In Download Manager plugin for WordPress versions up to and including 3.3.18 a medium severity vulnerability CVE-2025-4367 was detected. This vulnerability allows authenticated attackers with Author-level access and above to inject arbitrary web scripts via the wpdm_user_dashboard shortcode, due to insufficient input sanitization and output escaping. To address this issue, users should upgrade Download Manager […]
In CSV Me plugin for WordPress versions up to and including 2.0 a high severity vulnerability CVE-2025-6086 was detected. This vulnerability allows authenticated attackers with Administrator-level access and above to upload arbitrary files due to insufficient file type validation, potentially leading to remote code execution. Currently, there is no fixed version for this issue. For […]
In Target Video Easy Publish plugin for WordPress versions up to and including 3.8.5 a medium severity vulnerability CVE-2025-5237 was detected. This vulnerability allows authenticated attackers with Contributor-level access and above to inject arbitrary web scripts via the ‘width’ parameter due to insufficient input sanitization and output escaping. To address this issue, users should update […]
In tarteaucitron.io plugin for WordPress versions before 1.9.5 a medium severity vulnerability CVE-2025-4955 was detected. This vulnerability allows authenticated attackers with Contributor-level access and above to perform Stored Cross-Site Scripting (XSS) attacks by exploiting unsanitized query parameters from YouTube oEmbed URLs. To address this issue, users should upgrade tarteaucitron.io plugin to versions 1.9.5 or later. […]
In Simple Logo Carousel plugin for WordPress versions up to and including 1.9.3 a medium severity vulnerability CVE-2025-5700 was detected. This vulnerability allows authenticated attackers with Contributor-level access and above to inject arbitrary web scripts via the ‘id’ parameter due to insufficient input sanitization and output escaping. To address this issue, users should upgrade Simple […]
In Ivory Search plugin for WordPress versions before 5.5.10 a low severity vulnerability CVE-2025-5209 was detected. This vulnerability allows high privilege users, such as administrators, to perform Cross-Site Scripting (XSS) attacks due to insufficient sanitization and escaping of certain settings, even when the unfiltered_html capability is disallowed. To address this issue, users should upgrade Ivory […]
In Liferay Portal versions 7.4.0 through 7.4.3.97, Liferay DXP 2023.Q3.1 through 2023.Q3.2, 7.4 GA through update 92, 7.3 GA through update 35 and 7.2 fix pack 8 through fix pack 20 a high severity vulnerability CVE-2025-3602 was detected. This vulnerability allows attackers to perform denial-of-service (DoS) attacks by executing overly complex GraphQL queries due to […]
In Liferay Portal versions 7.0.0 through 7.4.3.4, Liferay DXP 7.4 GA, 7.3 GA through update 34 and older unsupported versions a high severity vulnerability CVE-2025-3594 was detected. This vulnerability allows remote attackers to add files to arbitrary locations on the server and download and execute arbitrary files from the download server via the `_com_liferay_server_admin_web_portlet_ServerAdminPortlet_jarName` parameter. […]
In Liferay Portal versions 7.0.0 through 7.4.3.21, Liferay DXP 7.4 GA through update 9, 7.3 GA through update 25 and older unsupported versions a high severity vulnerability CVE-2025-3526 was detected. This vulnerability allows remote attackers to consume system memory by saving crafted request parameters in the HTTP session, leading to denial-of-service (DoS) conditions. To address […]
