Products On Shop Page |
Affected:
* , ≤ 1.0.7
(semver)
|
Credits
Jonas Benjamin Friedli
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Hide Categories Or Products On Shop Page",
"vendor": "kaushikankrani",
"versions": [
{
"lessThanOrEqual": "1.0.7",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jonas Benjamin Friedli"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Hide Categories Or Products On Shop Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7. This is due to missing or incorrect nonce validation on the save_data_hcps() function. This makes it possible for unauthenticated attackers to update the plugin\u0027s settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T05:31:27.548Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b649266a-6a9a-4d2e-9a82-2335e96bfe0d?source=cve"
},
{
"url": "https://wordpress.org/plugins/hide-categories-or-products-on-shop-page/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-04T16:29:19.000+00:00",
"value": "Disclosed"
}
],
"title": "Hide Categories Or Products On Shop Page \u003c= 1.0.7 - Cross-Site Request Forgery to Settings Update"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-12128",
"datePublished": "2025-12-05T05:31:27.548Z",
"dateReserved": "2025-10-23T18:37:00.960Z",
"dateUpdated": "2025-12-05T05:31:27.548Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12189 (GCVE-0-2025-12189)
Vulnerability from cvelistv5 – Published: 2025-12-05 05:31 – Updated: 2025-12-05 05:31
VLAI?
Summary
The Bread & Butter: Gate content + Capture leads + Collect first-party data + Nurture with Ai agents plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.10.1321. This is due to missing or incorrect nonce validation on the uploadImage() function. This makes it possible for unauthenticated attackers to upload arbitrary files that make remote code execution possible via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity ?
4.3 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| breadbutter | Bread & Butter: Gate content & Improve lead conversion in 60 seconds |
Affected:
* , ≤ 7.10.1321
(semver)
|
Credits
Ryan Kozak
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Bread \u0026 Butter: Gate content \u0026 Improve lead conversion in 60 seconds",
"vendor": "breadbutter",
"versions": [
{
"lessThanOrEqual": "7.10.1321",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ryan Kozak"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Bread \u0026 Butter: Gate content + Capture leads + Collect first-party data + Nurture with Ai agents plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.10.1321. This is due to missing or incorrect nonce validation on the uploadImage() function. This makes it possible for unauthenticated attackers to upload arbitrary files that make remote code execution possible via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T05:31:27.915Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bb280004-e0ba-44c8-a205-8fec30900d86?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/bread-butter/trunk/src/Base/Ajax.php#L411"
},
{
"url": "https://github.com/d0n601/CVE-2025-12189"
},
{
"url": "https://ryankozak.com/posts/cve-2025-12189/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-04T16:31:43.000+00:00",
"value": "Disclosed"
}
],
"title": "Bread \u0026 Butter: Gate content + Capture leads + Collect first-party data + Nurture with Ai agents \u003c= 7.10.1321 - Cross-Site Request Forgery to Arbitrary File Upload"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-12189",
"datePublished": "2025-12-05T05:31:27.915Z",
"dateReserved": "2025-10-24T20:00:43.777Z",
"dateUpdated": "2025-12-05T05:31:27.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12133 (GCVE-0-2025-12133)
Vulnerability from cvelistv5 – Published: 2025-12-05 05:31 – Updated: 2025-12-05 05:31
VLAI?
Summary
The EPROLO Dropshipping plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wp_ajax_eprolo_delete_tracking and wp_ajax_eprolo_save_tracking_data AJAX endpoints in all versions up to, and including, 2.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify and delete tracking data.
Severity ?
4.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| paulepro2019 | EPROLO Dropshipping |
Affected:
* , ≤ 2.3.1
(semver)
|
Credits
Abhirup Konwar
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EPROLO Dropshipping",
"vendor": "paulepro2019",
"versions": [
{
"lessThanOrEqual": "2.3.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Abhirup Konwar"
}
],
"descriptions": [
{
"lang": "en",
"value": "The EPROLO Dropshipping plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wp_ajax_eprolo_delete_tracking and wp_ajax_eprolo_save_tracking_data AJAX endpoints in all versions up to, and including, 2.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify and delete tracking data."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T05:31:27.179Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a124da63-01a4-44d8-985b-cacef58ea9a3?source=cve"
},
{
"url": "https://wordpress.org/plugins/eprolo-dropshipping/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-04T17:23:45.000+00:00",
"value": "Disclosed"
}
],
"title": "EPROLO Dropshipping \u003c= 2.3.1 - Missing Authorization to Authenticated (Subscriber+) Tracking Data Modification"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-12133",
"datePublished": "2025-12-05T05:31:27.179Z",
"dateReserved": "2025-10-23T19:20:51.823Z",
"dateUpdated": "2025-12-05T05:31:27.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12153 (GCVE-0-2025-12153)
Vulnerability from cvelistv5 – Published: 2025-12-05 05:31 – Updated: 2025-12-05 05:31
VLAI?
Summary
The Featured Image via URL plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation function in all versions up to, and including, 0.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Severity ?
8.8 (High)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tsaiid | Featured Image via URL |
Affected:
* , ≤ 0.1
(semver)
|
Credits
Kenneth Dunn
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Featured Image via URL",
"vendor": "tsaiid",
"versions": [
{
"lessThanOrEqual": "0.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kenneth Dunn"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Featured Image via URL plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation function in all versions up to, and including, 0.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on the affected site\u0027s server which may make remote code execution possible."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T05:31:26.455Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9687a88f-ac5b-4746-a68c-91c358b5fb87?source=cve"
},
{
"url": "https://wordpress.org/plugins/featured-image-via-url/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-04T17:21:27.000+00:00",
"value": "Disclosed"
}
],
"title": "Featured Image via URL \u003c= 0.1 - Authenticated (Contributor+) Arbitrary FIle Upload"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-12153",
"datePublished": "2025-12-05T05:31:26.455Z",
"dateReserved": "2025-10-24T13:03:55.950Z",
"dateUpdated": "2025-12-05T05:31:26.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12370 (GCVE-0-2025-12370)
Vulnerability from cvelistv5 – Published: 2025-12-05 05:31 – Updated: 2025-12-05 05:31
VLAI?
Summary
The Takeads plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.0.13. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete the plugin's configuration options.
Severity ?
4.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Credits
Nabil Irawan
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Takeads",
"vendor": "takeads",
"versions": [
{
"lessThanOrEqual": "1.0.13",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nabil Irawan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Takeads plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.0.13. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete the plugin\u0027s configuration options."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T05:31:26.817Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9f3619d9-7572-439e-a284-d59ef5de08f3?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/monetize-link/tags/1.0.13/src/MLP_Ajax.php#L8"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-04T17:20:48.000+00:00",
"value": "Disclosed"
}
],
"title": "Takeads \u003c= 1.0.13 - Missing Authorization to Plugin Settings Deletion"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-12370",
"datePublished": "2025-12-05T05:31:26.817Z",
"dateReserved": "2025-10-27T20:15:45.237Z",
"dateUpdated": "2025-12-05T05:31:26.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13623 (GCVE-0-2025-13623)
Vulnerability from cvelistv5 – Published: 2025-12-05 05:31 – Updated: 2025-12-05 05:31
VLAI?
Summary
The Twitscription plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the admin.php PATH_INFO in all versions up to, and including, 0.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| natambu | Twitscription |
Affected:
* , ≤ 0.1.1
(semver)
|
Credits
Abdulsamad Yusuf
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Twitscription",
"vendor": "natambu",
"versions": [
{
"lessThanOrEqual": "0.1.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Abdulsamad Yusuf"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Twitscription plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the admin.php PATH_INFO in all versions up to, and including, 0.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T05:31:26.091Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8f6e7756-d8cc-4380-a93e-47d7916a5f7b?source=cve"
},
{
"url": "https://wordpress.org/plugins/twitscription/"
},
{
"url": "https://plugins.trac.wordpress.org/browser/twitscription/tags/0.1.1/twitscription.php#L101"
},
{
"url": "https://plugins.trac.wordpress.org/browser/twitscription/trunk/twitscription.php#L101"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-04T17:29:24.000+00:00",
"value": "Disclosed"
}
],
"title": "Twitscription \u003c= 0.1.1 - Reflected Cross-Site Scripting via admin.php PATH_INFO"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-13623",
"datePublished": "2025-12-05T05:31:26.091Z",
"dateReserved": "2025-11-24T20:45:42.012Z",
"dateUpdated": "2025-12-05T05:31:26.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13622 (GCVE-0-2025-13622)
Vulnerability from cvelistv5 – Published: 2025-12-05 05:31 – Updated: 2025-12-05 05:31
VLAI?
Summary
The Jabbernotification plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the admin.php PATH_INFO in all versions up to, and including, 0.99-RC2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| missi | Jabbernotification |
Affected:
* , ≤ 0.99-RC2
(semver)
|
Credits
Abdulsamad Yusuf
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Jabbernotification",
"vendor": "missi",
"versions": [
{
"lessThanOrEqual": "0.99-RC2",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Abdulsamad Yusuf"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Jabbernotification plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the admin.php PATH_INFO in all versions up to, and including, 0.99-RC2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T05:31:25.692Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8e9a872d-575c-455c-8f26-709878817ae0?source=cve"
},
{
"url": "https://wordpress.org/plugins/jabberbenachrichtigung/"
},
{
"url": "https://plugins.trac.wordpress.org/browser/jabberbenachrichtigung/tags/0.99-RC2/jabbernotification.php#L85"
},
{
"url": "https://plugins.trac.wordpress.org/browser/jabberbenachrichtigung/trunk/jabbernotification.php#L85"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-04T17:30:39.000+00:00",
"value": "Disclosed"
}
],
"title": "Jabbernotification \u003c= 0.99-RC2 - Reflected Cross-Site Scripting via admin.php PATH_INFO"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-13622",
"datePublished": "2025-12-05T05:31:25.692Z",
"dateReserved": "2025-11-24T20:44:35.680Z",
"dateUpdated": "2025-12-05T05:31:25.692Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-10055 (GCVE-0-2025-10055)
Vulnerability from cvelistv5 – Published: 2025-12-05 05:31 – Updated: 2025-12-05 05:31
VLAI?
Summary
The Time Sheets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.3. This is due to missing or incorrect nonce validation on several endpoints. This makes it possible for unauthenticated attackers to perform a variety of actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity ?
4.3 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| mrdenny | Time Sheets |
Affected:
* , ≤ 2.1.3
(semver)
|
Credits
Aurélien BOURDOIS
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Time Sheets",
"vendor": "mrdenny",
"versions": [
{
"lessThanOrEqual": "2.1.3",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aur\u00e9lien BOURDOIS"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Time Sheets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.3. This is due to missing or incorrect nonce validation on several endpoints. This makes it possible for unauthenticated attackers to perform a variety of actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T05:31:25.276Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6d8b57de-d02c-40c0-abdb-ff490bcf429e?source=cve"
},
{
"url": "https://wordpress.org/plugins/time-sheets/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-22T21:24:22.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-12-04T17:30:04.000+00:00",
"value": "Disclosed"
}
],
"title": "Time Sheets \u003c= 2.1.3 - Cross-Site Request Forgery"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-10055",
"datePublished": "2025-12-05T05:31:25.276Z",
"dateReserved": "2025-09-05T19:23:56.710Z",
"dateUpdated": "2025-12-05T05:31:25.276Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12181 (GCVE-0-2025-12181)
Vulnerability from cvelistv5 – Published: 2025-12-05 05:31 – Updated: 2025-12-05 05:31
VLAI?
Summary
The ContentStudio plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the cstu_update_post() function in all versions up to, and including, 1.3.7. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Severity ?
8.8 (High)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| contentstudio | ContentStudio |
Affected:
* , ≤ 1.3.7
(semver)
|
Credits
Kenneth Dunn
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ContentStudio",
"vendor": "contentstudio",
"versions": [
{
"lessThanOrEqual": "1.3.7",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kenneth Dunn"
}
],
"descriptions": [
{
"lang": "en",
"value": "The ContentStudio plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the cstu_update_post() function in all versions up to, and including, 1.3.7. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site\u0027s server which may make remote code execution possible."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T05:31:24.852Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5b92b0a4-7ebf-43b3-837b-ad710e5e35ff?source=cve"
},
{
"url": "https://wordpress.org/plugins/contentstudio/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-04T17:24:52.000+00:00",
"value": "Disclosed"
}
],
"title": "ContentStudio \u003c= 1.3.7 - Authenticated (Author+) Arbitrary File Upload"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-12181",
"datePublished": "2025-12-05T05:31:24.852Z",
"dateReserved": "2025-10-24T19:06:49.890Z",
"dateUpdated": "2025-12-05T05:31:24.852Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13625 (GCVE-0-2025-13625)
Vulnerability from cvelistv5 – Published: 2025-12-05 05:31 – Updated: 2025-12-05 05:31
VLAI?
Summary
The WP-SOS-Donate Donation Sidebar Plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` parameter in all versions up to, and including, 0.9.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| switch2mac | WP-SOS-Donate Donation Sidebar Plugin |
Affected:
* , ≤ 0.9.2
(semver)
|
Credits
Abdulsamad Yusuf
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WP-SOS-Donate Donation Sidebar Plugin",
"vendor": "switch2mac",
"versions": [
{
"lessThanOrEqual": "0.9.2",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Abdulsamad Yusuf"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP-SOS-Donate Donation Sidebar Plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER[\u0027PHP_SELF\u0027]` parameter in all versions up to, and including, 0.9.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T05:31:24.473Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5123c672-e769-4d44-9912-e159d3e186c1?source=cve"
},
{
"url": "https://wordpress.org/plugins/wp-sos-donate/"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-sos-donate/trunk/wp-sos-donate_options.php#L45"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-sos-donate/tags/0.9.2/wp-sos-donate_options.php#L45"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-04T17:29:05.000+00:00",
"value": "Disclosed"
}
],
"title": "WP-SOS-Donate Donation Sidebar Plugin \u003c= 0.9.2 - Reflected Cross-Site Scripting via $_SERVER[\u0027PHP_SELF\u0027]"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-13625",
"datePublished": "2025-12-05T05:31:24.473Z",
"dateReserved": "2025-11-24T21:15:13.302Z",
"dateUpdated": "2025-12-05T05:31:24.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12368 (GCVE-0-2025-12368)
Vulnerability from cvelistv5 – Published: 2025-12-05 05:31 – Updated: 2025-12-05 05:31
VLAI?
Summary
The Sermon Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `sermon-views` shortcode in all versions up to, and including, 2.30.0. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity ?
6.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wpforchurch | Sermon Manager |
Affected:
* , ≤ 2.30.0
(semver)
|
Credits
Djaidja Moundjid
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Sermon Manager",
"vendor": "wpforchurch",
"versions": [
{
"lessThanOrEqual": "2.30.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Djaidja Moundjid"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Sermon Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `sermon-views` shortcode in all versions up to, and including, 2.30.0. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T05:31:23.011Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/41116b52-8f94-4d29-8845-a27bdf817b43?source=cve"
},
{
"url": "https://wordpress.org/plugins/sermon-manager-for-wordpress"
},
{
"url": "https://plugins.trac.wordpress.org/browser/sermon-manager-for-wordpress/tags/2.30.0/includes/vendor/entry-views.php#L114"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-04T17:25:11.000+00:00",
"value": "Disclosed"
}
],
"title": "Sermon Manager \u003c= 2.30.0 - Authenticated (Contributor+) Stored Cross-Site Scripting"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-12368",
"datePublished": "2025-12-05T05:31:23.011Z",
"dateReserved": "2025-10-27T19:57:18.038Z",
"dateUpdated": "2025-12-05T05:31:23.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13360 (GCVE-0-2025-13360)
Vulnerability from cvelistv5 – Published: 2025-12-05 05:31 – Updated: 2025-12-05 05:31
VLAI?
Summary
The Quantic Social Image Hover plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity ?
4.3 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| monkeyboz | Quantic Social Image Hover |
Affected:
* , ≤ 1.0.8
(semver)
|
Credits
dayea song
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Quantic Social Image Hover",
"vendor": "monkeyboz",
"versions": [
{
"lessThanOrEqual": "1.0.8",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "dayea song"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Quantic Social Image Hover plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update the plugin\u0027s settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T05:31:23.501Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/43a237fd-5d3a-47fb-bacf-ceb5eeaa8bbb?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/tw-image-hover-share/trunk/tw-image-hover.php#L103"
},
{
"url": "https://plugins.trac.wordpress.org/browser/tw-image-hover-share/tags/1.0.8/tw-image-hover.php#L103"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-04T16:30:27.000+00:00",
"value": "Disclosed"
}
],
"title": "Quantic Social Image Hover \u003c= 1.0.8 - Cross-Site Request Forgery to Settings Update"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-13360",
"datePublished": "2025-12-05T05:31:23.501Z",
"dateReserved": "2025-11-18T16:31:13.464Z",
"dateUpdated": "2025-12-05T05:31:23.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13621 (GCVE-0-2025-13621)
Vulnerability from cvelistv5 – Published: 2025-12-05 05:31 – Updated: 2025-12-05 05:31
VLAI?
Summary
The dream gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'dreampluginsmain' AJAX action. This makes it possible for unauthenticated attackers to update the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity ?
6.1 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| teamdream | dream gallery |
Affected:
* , ≤ 1.0
(semver)
|
Credits
dayea song
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "dream gallery",
"vendor": "teamdream",
"versions": [
{
"lessThanOrEqual": "1.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "dayea song"
}
],
"descriptions": [
{
"lang": "en",
"value": "The dream gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the \u0027dreampluginsmain\u0027 AJAX action. This makes it possible for unauthenticated attackers to update the plugin\u0027s settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T05:31:22.608Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3cdf6ba0-2866-4347-8518-bb1d2e40bab3?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/dream-gallery/tags/1.0/dreamgallery.php#L254"
},
{
"url": "https://plugins.trac.wordpress.org/browser/dream-gallery/tags/1.0/dreamgallery.php#L257"
},
{
"url": "https://plugins.trac.wordpress.org/browser/dream-gallery/tags/1.0/templates/front.php#L38"
},
{
"url": "https://plugins.trac.wordpress.org/browser/dream-gallery/trunk/dreamgallery.php#L254"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-04T17:28:00.000+00:00",
"value": "Disclosed"
}
],
"title": "dream gallery \u003c= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via \u0027dreampluginsmain\u0027 AJAX Action"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-13621",
"datePublished": "2025-12-05T05:31:22.608Z",
"dateReserved": "2025-11-24T20:43:27.215Z",
"dateUpdated": "2025-12-05T05:31:22.608Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12165 (GCVE-0-2025-12165)
Vulnerability from cvelistv5 – Published: 2025-12-05 05:31 – Updated: 2025-12-05 05:31
VLAI?
Summary
The Webcake – Landing Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'webcake_save_config' AJAX endpoint in all versions up to, and including, 1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify the plugin's settings.
Severity ?
4.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| huyme | Webcake – Landing Page Builder |
Affected:
* , ≤ 1.1
(semver)
|
Credits
Abhirup Konwar
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Webcake \u2013 Landing Page Builder",
"vendor": "huyme",
"versions": [
{
"lessThanOrEqual": "1.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Abhirup Konwar"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Webcake \u2013 Landing Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the \u0027webcake_save_config\u0027 AJAX endpoint in all versions up to, and including, 1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify the plugin\u0027s settings."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T05:31:22.211Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3bdeb2a1-ab97-45ff-808e-37e631d5e9cf?source=cve"
},
{
"url": "https://wordpress.org/plugins/webcake/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-04T16:38:45.000+00:00",
"value": "Disclosed"
}
],
"title": "Webcake \u2013 Landing Page Builder \u003c= 1.1 - Missing Authorization to Authenticated (Subscriber+) Settings Update"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-12165",
"datePublished": "2025-12-05T05:31:22.211Z",
"dateReserved": "2025-10-24T14:16:57.300Z",
"dateUpdated": "2025-12-05T05:31:22.211Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12163 (GCVE-0-2025-12163)
Vulnerability from cvelistv5 – Published: 2025-12-05 05:31 – Updated: 2025-12-05 05:31
VLAI?
Summary
The Omnipress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
Severity ?
6.4 (Medium)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| omnipressteam | Omnipress |
Affected:
* , ≤ 1.6.3
(semver)
|
Credits
Kai Aizen
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Omnipress",
"vendor": "omnipressteam",
"versions": [
{
"lessThanOrEqual": "1.6.3",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kai Aizen"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Omnipress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T05:31:21.763Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/15aabe3b-1b77-4e4e-9710-cf06924dbcbf?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/omnipress/tags/1.6.3/includes/RestApi/Controllers/V1/FileUploadRestController.php#L57"
},
{
"url": "https://plugins.trac.wordpress.org/browser/omnipress/tags/1.6.3/includes/uploader/FileUploader.php#L85"
},
{
"url": "https://plugins.trac.wordpress.org/browser/omnipress/tags/1.6.3/includes/uploader/FileUploader.php#L106"
},
{
"url": "https://plugins.trac.wordpress.org/browser/omnipress/tags/1.6.3/includes/Core/RestControllersBase.php#L81"
},
{
"url": "https://cwe.mitre.org/data/definitions/434.html"
},
{
"url": "https://owasp.org/www-community/vulnerabilities/Unrestricted_File_Upload"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-04T16:31:20.000+00:00",
"value": "Disclosed"
}
],
"title": "Omnipress \u003c= 1.6.3 - Authenticated (Author+) Stored Cross-Site Scripting"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-12163",
"datePublished": "2025-12-05T05:31:21.763Z",
"dateReserved": "2025-10-24T14:04:10.223Z",
"dateUpdated": "2025-12-05T05:31:21.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13512 (GCVE-0-2025-13512)
Vulnerability from cvelistv5 – Published: 2025-12-05 05:31 – Updated: 2025-12-05 05:31
VLAI?
Summary
The CoSign Single Signon plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` parameter in all versions up to, and including, 0.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| jiangxin | CoSign Single Signon |
Affected:
* , ≤ 0.3.1
(semver)
|
Credits
Abdulsamad Yusuf
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CoSign Single Signon",
"vendor": "jiangxin",
"versions": [
{
"lessThanOrEqual": "0.3.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Abdulsamad Yusuf"
}
],
"descriptions": [
{
"lang": "en",
"value": "The CoSign Single Signon plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER[\u0027PHP_SELF\u0027]` parameter in all versions up to, and including, 0.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T05:31:21.382Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0bbeab52-59a9-4d8d-8e3e-ebcbbca9816b?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/cosign-sso/trunk/cosign-sso.php#L423"
},
{
"url": "https://plugins.trac.wordpress.org/browser/cosign-sso/tags/0.3.1/cosign-sso.php#L423"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-04T16:39:21.000+00:00",
"value": "Disclosed"
}
],
"title": "CoSign Single Signon \u003c= 0.3.1 - Reflected Cross-Site Scripting via $_SERVER[\u0027PHP_SELF\u0027]"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-13512",
"datePublished": "2025-12-05T05:31:21.382Z",
"dateReserved": "2025-11-21T18:05:25.470Z",
"dateUpdated": "2025-12-05T05:31:21.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13144 (GCVE-0-2025-13144)
Vulnerability from cvelistv5 – Published: 2025-12-05 05:31 – Updated: 2025-12-05 05:31
VLAI?
Summary
The ContentStudio plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.7. This is due to missing or insufficient nonce validation on the add_cstu_settings function. This makes it possible for unauthenticated attackers to modify plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity ?
4.3 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| contentstudio | ContentStudio |
Affected:
* , ≤ 1.3.7
(semver)
|
Credits
Muhammad Nur Ibnu Hubab
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ContentStudio",
"vendor": "contentstudio",
"versions": [
{
"lessThanOrEqual": "1.3.7",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Muhammad Nur Ibnu Hubab"
}
],
"descriptions": [
{
"lang": "en",
"value": "The ContentStudio plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.7. This is due to missing or insufficient nonce validation on the add_cstu_settings function. This makes it possible for unauthenticated attackers to modify plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T05:31:20.105Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/047fd07c-ab07-49bf-8a94-8ae33c92f93e?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/contentstudio/tags/1.3.7/contentstudio-plugin.php#L380"
},
{
"url": "https://plugins.trac.wordpress.org/browser/contentstudio/tags/1.3.7/contentstudio-plugin.php#L383"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-04T17:24:04.000+00:00",
"value": "Disclosed"
}
],
"title": "ContentStudio \u003c= 1.3.7 - Cross-Site Request Forgery to Settings Update"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-13144",
"datePublished": "2025-12-05T05:31:20.105Z",
"dateReserved": "2025-11-13T19:01:00.718Z",
"dateUpdated": "2025-12-05T05:31:20.105Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}