Search criteria
7874 vulnerabilities
CVE-2025-12804 (GCVE-0-2025-12804)
Vulnerability from cvelistv5 – Published: 2025-12-05 01:55 – Updated: 2025-12-05 01:55
VLAI?
Summary
The Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin 'bookingcalendar' shortcode in all versions up to, and including, 10.14.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity ?
6.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wpdevelop | Booking Calendar |
Affected:
* , ≤ 10.14.6
(semver)
|
Credits
Muhammad Yudha - DJ
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Booking Calendar",
"vendor": "wpdevelop",
"versions": [
{
"lessThanOrEqual": "10.14.6",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Muhammad Yudha - DJ"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin \u0027bookingcalendar\u0027 shortcode in all versions up to, and including, 10.14.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T01:55:22.221Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ad993a62-457a-494f-a7c8-256b808d18c0?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3391614/booking"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-06T14:00:45.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-12-04T13:08:08.000+00:00",
"value": "Disclosed"
}
],
"title": "Booking Calendar \u003c= 10.14.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via bookingcalendar Shortcode"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-12804",
"datePublished": "2025-12-05T01:55:22.221Z",
"dateReserved": "2025-11-06T13:45:29.328Z",
"dateUpdated": "2025-12-05T01:55:22.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11759 (GCVE-0-2025-11759)
Vulnerability from cvelistv5 – Published: 2025-12-05 01:55 – Updated: 2025-12-05 01:55
VLAI?
Summary
The Backup, Restore and Migrate your sites with XCloner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.8.2. This is due to missing or incorrect nonce validation on the Xcloner_Remote_Storage:save() function. This makes it possible for unauthenticated attackers to add or modify an FTP backup configuration via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Successful exploitation allows an attacker to set an attacker-controlled FTP site for backup storage and exfiltrate potentially sensitive site data.
Severity ?
4.3 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| watchful | Backup, Restore and Migrate your sites with XCloner |
Affected:
* , ≤ 4.8.2
(semver)
|
Credits
Rafshanzani Suhada
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Backup, Restore and Migrate your sites with XCloner",
"vendor": "watchful",
"versions": [
{
"lessThanOrEqual": "4.8.2",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rafshanzani Suhada"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Backup, Restore and Migrate your sites with XCloner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.8.2. This is due to missing or incorrect nonce validation on the Xcloner_Remote_Storage:save() function. This makes it possible for unauthenticated attackers to add or modify an FTP backup configuration via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Successful exploitation allows an attacker to set an attacker-controlled FTP site for backup storage and exfiltrate potentially sensitive site data."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T01:55:21.515Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a76a8e36-635a-48a3-8683-c24a0395212e?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3398881/xcloner-backup-and-restore"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-10T09:27:09.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-12-04T13:31:53.000+00:00",
"value": "Disclosed"
}
],
"title": "Backup, Restore and Migrate your sites with XCloner \u003c= 4.8.2 - Cross-Site Request Forgery in Xcloner_Remote_Storage:save()"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-11759",
"datePublished": "2025-12-05T01:55:21.515Z",
"dateReserved": "2025-10-14T19:57:56.210Z",
"dateUpdated": "2025-12-05T01:55:21.515Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13543 (GCVE-0-2025-13543)
Vulnerability from cvelistv5 – Published: 2025-12-04 20:27 – Updated: 2025-12-04 20:27
VLAI?
Summary
The PostGallery plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'PostGalleryUploader' class functions in all versions up to, and including, 1.12.5. This makes it possible for authenticated attackers, with subscriber-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Severity ?
8.8 (High)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| rtowebsites | PostGallery |
Affected:
* , ≤ 1.12.5
(semver)
|
Credits
Moose Love
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PostGallery",
"vendor": "rtowebsites",
"versions": [
{
"lessThanOrEqual": "1.12.5",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Moose Love"
}
],
"descriptions": [
{
"lang": "en",
"value": "The PostGallery plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the \u0027PostGalleryUploader\u0027 class functions in all versions up to, and including, 1.12.5. This makes it possible for authenticated attackers, with subscriber-level and above permissions, to upload arbitrary files on the affected site\u0027s server which may make remote code execution possible."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-04T20:27:30.392Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/13348eb5-5001-4ec4-bc6a-44795bbed203?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/postgallery/tags/1.12.5/admin/PostGalleryUploader.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-04T07:28:57.000+00:00",
"value": "Disclosed"
}
],
"title": "PostGallery \u003c= 1.12.5 - Authenticated (Subscriber+) Arbitrary File Upload"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-13543",
"datePublished": "2025-12-04T20:27:30.392Z",
"dateReserved": "2025-11-22T14:12:33.475Z",
"dateUpdated": "2025-12-04T20:27:30.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12826 (GCVE-0-2025-12826)
Vulnerability from cvelistv5 – Published: 2025-12-04 06:48 – Updated: 2025-12-04 06:48
VLAI?
Summary
The Custom Post Type UI plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.18.0. This is due to the plugin not verifying that a user has the required capability to perform actions in the "cptui_process_post_type" function. This makes it possible for authenticated attackers, with subscriber level access and above, to add, edit, or delete custom post types in limited situations.
Severity ?
4.8 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| webdevstudios | Custom Post Type UI |
Affected:
* , ≤ 1.18.0
(semver)
|
Credits
mahdi salhi
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Custom Post Type UI",
"vendor": "webdevstudios",
"versions": [
{
"lessThanOrEqual": "1.18.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "mahdi salhi"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Custom Post Type UI plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.18.0. This is due to the plugin not verifying that a user has the required capability to perform actions in the \"cptui_process_post_type\" function. This makes it possible for authenticated attackers, with subscriber level access and above, to add, edit, or delete custom post types in limited situations."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-04T06:48:40.592Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/90d203b1-9426-4eff-b566-02c8a1c6adfa?source=cve"
},
{
"url": "https://github.com/WebDevStudios/custom-post-type-ui/commit/215779a5ac0c624f0dcf875e87305b4898d5bcf9"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-29T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-11-19T16:47:37.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-12-03T18:13:21.000+00:00",
"value": "Disclosed"
}
],
"title": "Custom Post Type UI \u003c= 1.18.0 - Missing Authorization to Unauthenticated (Previously Administrator+) Custom Post Type Modification"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-12826",
"datePublished": "2025-12-04T06:48:40.592Z",
"dateReserved": "2025-11-06T19:14:37.111Z",
"dateUpdated": "2025-12-04T06:48:40.592Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12782 (GCVE-0-2025-12782)
Vulnerability from cvelistv5 – Published: 2025-12-04 06:48 – Updated: 2025-12-04 06:48
VLAI?
Summary
The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.9.4. This is due to the plugin not properly verifying a user's authorization in the disable() function. This makes it possible for authenticated attackers, with contributor level access and above, to disable the Beaver Builder layout on arbitrary posts and pages, causing content integrity issues and layout disruption on those pages.
Severity ?
4.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| beaverbuilder | Beaver Builder Page Builder – Drag and Drop Website Builder |
Affected:
* , ≤ 2.9.4
(semver)
|
Credits
Athiwat Tiprasaharn
Itthidej Aramsri
Powpy
Waris Damkham
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Beaver Builder Page Builder \u2013 Drag and Drop Website Builder",
"vendor": "beaverbuilder",
"versions": [
{
"lessThanOrEqual": "2.9.4",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Athiwat Tiprasaharn"
},
{
"lang": "en",
"type": "finder",
"value": "Itthidej Aramsri"
},
{
"lang": "en",
"type": "finder",
"value": "Powpy"
},
{
"lang": "en",
"type": "finder",
"value": "Waris Damkham"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Beaver Builder \u2013 WordPress Page Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.9.4. This is due to the plugin not properly verifying a user\u0027s authorization in the disable() function. This makes it possible for authenticated attackers, with contributor level access and above, to disable the Beaver Builder layout on arbitrary posts and pages, causing content integrity issues and layout disruption on those pages."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-04T06:48:39.973Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/710ed734-ca98-4ab3-82d5-359e683ee062?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3406987/beaver-builder-lite-version"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-28T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-11-05T22:25:17.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-12-03T18:08:15.000+00:00",
"value": "Disclosed"
}
],
"title": "Beaver Builder \u2013 WordPress Page Builder \u003c= 2.9.4 - Missing Authorization to Authenticated (Contributor+) Builder Status Tampering"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-12782",
"datePublished": "2025-12-04T06:48:39.973Z",
"dateReserved": "2025-11-05T22:08:55.570Z",
"dateUpdated": "2025-12-04T06:48:39.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13513 (GCVE-0-2025-13513)
Vulnerability from cvelistv5 – Published: 2025-12-04 05:24 – Updated: 2025-12-04 14:42
VLAI?
Summary
The Clik stats plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` parameter in all versions up to, and including, 0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codejunkie | Clik stats |
Affected:
* , ≤ 0.8
(semver)
|
Credits
Abdulsamad Yusuf
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13513",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-04T14:42:36.191964Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-04T14:42:43.205Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Clik stats",
"vendor": "codejunkie",
"versions": [
{
"lessThanOrEqual": "0.8",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Abdulsamad Yusuf"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Clik stats plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER[\u0027PHP_SELF\u0027]` parameter in all versions up to, and including, 0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-04T05:24:13.741Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8a047313-fdbc-47fa-912a-a624033bbce1?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/clikstats/trunk/ck_admin.php#L47"
},
{
"url": "https://plugins.trac.wordpress.org/browser/clikstats/tags/0.8/ck_admin.php#L47"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-03T17:02:06.000+00:00",
"value": "Disclosed"
}
],
"title": "Clik stats \u003c= 0.8 - Reflected Cross-Site Scripting via $_SERVER[\u0027PHP_SELF\u0027]"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-13513",
"datePublished": "2025-12-04T05:24:13.741Z",
"dateReserved": "2025-11-21T18:30:30.441Z",
"dateUpdated": "2025-12-04T14:42:43.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11727 (GCVE-0-2025-11727)
Vulnerability from cvelistv5 – Published: 2025-12-04 04:29 – Updated: 2025-12-04 14:19
VLAI?
Summary
The Omnichannel for WooCommerce: Google, Amazon, eBay & Walmart Integration – Powered by Codisto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sync() function in all versions up to, and including, 1.3.65 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity ?
7.2 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codisto | Omnichannel for WooCommerce: Google, Amazon, eBay & Walmart Integration – Powered by Codisto |
Affected:
* , ≤ 1.3.65
(semver)
|
Credits
Angus Girvan
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11727",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-04T14:19:10.271757Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-04T14:19:17.245Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Omnichannel for WooCommerce: Google, Amazon, eBay \u0026 Walmart Integration \u2013 Powered by Codisto",
"vendor": "codisto",
"versions": [
{
"lessThanOrEqual": "1.3.65",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Angus Girvan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Omnichannel for WooCommerce: Google, Amazon, eBay \u0026 Walmart Integration \u2013 Powered by Codisto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sync() function in all versions up to, and including, 1.3.65 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-04T04:29:01.167Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f4e3b796-af9a-4403-8d9a-1b56d7253b45?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/codistoconnect/trunk/connect.php#L2101"
},
{
"url": "https://plugins.trac.wordpress.org/browser/codistoconnect/trunk/connect.php#L3063"
},
{
"url": "https://plugins.trac.wordpress.org/browser/codistoconnect/trunk/connect.php#L3248"
},
{
"url": "https://plugins.trac.wordpress.org/browser/codistoconnect/trunk/connect.php#L2117"
},
{
"url": "https://plugins.trac.wordpress.org/browser/codistoconnect/trunk/connect.php#L3249"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-11T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-12-03T15:51:28.000+00:00",
"value": "Disclosed"
}
],
"title": "Omnichannel for WooCommerce: Google, Amazon, eBay \u0026 Walmart Integration - Powered by Codisto \u003c= 1.3.65 - Unauthenticated Stored Cross-Site Scripting"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-11727",
"datePublished": "2025-12-04T04:29:01.167Z",
"dateReserved": "2025-10-13T22:46:45.514Z",
"dateUpdated": "2025-12-04T14:19:17.245Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11379 (GCVE-0-2025-11379)
Vulnerability from cvelistv5 – Published: 2025-12-04 04:29 – Updated: 2025-12-04 14:31
VLAI?
Summary
The WebP Express plugin for WordPress is vulnerable to information exposure via config files in all versions up to, and including, 0.25.9. This is due to the plugin not properly randomizing the name of the config file to prevent direct access on NGINX. This makes it possible for unauthenticated attackers to extract configuration data.
Severity ?
5.3 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| roselldk | WebP Express |
Affected:
* , ≤ 0.25.9
(semver)
|
Credits
Rafshanzani Suhada
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11379",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-04T14:30:23.203183Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-04T14:31:31.814Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WebP Express",
"vendor": "roselldk",
"versions": [
{
"lessThanOrEqual": "0.25.9",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rafshanzani Suhada"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WebP Express plugin for WordPress is vulnerable to information exposure via config files in all versions up to, and including, 0.25.9. This is due to the plugin not properly randomizing the name of the config file to prevent direct access on NGINX. This makes it possible for unauthenticated attackers to extract configuration data."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-04T04:29:00.466Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c28479bf-768a-4ab4-8e74-ad367b9b744f?source=cve"
},
{
"url": "https://wordpress.org/plugins/webp-express/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-03T15:48:18.000+00:00",
"value": "Disclosed"
}
],
"title": "WebP Express \u003c= 0.25.9 - Unauthenticated Information Exposure"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-11379",
"datePublished": "2025-12-04T04:29:00.466Z",
"dateReserved": "2025-10-06T16:49:53.311Z",
"dateUpdated": "2025-12-04T14:31:31.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13756 (GCVE-0-2025-13756)
Vulnerability from cvelistv5 – Published: 2025-12-03 13:52 – Updated: 2025-12-03 14:40
VLAI?
Summary
The Fluent Booking plugin for WordPress is vulnerable to unauthorized calendar import and management due to a missing capability check on the "importCalendar" function in all versions up to, and including, 1.9.11. This makes it possible for authenticated attackers, with subscriber level access and above, to import arbitrary calendars and manage them.
Severity ?
4.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| techjewel | Fluent Booking – The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution |
Affected:
* , ≤ 1.9.11
(semver)
|
Credits
Md. Moniruzzaman Prodhan
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13756",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T14:40:47.097022Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T14:40:52.227Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Fluent Booking \u2013 The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution",
"vendor": "techjewel",
"versions": [
{
"lessThanOrEqual": "1.9.11",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Md. Moniruzzaman Prodhan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Fluent Booking plugin for WordPress is vulnerable to unauthorized calendar import and management due to a missing capability check on the \"importCalendar\" function in all versions up to, and including, 1.9.11. This makes it possible for authenticated attackers, with subscriber level access and above, to import arbitrary calendars and manage them."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T13:52:45.265Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7860dfa8-de76-4ca3-bd80-98550afab56b?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3404176/fluent-booking/tags/1.10.0/app/Hooks/Handlers/DataImporter.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-18T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-11-26T20:41:32.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-12-03T00:41:01.000+00:00",
"value": "Disclosed"
}
],
"title": "Fluent Booking \u2013 The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution \u003c= 1.9.11 - Authenticated (Subscriber+) Missing Authorization to Calendar Import and Management"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-13756",
"datePublished": "2025-12-03T13:52:45.265Z",
"dateReserved": "2025-11-26T20:26:05.841Z",
"dateUpdated": "2025-12-03T14:40:52.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13359 (GCVE-0-2025-13359)
Vulnerability from cvelistv5 – Published: 2025-12-03 13:52 – Updated: 2025-12-03 14:13
VLAI?
Summary
The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to time-based SQL Injection via the "getTermsForAjax" function in all versions up to, and including, 3.40.1. This is due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database granted they have metabox access for the taxonomy (enabled by default for contributors).
Severity ?
6.5 (Medium)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| stevejburge | Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI |
Affected:
* , ≤ 3.40.1
(semver)
|
Credits
M Indra Purnama
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13359",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T14:13:44.239329Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T14:13:50.283Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Tag, Category, and Taxonomy Manager \u2013 AI Autotagger with OpenAI",
"vendor": "stevejburge",
"versions": [
{
"lessThanOrEqual": "3.40.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "M Indra Purnama"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Tag, Category, and Taxonomy Manager \u2013 AI Autotagger with OpenAI plugin for WordPress is vulnerable to time-based SQL Injection via the \"getTermsForAjax\" function in all versions up to, and including, 3.40.1. This is due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database granted they have metabox access for the taxonomy (enabled by default for contributors)."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T13:52:45.829Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d9bebdc0-1625-4dc4-8c92-37f379868cd5?source=cve"
},
{
"url": "https://github.com/TaxoPress/TaxoPress/commit/1097a22181aa10ce55cc9cd5fa8495f7494e18ea"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-08T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-11-18T16:12:12.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-12-03T00:30:02.000+00:00",
"value": "Disclosed"
}
],
"title": "Tag, Category, and Taxonomy Manager \u2013 AI Autotagger with OpenAI \u003c= 3.40.1 - Authenticated (Contributor+) SQL Injection"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-13359",
"datePublished": "2025-12-03T13:52:45.829Z",
"dateReserved": "2025-11-18T15:56:36.915Z",
"dateUpdated": "2025-12-03T14:13:50.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13401 (GCVE-0-2025-13401)
Vulnerability from cvelistv5 – Published: 2025-12-03 13:52 – Updated: 2025-12-03 14:47
VLAI?
Summary
The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the LCP Image to preload metabox in all versions up to, and including, 3.1.13 due to insufficient input sanitization and output escaping on user-supplied image attributes in the "create_img_preload_tag" function. This makes it possible for authenticated attackers, with contributor level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity ?
6.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| optimizingmatters | Autoptimize |
Affected:
* , ≤ 3.1.13
(semver)
|
Credits
Muhammad Yudha - DJ
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13401",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T14:47:52.328274Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T14:47:57.880Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Autoptimize",
"vendor": "optimizingmatters",
"versions": [
{
"lessThanOrEqual": "3.1.13",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Muhammad Yudha - DJ"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the LCP Image to preload metabox in all versions up to, and including, 3.1.13 due to insufficient input sanitization and output escaping on user-supplied image attributes in the \"create_img_preload_tag\" function. This makes it possible for authenticated attackers, with contributor level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T13:52:44.692Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6ed5bdb3-c4cd-4982-bc47-feeff527e284?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3401333/autoptimize"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-10T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-11-19T18:29:52.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-12-03T00:32:37.000+00:00",
"value": "Disclosed"
}
],
"title": "Autoptimize \u003c= 3.1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-13401",
"datePublished": "2025-12-03T13:52:44.692Z",
"dateReserved": "2025-11-19T10:38:07.284Z",
"dateUpdated": "2025-12-03T14:47:57.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13390 (GCVE-0-2025-13390)
Vulnerability from cvelistv5 – Published: 2025-12-03 13:52 – Updated: 2025-12-03 18:00
VLAI?
Summary
The WP Directory Kit plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.4.4 due to incorrect implementation of the authentication algorithm in the "wdk_generate_auto_login_link" function. This is due to the feature using a cryptographically weak token generation mechanism. This makes it possible for unauthenticated attackers to gain administrative access and achieve full site takeover via the auto-login endpoint with a predictable token.
Severity ?
10 (Critical)
CWE
- CWE-303 - Incorrect Implementation of Authentication Algorithm
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| listingthemes | WP Directory Kit |
Affected:
1.4.0 , ≤ 1.4.4
(semver)
|
Credits
Ryan Kozak
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13390",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T14:50:08.232125Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T14:50:14.514Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WP Directory Kit",
"vendor": "listingthemes",
"versions": [
{
"lessThanOrEqual": "1.4.4",
"status": "affected",
"version": "1.4.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ryan Kozak"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP Directory Kit plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.4.4 due to incorrect implementation of the authentication algorithm in the \"wdk_generate_auto_login_link\" function. This is due to the feature using a cryptographically weak token generation mechanism. This makes it possible for unauthenticated attackers to gain administrative access and achieve full site takeover via the auto-login endpoint with a predictable token."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 10,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-303",
"description": "CWE-303 Incorrect Implementation of Authentication Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T18:00:30.049Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6598d171-e68c-4d2f-9cd1-f1574fa90433?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3400599/wpdirectorykit/"
},
{
"url": "https://github.com/d0n601/CVE-2025-13390"
},
{
"url": "https://ryankozak.com/posts/cve-2025-13390/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-09T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-11-18T22:05:31.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-12-03T00:39:01.000+00:00",
"value": "Disclosed"
}
],
"title": "WP Directory Kit \u003c= 1.4.4 - Authentication Bypass to Privilege Escalation via Account Takeover"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-13390",
"datePublished": "2025-12-03T13:52:44.263Z",
"dateReserved": "2025-11-18T21:50:03.589Z",
"dateUpdated": "2025-12-03T18:00:30.049Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13354 (GCVE-0-2025-13354)
Vulnerability from cvelistv5 – Published: 2025-12-03 13:52 – Updated: 2025-12-03 14:50
VLAI?
Summary
The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.40.1. This is due to the plugin not properly verifying that a user is authorized to perform an action in the "taxopress_merge_terms_batch" function. This makes it possible for authenticated attackers, with subscriber level access and above, to merge or delete arbitrary taxonomy terms.
Severity ?
4.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| stevejburge | Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI |
Affected:
* , ≤ 3.40.1
(semver)
|
Credits
M Indra Purnama
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13354",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T14:50:34.638149Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T14:50:39.039Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Tag, Category, and Taxonomy Manager \u2013 AI Autotagger with OpenAI",
"vendor": "stevejburge",
"versions": [
{
"lessThanOrEqual": "3.40.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "M Indra Purnama"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Tag, Category, and Taxonomy Manager \u2013 AI Autotagger with OpenAI plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.40.1. This is due to the plugin not properly verifying that a user is authorized to perform an action in the \"taxopress_merge_terms_batch\" function. This makes it possible for authenticated attackers, with subscriber level access and above, to merge or delete arbitrary taxonomy terms."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T13:52:43.424Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/05c1ee52-02c9-440b-9269-14ea8b73be45?source=cve"
},
{
"url": "https://github.com/TaxoPress/TaxoPress/commit/5eb2cee861ebd109152eea968aca0259c078c8b0"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-08T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-11-18T16:12:11.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-12-03T00:31:09.000+00:00",
"value": "Disclosed"
}
],
"title": "Tag, Category, and Taxonomy Manager \u2013 AI Autotagger with OpenAI \u003c= 3.40.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Taxonomy Term Manipulation"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-13354",
"datePublished": "2025-12-03T13:52:43.424Z",
"dateReserved": "2025-11-18T11:43:32.191Z",
"dateUpdated": "2025-12-03T14:50:39.039Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13109 (GCVE-0-2025-13109)
Vulnerability from cvelistv5 – Published: 2025-12-03 12:29 – Updated: 2025-12-03 13:56
VLAI?
Summary
The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.7.2 via the "woof_add_query" and "woof_remove_query" functions due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with subscriber level access and above, to insert or remove arbitrary saved search queries into any user's profile, including administrators.
Severity ?
4.3 (Medium)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| realmag777 | HUSKY – Products Filter Professional for WooCommerce |
Affected:
* , ≤ 1.3.7.2
(semver)
|
Credits
Athiwat Tiprasaharn
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13109",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T13:56:11.523862Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T13:56:18.714Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HUSKY \u2013 Products Filter Professional for WooCommerce",
"vendor": "realmag777",
"versions": [
{
"lessThanOrEqual": "1.3.7.2",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Athiwat Tiprasaharn"
}
],
"descriptions": [
{
"lang": "en",
"value": "The HUSKY \u2013 Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.7.2 via the \"woof_add_query\" and \"woof_remove_query\" functions due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with subscriber level access and above, to insert or remove arbitrary saved search queries into any user\u0027s profile, including administrators."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T12:29:56.230Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9effc186-c225-4b3b-9b8c-c453505a41de?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3400527"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-03T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-11-13T00:18:15.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-12-03T00:25:34.000+00:00",
"value": "Disclosed"
}
],
"title": "HUSKY \u2013 Products Filter Professional for WooCommerce \u003c= 1.3.7.2 - Authenticated (Subscriber+) Insecure Direct Object Reference via \u0027woof_add_query/woof_remove_query\u0027"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-13109",
"datePublished": "2025-12-03T12:29:56.230Z",
"dateReserved": "2025-11-12T23:36:07.758Z",
"dateUpdated": "2025-12-03T13:56:18.714Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13342 (GCVE-0-2025-13342)
Vulnerability from cvelistv5 – Published: 2025-12-03 12:29 – Updated: 2025-12-03 14:01
VLAI?
Summary
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to unauthorized modification of arbitrary WordPress options in all versions up to, and including, 3.28.20. This is due to insufficient capability checks and input validation in the ActionOptions::run() save handler. This makes it possible for unauthenticated attackers to modify critical WordPress options such as users_can_register, default_role, and admin_email via submitting crafted form data to public frontend forms.
Severity ?
9.8 (Critical)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| shabti | Frontend Admin by DynamiApps |
Affected:
* , ≤ 3.28.20
(semver)
|
Credits
JEONG YU CHAN
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13342",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T14:00:22.875426Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T14:01:05.990Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Frontend Admin by DynamiApps",
"vendor": "shabti",
"versions": [
{
"lessThanOrEqual": "3.28.20",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "JEONG YU CHAN"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to unauthorized modification of arbitrary WordPress options in all versions up to, and including, 3.28.20. This is due to insufficient capability checks and input validation in the ActionOptions::run() save handler. This makes it possible for unauthenticated attackers to modify critical WordPress options such as users_can_register, default_role, and admin_email via submitting crafted form data to public frontend forms."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T12:29:55.422Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/613f2035-3061-429b-b218-83805287e4f3?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3400432/acf-frontend-form-element"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-07T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-11-19T16:22:46.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-12-03T00:27:58.000+00:00",
"value": "Disclosed"
}
],
"title": "Frontend Admin by DynamiApps \u003c= 3.28.20 - Unauthenticated Arbitrary Options Update"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-13342",
"datePublished": "2025-12-03T12:29:55.422Z",
"dateReserved": "2025-11-17T23:15:13.995Z",
"dateUpdated": "2025-12-03T14:01:05.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12358 (GCVE-0-2025-12358)
Vulnerability from cvelistv5 – Published: 2025-12-03 12:29 – Updated: 2025-12-03 13:58
VLAI?
Summary
The ShopEngine Elementor WooCommerce Builder Addon plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.8.5. This is due to missing nonce validation on the "post_add_to_list" function as well as an incorrect permissions callback in the "Api/init" function. This makes it possible for unauthenticated attackers to add or remove products from a user's wishlist via a forged request granted they can trick a site's user into performing an action such as clicking on a link.
Severity ?
4.3 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| roxnor | ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution |
Affected:
* , ≤ 4.8.5
(semver)
|
Credits
Adrian Lukita
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12358",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T13:58:26.093699Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T13:58:46.007Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ShopEngine Elementor WooCommerce Builder Addon \u2013 All in One WooCommerce Solution",
"vendor": "roxnor",
"versions": [
{
"lessThanOrEqual": "4.8.5",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Adrian Lukita"
}
],
"descriptions": [
{
"lang": "en",
"value": "The ShopEngine Elementor WooCommerce Builder Addon plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.8.5. This is due to missing nonce validation on the \"post_add_to_list\" function as well as an incorrect permissions callback in the \"Api/init\" function. This makes it possible for unauthenticated attackers to add or remove products from a user\u0027s wishlist via a forged request granted they can trick a site\u0027s user into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T12:29:55.836Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6ed605a1-9544-4b53-8d62-ad89214a4fb8?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3401226/shopengine"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-14T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-10-27T16:26:34.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-12-02T23:42:11.000+00:00",
"value": "Disclosed"
}
],
"title": "ShopEngine \u003c= 4.8.5 - Cross-Site Request Forgery to Wishlist Manipulation"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-12358",
"datePublished": "2025-12-03T12:29:55.836Z",
"dateReserved": "2025-10-27T16:10:11.719Z",
"dateUpdated": "2025-12-03T13:58:46.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12887 (GCVE-0-2025-12887)
Vulnerability from cvelistv5 – Published: 2025-12-03 12:29 – Updated: 2025-12-03 14:09
VLAI?
Summary
The Post SMTP plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.1. This is due to the plugin not properly verifying that a user is authorized to update OAuth tokens on the 'handle_gmail_oauth_redirect' function. This makes it possible for authenticated attackers, with subscriber level access and above, to inject invalid or attacker-controlled OAuth credentials.
Severity ?
5.4 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| saadiqbal | Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App |
Affected:
* , ≤ 3.6.1
(semver)
|
Credits
M Indra Purnama
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12887",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T14:09:06.643764Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T14:09:43.624Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Post SMTP \u2013 Complete SMTP Solution with Logs, Alerts, Backup SMTP \u0026 Mobile App",
"vendor": "saadiqbal",
"versions": [
{
"lessThanOrEqual": "3.6.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "M Indra Purnama"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Post SMTP plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.1. This is due to the plugin not properly verifying that a user is authorized to update OAuth tokens on the \u0027handle_gmail_oauth_redirect\u0027 function. This makes it possible for authenticated attackers, with subscriber level access and above, to inject invalid or attacker-controlled OAuth credentials."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T12:29:53.626Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5bd9f312-99e1-4dc2-855d-90339c2e24da?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3402203"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-01T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-11-07T17:45:14.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-12-03T00:22:23.000+00:00",
"value": "Disclosed"
}
],
"title": "Post SMTP \u2013 Complete SMTP Solution with Logs, Alerts, Backup SMTP \u0026 Mobile App \u003c= 3.6.1 - Missing Authorization to Authenticated (Subscriber+) OAuth Token Update"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-12887",
"datePublished": "2025-12-03T12:29:53.626Z",
"dateReserved": "2025-11-07T17:28:03.418Z",
"dateUpdated": "2025-12-03T14:09:43.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13486 (GCVE-0-2025-13486)
Vulnerability from cvelistv5 – Published: 2025-12-03 06:47 – Updated: 2025-12-03 14:32
VLAI?
Summary
The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Remote Code Execution in versions 0.9.0.5 through 0.9.1.1 via the prepare_form() function. This is due to the function accepting user input and then passing that through call_user_func_array(). This makes it possible for unauthenticated attackers to execute arbitrary code on the server, which can be leveraged to inject backdoors or create new administrative user accounts.
Severity ?
9.8 (Critical)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| hwk-fr | Advanced Custom Fields: Extended |
Affected:
0.9.0.5 , ≤ 0.9.1.1
(semver)
|
Credits
Marcin Dudek
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13486",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T14:32:25.112922Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T14:32:58.739Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Advanced Custom Fields: Extended",
"vendor": "hwk-fr",
"versions": [
{
"lessThanOrEqual": "0.9.1.1",
"status": "affected",
"version": "0.9.0.5",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marcin Dudek"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Remote Code Execution in versions 0.9.0.5 through 0.9.1.1 via the prepare_form() function. This is due to the function accepting user input and then passing that through call_user_func_array(). This makes it possible for unauthenticated attackers to execute arbitrary code on the server, which can be leveraged to inject backdoors or create new administrative user accounts."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T06:47:46.730Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c508cb73-53e6-4ebe-b3d0-285908b722c9?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3400134/acf-extended"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-20T23:27:00.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-12-02T18:43:18.000+00:00",
"value": "Disclosed"
}
],
"title": "Advanced Custom Fields: Extended 0.9.0.5 - 0.9.1.1 - Unauthenticated Remote Code Execution in prepare_form"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-13486",
"datePublished": "2025-12-03T06:47:46.730Z",
"dateReserved": "2025-11-20T17:33:07.800Z",
"dateUpdated": "2025-12-03T14:32:58.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-10304 (GCVE-0-2025-10304)
Vulnerability from cvelistv5 – Published: 2025-12-03 03:27 – Updated: 2025-12-03 14:44
VLAI?
Summary
The Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the process_status_unlink() function in all versions up to, and including, 2.3.8. This makes it possible for unauthenticated attackers to delete the back-up progress files and cause a back-up to fail while it is in progress.
Severity ?
5.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| everestthemes | Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin |
Affected:
* , ≤ 2.3.8
(semver)
|
Credits
Jonas Benjamin Friedli
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10304",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T14:43:59.973715Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T14:44:15.444Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Everest Backup \u2013 WordPress Cloud Backup, Migration, Restore \u0026 Cloning Plugin",
"vendor": "everestthemes",
"versions": [
{
"lessThanOrEqual": "2.3.8",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jonas Benjamin Friedli"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Everest Backup \u2013 WordPress Cloud Backup, Migration, Restore \u0026 Cloning Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the process_status_unlink() function in all versions up to, and including, 2.3.8. This makes it possible for unauthenticated attackers to delete the back-up progress files and cause a back-up to fail while it is in progress."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T03:27:15.009Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f7d7c619-7dc0-47a5-a203-6df4dfa0158b?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3400800%40everest-backup\u0026new=3400800%40everest-backup\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-18T17:25:45.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-12-02T15:27:08.000+00:00",
"value": "Disclosed"
}
],
"title": "Everest Backup \u2013 WordPress Cloud Backup, Migration, Restore \u0026 Cloning Plugin \u003c= 2.3.8 - Missing Authorization to Unauthenticated Backup Failure"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-10304",
"datePublished": "2025-12-03T03:27:15.009Z",
"dateReserved": "2025-09-11T21:54:46.884Z",
"dateUpdated": "2025-12-03T14:44:15.444Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12585 (GCVE-0-2025-12585)
Vulnerability from cvelistv5 – Published: 2025-12-03 03:27 – Updated: 2025-12-03 14:45
VLAI?
Summary
The MxChat – AI Chatbot for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.5 via upload filenames. This makes it possible for unauthenticated attackers to extract session values that can subsequently be used to access conversation data.
Severity ?
5.3 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| mxchat | MxChat – AI Chatbot for WordPress |
Affected:
* , ≤ 2.5.5
(semver)
|
Credits
Ryan Kozak
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12585",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T14:45:21.576030Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T14:45:48.223Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MxChat \u2013 AI Chatbot for WordPress",
"vendor": "mxchat",
"versions": [
{
"lessThanOrEqual": "2.5.5",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ryan Kozak"
}
],
"descriptions": [
{
"lang": "en",
"value": "The MxChat \u2013 AI Chatbot for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.5 via upload filenames. This makes it possible for unauthenticated attackers to extract session values that can subsequently be used to access conversation data."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T03:27:14.561Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7cf1a90d-6157-40e7-aed8-4d18bc22432d?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/mxchat-basic/trunk/includes/class-mxchat-integrator.php#L107"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3406402%40mxchat-basic\u0026new=3406402%40mxchat-basic\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-31T22:33:59.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-12-02T14:25:33.000+00:00",
"value": "Disclosed"
}
],
"title": "MxChat \u2013 AI Chatbot for WordPress \u003c= 2.5.5 - Unauthenticated Information Exposure"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-12585",
"datePublished": "2025-12-03T03:27:14.561Z",
"dateReserved": "2025-10-31T22:16:47.560Z",
"dateUpdated": "2025-12-03T14:45:48.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13495 (GCVE-0-2025-13495)
Vulnerability from cvelistv5 – Published: 2025-12-03 03:27 – Updated: 2025-12-03 21:21
VLAI?
Summary
The FluentCart plugin for WordPress is vulnerable to SQL Injection via the 'groupKey' parameter in all versions up to, and including, 1.3.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Severity ?
4.9 (Medium)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wpmanageninja | FluentCart A New Era of eCommerce – Faster, Lighter, and Simpler |
Affected:
* , ≤ 1.3.1
(semver)
|
Credits
Itthidej Aramsri
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13495",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T21:21:18.670151Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T21:21:32.664Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FluentCart A New Era of eCommerce \u2013 Faster, Lighter, and Simpler",
"vendor": "wpmanageninja",
"versions": [
{
"lessThanOrEqual": "1.3.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Itthidej Aramsri"
}
],
"descriptions": [
{
"lang": "en",
"value": "The FluentCart plugin for WordPress is vulnerable to SQL Injection via the \u0027groupKey\u0027 parameter in all versions up to, and including, 1.3.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T03:27:13.915Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2000b23f-d8a2-4b83-9bf7-b90cb16718f3?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/fluent-cart/trunk/app/Services/Report/RevenueReportService.php#L76"
},
{
"url": "https://plugins.trac.wordpress.org/browser/fluent-cart/tags/1.3.0/app/Services/Report/RevenueReportService.php#L76"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3408039/fluent-cart/tags/1.3.2/app/Services/Report/ReportHelper.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-24T20:25:17.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-12-02T15:10:18.000+00:00",
"value": "Disclosed"
}
],
"title": "FluentCart A New Era of eCommerce \u003c= 1.3.1 - Authenticated (Administrator+) SQL Injection via \u0027groupKey\u0027 Parameter"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-13495",
"datePublished": "2025-12-03T03:27:13.915Z",
"dateReserved": "2025-11-20T22:06:04.625Z",
"dateUpdated": "2025-12-03T21:21:32.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13646 (GCVE-0-2025-13646)
Vulnerability from cvelistv5 – Published: 2025-12-03 02:25 – Updated: 2025-12-03 21:15
VLAI?
Summary
The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ajax_unzip_file' function in versions 2.13.1 to 2.13.2. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files with race condition on the affected site's server which may make remote code execution possible.
Severity ?
7.5 (High)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wpchill | Image Gallery – Photo Grid & Video Gallery |
Affected:
2.13.1 , ≤ 2.13.2
(semver)
|
Credits
Yevhenii Butenko
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13646",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T21:15:23.161785Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T21:15:37.618Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Image Gallery \u2013 Photo Grid \u0026 Video Gallery",
"vendor": "wpchill",
"versions": [
{
"lessThanOrEqual": "2.13.2",
"status": "affected",
"version": "2.13.1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Yevhenii Butenko"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the \u0027ajax_unzip_file\u0027 function in versions 2.13.1 to 2.13.2. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files with race condition on the affected site\u0027s server which may make remote code execution possible."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T02:25:30.109Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/59ee0ca2-846d-4ae8-ad19-7c3826861aeb?source=cve"
},
{
"url": "https://github.com/WPChill/modula-lite/blob/master/includes/admin/class-modula-gallery-upload.php#L1103"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3395701/modula-best-grid-gallery#file5"
},
{
"url": "https://github.com/WPChill/modula-lite/commit/90c8eb982f71b31584d9be9359e3b594e03927d7"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3407949/modula-best-grid-gallery"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-22T00:00:00.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-12-02T14:05:26.000+00:00",
"value": "Disclosed"
}
],
"title": "Modula 2.13.1 - 2.13.2 - Authenticated (Author+) Arbitrary File Upload via Race Condition"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-13646",
"datePublished": "2025-12-03T02:25:30.109Z",
"dateReserved": "2025-11-25T07:02:51.377Z",
"dateUpdated": "2025-12-03T21:15:37.618Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13448 (GCVE-0-2025-13448)
Vulnerability from cvelistv5 – Published: 2025-12-03 02:25 – Updated: 2025-12-03 21:09
VLAI?
Summary
The CSSIgniter Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'element' shortcode attribute in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity ?
6.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| anastis | CSSIgniter Shortcodes |
Affected:
* , ≤ 2.4.1
(semver)
|
Credits
Athiwat Tiprasaharn
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13448",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T21:09:09.967225Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T21:09:33.856Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CSSIgniter Shortcodes",
"vendor": "anastis",
"versions": [
{
"lessThanOrEqual": "2.4.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Athiwat Tiprasaharn"
}
],
"descriptions": [
{
"lang": "en",
"value": "The CSSIgniter Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u0027element\u0027 shortcode attribute in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T02:25:29.577Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/288419ad-fbb2-4a4a-8a40-89ae024e068d?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/cssigniter-shortcodes/trunk/ci-shortcodes.php#L117"
},
{
"url": "https://plugins.trac.wordpress.org/browser/cssigniter-shortcodes/tags/2.4.1/ci-shortcodes.php#L117"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3408092%40cssigniter-shortcodes\u0026new=3408092%40cssigniter-shortcodes\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-25T13:54:06.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-12-02T14:20:18.000+00:00",
"value": "Disclosed"
}
],
"title": "CSSIgniter Shortcodes \u003c= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via \u0027element\u0027 Shortcode Attribute"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-13448",
"datePublished": "2025-12-03T02:25:29.577Z",
"dateReserved": "2025-11-19T19:18:17.540Z",
"dateUpdated": "2025-12-03T21:09:33.856Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13645 (GCVE-0-2025-13645)
Vulnerability from cvelistv5 – Published: 2025-12-03 02:25 – Updated: 2025-12-03 21:08
VLAI?
Summary
The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajax_unzip_file' function in versions 2.13.1 to 2.13.2. This makes it possible for authenticated attackers, with Author-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
Severity ?
7.2 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wpchill | Image Gallery – Photo Grid & Video Gallery |
Affected:
2.13.1 , ≤ 2.13.2
(semver)
|
Credits
ISMAILSHADOW
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13645",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T21:08:05.412355Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T21:08:20.205Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Image Gallery \u2013 Photo Grid \u0026 Video Gallery",
"vendor": "wpchill",
"versions": [
{
"lessThanOrEqual": "2.13.2",
"status": "affected",
"version": "2.13.1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ISMAILSHADOW"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the \u0027ajax_unzip_file\u0027 function in versions 2.13.1 to 2.13.2. This makes it possible for authenticated attackers, with Author-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php)."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T02:25:28.863Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/080683bb-713f-4aa8-b635-90c96f358bec?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/modula-best-grid-gallery/tags/2.13.2/includes/admin/class-modula-gallery-upload.php#L1025"
},
{
"url": "https://plugins.trac.wordpress.org/browser/modula-best-grid-gallery/tags/2.13.2/includes/admin/class-modula-gallery-upload.php#L1119"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3395701/modula-best-grid-gallery#file5"
},
{
"url": "https://github.com/WPChill/modula-lite/commit/90c8eb982f71b31584d9be9359e3b594e03927d7"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3407949/modula-best-grid-gallery"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-25T07:06:53.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-12-02T14:05:24.000+00:00",
"value": "Disclosed"
}
],
"title": "Modula 2.13.1 - 2.13.2 - Authenticated (Author+) Arbitrary File Deletion"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-13645",
"datePublished": "2025-12-03T02:25:28.863Z",
"dateReserved": "2025-11-25T06:49:47.375Z",
"dateUpdated": "2025-12-03T21:08:20.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13542 (GCVE-0-2025-13542)
Vulnerability from cvelistv5 – Published: 2025-12-02 19:27 – Updated: 2025-12-02 19:36
VLAI?
Summary
The DesignThemes LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.4. This is due to the 'dtlms_register_user_front_end' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site.
Severity ?
9.8 (Critical)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| DesignThemes | DesignThemes LMS |
Affected:
* , ≤ 1.0.4
(semver)
|
Credits
Ismail Syaleh
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13542",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T19:36:37.176375Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T19:36:45.547Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DesignThemes LMS",
"vendor": "DesignThemes",
"versions": [
{
"lessThanOrEqual": "1.0.4",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ismail Syaleh"
}
],
"descriptions": [
{
"lang": "en",
"value": "The DesignThemes LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.4. This is due to the \u0027dtlms_register_user_front_end\u0027 function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the \u0027administrator\u0027 role during registration and gain administrator access to the site."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T19:27:16.108Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c880470f-3f81-47a2-b450-7074410e9f43?source=cve"
},
{
"url": "https://themeforest.net/item/egrad-education-wordpress-theme/42803015"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-02T07:26:08.000+00:00",
"value": "Disclosed"
}
],
"title": "DesignThemes LMS \u003c= 1.0.4 - Unauthenticated Privilege Escalation"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-13542",
"datePublished": "2025-12-02T19:27:16.108Z",
"dateReserved": "2025-11-22T13:49:34.767Z",
"dateUpdated": "2025-12-02T19:36:45.547Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13731 (GCVE-0-2025-13731)
Vulnerability from cvelistv5 – Published: 2025-12-02 13:53 – Updated: 2025-12-02 14:25
VLAI?
Summary
The Nexter Extension – Site Enhancements Toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'nxt-year' shortcode in all versions up to, and including, 4.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity ?
6.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| posimyththemes | Nexter Extension – Site Enhancements Toolkit |
Affected:
* , ≤ 4.4.1
(semver)
|
Credits
Muhammad Yudha - DJ
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13731",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T14:25:44.381835Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T14:25:56.276Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Nexter Extension \u2013 Site Enhancements Toolkit",
"vendor": "posimyththemes",
"versions": [
{
"lessThanOrEqual": "4.4.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Muhammad Yudha - DJ"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Nexter Extension \u2013 Site Enhancements Toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\u0027s \u0027nxt-year\u0027 shortcode in all versions up to, and including, 4.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T13:53:24.636Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/809cd97c-22ea-49e7-be46-688fefe50236?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/nexter-extension/trunk/include/class-nexter-load-ext.php#L66"
},
{
"url": "https://plugins.trac.wordpress.org/browser/nexter-extension/trunk/include/class-nexter-load-ext.php#L136"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?old=3402155\u0026old_path=nexter-extension%2Ftags%2F4.4.1%2Finclude%2Fclass-nexter-load-ext.php\u0026new=3403967\u0026new_path=nexter-extension%2Ftags%2F4.4.2%2Finclude%2Fclass-nexter-load-ext.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-26T00:31:09.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-12-01T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Nexter Extension \u003c= 4.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-13731",
"datePublished": "2025-12-02T13:53:24.636Z",
"dateReserved": "2025-11-26T00:15:39.317Z",
"dateUpdated": "2025-12-02T14:25:56.276Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13090 (GCVE-0-2025-13090)
Vulnerability from cvelistv5 – Published: 2025-12-02 11:20 – Updated: 2025-12-02 13:51
VLAI?
Summary
The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'search' parameter in all versions up to, and including, 1.4.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Severity ?
4.9 (Medium)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| listingthemes | WP Directory Kit |
Affected:
* , ≤ 1.4.6
(semver)
|
Credits
tmrswrr
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13090",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T13:51:29.681131Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T13:51:37.894Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WP Directory Kit",
"vendor": "listingthemes",
"versions": [
{
"lessThanOrEqual": "1.4.6",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "tmrswrr"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the \u0027search\u0027 parameter in all versions up to, and including, 1.4.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T11:20:06.843Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d0fbf502-2dfb-49e5-94a6-1525aabc08c1?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3396348%40wpdirectorykit\u0026new=3396348%40wpdirectorykit\u0026sfp_email=\u0026sfph_mail="
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3405484%40wpdirectorykit\u0026new=3405484%40wpdirectorykit\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-13T09:27:56.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-12-01T21:39:47.000+00:00",
"value": "Disclosed"
}
],
"title": "WP Directory Kit \u003c= 1.4.6 - Authenticated (Admin+) SQL Injection"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-13090",
"datePublished": "2025-12-02T11:20:06.843Z",
"dateReserved": "2025-11-12T20:07:21.330Z",
"dateUpdated": "2025-12-02T13:51:37.894Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13516 (GCVE-0-2025-13516)
Vulnerability from cvelistv5 – Published: 2025-12-02 08:24 – Updated: 2025-12-02 14:40
VLAI?
Summary
The SureMail – SMTP and Email Logs Plugin for WordPress is vulnerable to Unrestricted Upload of File with Dangerous Type in versions up to and including 1.9.0. This is due to the plugin's save_file() function in inc/emails/handler/uploads.php which duplicates all email attachments to a web-accessible directory (wp-content/uploads/suremails/attachments/) without validating file extensions or content types. Files are saved with predictable names derived from MD5 hashes of their content. While the plugin attempts to protect this directory with an Apache .htaccess file to disable PHP execution, this protection is ineffective on nginx, IIS, and Lighttpd servers, or on misconfigured Apache installations. This makes it possible for unauthenticated attackers to achieve Remote Code Execution by uploading malicious PHP files through any public form that emails attachments, calculating the predictable filename, and directly accessing the file to execute arbitrary code granted they are exploiting a site running on an affected web server configuration.
Severity ?
8.1 (High)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| brainstormforce | SureMail – SMTP and Email Logs Plugin with Amazon SES, Postmark, and Other Providers |
Affected:
* , ≤ 1.9.0
(semver)
|
Credits
M Indra Purnama
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13516",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T14:40:44.372425Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T14:40:51.680Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SureMail \u2013 SMTP and Email Logs Plugin with Amazon SES, Postmark, and Other Providers",
"vendor": "brainstormforce",
"versions": [
{
"lessThanOrEqual": "1.9.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "M Indra Purnama"
}
],
"descriptions": [
{
"lang": "en",
"value": "The SureMail \u2013 SMTP and Email Logs Plugin for WordPress is vulnerable to Unrestricted Upload of File with Dangerous Type in versions up to and including 1.9.0. This is due to the plugin\u0027s save_file() function in inc/emails/handler/uploads.php which duplicates all email attachments to a web-accessible directory (wp-content/uploads/suremails/attachments/) without validating file extensions or content types. Files are saved with predictable names derived from MD5 hashes of their content. While the plugin attempts to protect this directory with an Apache .htaccess file to disable PHP execution, this protection is ineffective on nginx, IIS, and Lighttpd servers, or on misconfigured Apache installations. This makes it possible for unauthenticated attackers to achieve Remote Code Execution by uploading malicious PHP files through any public form that emails attachments, calculating the predictable filename, and directly accessing the file to execute arbitrary code granted they are exploiting a site running on an affected web server configuration."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T08:24:54.808Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f3a20047-a325-4d29-a848-7ffa525d0bad?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/suremails/trunk/inc/emails/handler/uploads.php#L231"
},
{
"url": "https://plugins.trac.wordpress.org/browser/suremails/trunk/inc/emails/handler/uploads.php#L113"
},
{
"url": "https://plugins.trac.wordpress.org/browser/suremails/trunk/inc/admin/plugin.php#L407"
},
{
"url": "https://cwe.mitre.org/data/definitions/434.html"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3403145/suremails/trunk?contextall=1\u0026old=3389326\u0026old_path=%2Fsuremails%2Ftrunk"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-21T19:20:32.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-12-01T19:54:07.000+00:00",
"value": "Disclosed"
}
],
"title": "SureMail \u2013 SMTP and Email Logs Plugin with Amazon SES, Postmark, and Other Providers \u003c= 1.9.0 - Unauthenticated Arbitrary File Upload"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-13516",
"datePublished": "2025-12-02T08:24:54.808Z",
"dateReserved": "2025-11-21T18:57:45.563Z",
"dateUpdated": "2025-12-02T14:40:51.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13724 (GCVE-0-2025-13724)
Vulnerability from cvelistv5 – Published: 2025-12-02 08:24 – Updated: 2025-12-02 14:41
VLAI?
Summary
The VikRentCar Car Rental Management System plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'month' parameter in all versions up to, and including, 1.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Severity ?
7.5 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| e4jvikwp | VikRentCar Car Rental Management System |
Affected:
* , ≤ 1.4.4
(semver)
|
Credits
zhenhua fan
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13724",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T14:41:28.330367Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T14:41:38.713Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VikRentCar Car Rental Management System",
"vendor": "e4jvikwp",
"versions": [
{
"lessThanOrEqual": "1.4.4",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "zhenhua fan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The VikRentCar Car Rental Management System plugin for WordPress is vulnerable to time-based blind SQL Injection via the \u0027month\u0027 parameter in all versions up to, and including, 1.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T08:24:54.360Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/724a2da0-e4e7-4868-a1ad-fce69a915981?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/vikrentcar/trunk/admin/views/overv/view.html.php#L195"
},
{
"url": "https://plugins.trac.wordpress.org/browser/vikrentcar/tags/1.4.4/admin/views/overv/view.html.php#L195"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3403439%40vikrentcar\u0026new=3403439%40vikrentcar\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-26T11:04:37.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-12-01T19:42:44.000+00:00",
"value": "Disclosed"
}
],
"title": "VikRentCar Car Rental Management System \u003c= 1.4.4 - Authenticated (Author+) SQL Injection via \u0027month\u0027 Parameter"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-13724",
"datePublished": "2025-12-02T08:24:54.360Z",
"dateReserved": "2025-11-25T22:27:24.607Z",
"dateUpdated": "2025-12-02T14:41:38.713Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13534 (GCVE-0-2025-13534)
Vulnerability from cvelistv5 – Published: 2025-12-02 08:24 – Updated: 2025-12-02 15:29
VLAI?
Summary
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3.2. This is due to missing authorization checks on the eh_crm_edit_agent AJAX action. This makes it possible for authenticated attackers, with Contributor-level access and above, to escalate their WSDesk privileges from limited "Reply Tickets" permissions to full helpdesk administrator capabilities, gaining unauthorized access to ticket management, settings configuration, agent administration, and sensitive customer data.
Severity ?
6.3 (Medium)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| elextensions | ELEX WordPress HelpDesk & Customer Ticketing System |
Affected:
* , ≤ 3.3.2
(semver)
|
Credits
Athiwat Tiprasaharn
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13534",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T15:29:25.124421Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T15:29:31.663Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ELEX WordPress HelpDesk \u0026 Customer Ticketing System",
"vendor": "elextensions",
"versions": [
{
"lessThanOrEqual": "3.3.2",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Athiwat Tiprasaharn"
}
],
"descriptions": [
{
"lang": "en",
"value": "The ELEX WordPress HelpDesk \u0026 Customer Ticketing System plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3.2. This is due to missing authorization checks on the eh_crm_edit_agent AJAX action. This makes it possible for authenticated attackers, with Contributor-level access and above, to escalate their WSDesk privileges from limited \"Reply Tickets\" permissions to full helpdesk administrator capabilities, gaining unauthorized access to ticket management, settings configuration, agent administration, and sensitive customer data."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T08:24:53.698Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3541794b-7c8a-42f8-9688-7f3dbbb08e58?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/elex-helpdesk-customer-support-ticket-system/trunk/includes/class-crm-ajax-functions-two.php#L9"
},
{
"url": "https://plugins.trac.wordpress.org/browser/elex-helpdesk-customer-support-ticket-system/tags/3.3.2/includes/class-crm-ajax-functions-two.php#L9"
},
{
"url": "https://plugins.trac.wordpress.org/browser/stm-gallery/trunk/stmgallery_v.0.9.php#L121"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-21T21:38:59.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-12-01T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "ELEX WordPress HelpDesk \u0026 Customer Ticketing System \u003c= 3.3.2 - Authenticated (Contributor+) Privilege Escalation via eh_crm_edit_agent AJAX Action"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-13534",
"datePublished": "2025-12-02T08:24:53.698Z",
"dateReserved": "2025-11-21T21:23:47.412Z",
"dateUpdated": "2025-12-02T15:29:31.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}