Latest CVE Feed
-
6.4
MEDIUMCVE-2025-11003
The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'uip_save_ui_template' function in all versions up to, and including, ... Read more
Affected Products : uipress_lite- Published: Nov. 21, 2025
- Modified: Nov. 21, 2025
- Vuln Type: Authorization
-
6.4
MEDIUMCVE-2025-11768
The Islamic Phrases plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'phrases' shortcode attribute in all versions up to, and including, 2.12.2015. This is due to insufficient input sanitization and output escaping. This makes it ... Read more
Affected Products :- Published: Nov. 21, 2025
- Modified: Nov. 21, 2025
- Vuln Type: Cross-Site Scripting
-
8.8
HIGHCVE-2025-12138
The URL Image Importer plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in all versions up to, and including, 1.0.6. This is due to the plugin relying on a user-controlled Content-Type HTTP header to va... Read more
Affected Products :- Published: Nov. 21, 2025
- Modified: Nov. 21, 2025
- Vuln Type: Authentication
-
4.9
MEDIUMCVE-2025-11973
The 简数采集器 plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.6.3 via the __kds_flag functionality that imports featured images. This makes it possible for authenticated attackers, with Adminstrator-level acce... Read more
Affected Products : keydatas- Published: Nov. 21, 2025
- Modified: Nov. 21, 2025
- Vuln Type: Path Traversal