In GI-Media Library plugin for WordPress versions prior to 3.0 a high severity vulnerability CVE-2015-10136 was detected. This vulnerability allows unauthenticated attackers to read the contents of arbitrary files on the server via directory traversal using the fileid parameter, potentially exposing sensitive information. To address this issue, users should upgrade GI-Media Library plugin to version 3.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2015-10136.
Read more CMSIn Directus versions 9.12.0 and above a medium severity vulnerability CVE-2025-53889 was detected. This vulnerability allows attackers to execute manual trigger Flows without authentication or proper access rights, potentially performing unauthorized actions on behalf of a user. To address this issue, users should upgrade Directus to version 11.9.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-53889.
Read more CMSIn Directus versions 9.0.0 and above a medium severity vulnerability CVE-2025-53887 was detected. This vulnerability allows attackers to obtain the exact Directus version via the unauthenticated /server/specs/oas endpoint, potentially aiding in targeted exploitation using known vulnerabilities. To address this issue, users should upgrade Directus to version 11.9.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-53887.
Read more CMSIn Directus versions 9.0.0 and above a medium severity vulnerability CVE-2025-53886 was detected. This vulnerability allows malicious administrators to hijack user sessions by accessing sensitive data such as access and refresh tokens logged during Flow WebHook executions. To address this issue, users should upgrade Directus to version 11.9.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-53886.
Read more CMSIn Directus versions 9.0.0 and above a medium severity vulnerability CVE-2025-53885 was detected. This vulnerability allows malicious administrators to log sensitive user data using the “Log to Console” operation within Flows triggered by user CRUD events. To address this issue, users should upgrade Directus to version 11.9.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-53885.
Read more CMSIn Grafana versions prior to 10.4.19+security-01, 11.2.10+security-01, 11.3.7+security-01, 11.4.5+security-01, 11.5.5+security-01, 11.6.2+security-01 and 12.0.1+security-01 a medium severity vulnerability CVE-2025-3415 was detected. This vulnerability allows users with Viewer permission to access the Grafana Alerting DingDing integration, which was not properly protected. To address this issue, users should upgrade Grafana to versions 10.4.19+security-01, 11.2.10+security-01, 11.3.7+security-01, 11.4.5+security-01, 11.5.5+security-01, 11.6.2+security-01 or 12.0.1+security-01. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3415.
Read more CMSIn Strong Testimonials plugin for WordPress versions up to and including 3.2.11 a medium severity vulnerability CVE-2025-7367 was detected. This vulnerability allows authenticated attackers with Author-level access and above to inject arbitrary web scripts via Testimonial Custom Fields due to insufficient input sanitization and output escaping. To address this issue, users should update Strong Testimonials plugin to versions 3.2.12 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-7367.
Read more CMSIn Restrict File Access plugin for WordPress versions up to and including 1.1.2 a high severity vulnerability CVE-2025-7667 was detected. This vulnerability allows unauthenticated attackers to delete arbitrary files on the server via a forged request due to missing or incorrect nonce validation on the ‘restrict-file-access’ page, which can lead to remote code execution if a critical file such as wp-config.php is deleted. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-7667.
Read more CMSIn Companion Auto Update plugin for WordPress versions up to and including 3.9.2 a medium severity vulnerability CVE-2025-4369 was detected. This vulnerability allows admin-level users to inject scripts via the update_delay_days parameter, affecting multi-site setups with unfiltered_html disabled. To address this issue, users should update Companion Auto Update plugin to versions 3.9.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4369.
Read more CMS