Latest CVE Feed
-
6.4
MEDIUMCVE-2025-9131
The Ogulo – 360° Tour plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘slug’ parameter in all versions up to, and including, 1.0.11 due to insufficient input sanitization and output escaping. This makes it possible for authentica... Read more
Affected Products :- Published: Aug. 23, 2025
- Modified: Aug. 25, 2025
- Vuln Type: Cross-Site Scripting
-
4.3
MEDIUMCVE-2025-7828
The WP Filter & Combine RSS Feeds plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the post_listing_page() function in all versions up to, and including, 0.4. This makes it possible for authentic... Read more
Affected Products :- Published: Aug. 23, 2025
- Modified: Aug. 25, 2025
- Vuln Type: Authorization
-
7.2
HIGHCVE-2025-7813
The Events Calendar, Event Booking, Registrations and Event Tickets – Eventin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.37 via the proxy_image function. This makes it possible for unauthent... Read more
Affected Products :- Published: Aug. 23, 2025
- Modified: Aug. 25, 2025
- Vuln Type: Server-Side Request Forgery
-
4.3
MEDIUMCVE-2025-7827
The Ni WooCommerce Customer Product Report plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ni_woocpr_action() function in all versions up to, and including, 1.2.4. This makes it possible for... Read more
Affected Products :- Published: Aug. 23, 2025
- Modified: Aug. 25, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-9385
A flaw has been found in appneta tcpreplay up to 4.5.1. The affected element is the function fix_ipv6_checksums of the file edit_packet.c of the component tcprewrite. This manipulation causes use after free. The attack is restricted to local execution. Th... Read more
Affected Products : tcpreplay- Published: Aug. 24, 2025
- Modified: Aug. 25, 2025
- Vuln Type: Memory Corruption