Latest CVE Feed
-
4.3
MEDIUMCVE-2025-12407
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.2.2.2. This is due to missing or incorrect nonce validation on the 'location_delete' actio... Read more
Affected Products : events_manager- Published: Dec. 12, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Cross-Site Request Forgery
-
7.5
HIGHCVE-2025-14068
The WPNakama plugin for WordPress is vulnerable to time-based SQL Injection via the 'order_by' parameter in all versions up to, and including, 0.6.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the exis... Read more
Affected Products :- Published: Dec. 12, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Injection
-
7.2
HIGHCVE-2025-58770
APTIOV contains a vulnerability in BIOS where a user may cause “Improper Handling of Insufficient Permissions or Privileges” by local access. Successful exploitation of this vulnerability can lead to escalation of authorization and potentially impact Inte... Read more
Affected Products : aptio_v- Published: Dec. 12, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-13660
The Guest Support plugin for WordPress is vulnerable to User Email Disclosure in versions up to, and including, 1.2.3. This is due to the plugin exposing a public AJAX endpoint that allows anyone to search for and retrieve user email addresses without any... Read more
Affected Products :- Published: Dec. 12, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Information Disclosure