In Freemind Viewer plugin for WordPress versions up to and including 1.0 a medium severity vulnerability CVE-2025-5536 was detected. This vulnerability allows authenticated attackers with Contributor-level access or higher to inject malicious scripts via the freemind shortcode due to insufficient input sanitization and output escaping. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-5536.
Read more CMS
In StageShow plugin for WordPress versions up to and including 10.0.3 a medium severity vulnerability CVE-2025-5703 was detected. This vulnerability allows authenticated attackers with Contributor-level access or higher to inject malicious scripts via the anchor parameter due to insufficient input sanitization and output escaping. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-5703.
Read more CMS
In Developer Formatter plugin for WordPress versions up to and including 2015.0.2.1 a medium severity vulnerability CVE-2025-5699 was detected. This vulnerability allows authenticated attackers with Administrator-level access to inject malicious scripts via the Custom CSS field due to insufficient input sanitization and output escaping, affecting only multisite installations or sites where unfiltered_html is disabled. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-5699.
Read more CMS
In Paged Gallery plugin for WordPress versions up to and including 0.7 a medium severity vulnerability CVE-2025-5686 was detected. This vulnerability allows authenticated attackers with Contributor-level access or higher to inject malicious scripts via the gallery shortcode due to insufficient input sanitization and output escaping. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-5686.
Read more CMS
In Simple History plugin for WordPress versions 5.8.1 and prior a medium severity vulnerability CVE-2025-5760 was detected. This vulnerability allows sensitive data exposure via Detective Mode due to improper sanitization in the append_debug_info_to_context() function, causing user passwords to be logged in cleartext. To address this issue, users should upgrade Simple History plugin to versions 5.8.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-5760.
Read more CMS
In Domain For Sale plugin for WordPress versions up to and including 3.0.10 a medium severity vulnerability CVE-2025-5239 was detected. This vulnerability allows authenticated attackers with Contributor-level access or higher to inject malicious scripts via the class_name parameter due to insufficient input sanitization and output escaping. To address this issue, users should upgrade Domain For Sale plugin to versions 3.0.11 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-5239.
Read more CMS
In Django versions 5.2 before 5.2.2, 5.1 before 5.1.10 and 4.2 before 4.2.22 a medium severity vulnerability CVE-2025-48432 was detected. This vulnerability allows remote attackers to manipulate internal HTTP response logs via crafted URLs, potentially leading to log injection or forgery when logs are viewed in terminals or processed by external systems. To address this issue, users should upgrade Django to versions 5.2.2, 5.1.10 or 4.2.22. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-48432.
Read more Application Development
In HyperComments plugin for WordPress versions up to and including 1.2.2 a critical severity vulnerability CVE-2025-5701 was detected. This vulnerability allows unauthenticated attackers to modify arbitrary site options due to a missing capability check in the hc_request_handler function. Exploitation could lead to privilege escalation by changing the default registration role to administrator and enabling user registration. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-5701.
Read more CMS
In WP User Frontend Pro plugin for WordPress versions up to and including 4.1.3 a high severity vulnerability CVE-2025-3055 was detected. This vulnerability allows authenticated users with Subscriber access or higher to delete arbitrary server files via the delete_avatar_ajax() function, potentially leading to remote code execution if critical files like wp-config.php are removed. To address this issue, users should upgrade WP User Frontend Pro plugin to versions 4.1.4 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3055.
Read more CMS