CVE Alert: CVE-2025-4177
Vulnerability Summary: CVE-2025-4177 The Flynax Bridge plugin for WordPress is vulnerable to unauthorized loss of data due to a missing...
CVE Alert: CVE-2025-3670
Vulnerability Summary: CVE-2025-3670 The KiwiChat NextClient plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in...
CVE Alert: CVE-2025-2880
Vulnerability Summary: CVE-2025-2880 The Yame | Link In Bio plugin for WordPress is vulnerable to Sensitive Information Exposure in all...
CVE Alert: CVE-2025-4179
Vulnerability Summary: CVE-2025-4179 The Flynax Bridge plugin for WordPress is vulnerable to limited Privilege Escalation due to a missing capability...
CVE Alert: CVE-2024-13322
Vulnerability Summary: CVE-2024-13322 The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to SQL Injection...
CVE Alert: CVE-2025-4131
Vulnerability Summary: CVE-2025-4131 The GmapsMania plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's gmap shortcode in...
CVE Alert: CVE-2024-13419
Vulnerability Summary: CVE-2024-13419 Multiple plugins and/or themes for WordPress using Smart Framework are vulnerable to Stored Cross-Site Scripting due to...
CVE Alert: CVE-2024-12023
Vulnerability Summary: CVE-2024-12023 The FULL – Cliente plugin for WordPress is vulnerable to SQL Injection via the 'formId' parameter in...
CVE Alert: CVE-2024-13418
Vulnerability Summary: CVE-2024-13418 Multiple plugins and/or themes for WordPress are vulnerable to Arbitrary File Uploads due to a missing capability...
CVE Alert: CVE-2024-13420
Vulnerability Summary: CVE-2024-13420 Multiple plugins and/or themes for WordPress are vulnerable to unauthorized access due to a missing capability check...
CVE Alert: CVE-2025-1326
Vulnerability Summary: CVE-2025-1326 The Homey theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability...
CVE Alert: CVE-2025-3510
Vulnerability Summary: CVE-2025-3510 The tagDiv Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes in all...
CVE Alert: CVE-2025-1327
Vulnerability Summary: CVE-2025-1327 The Homey theme for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to,...
CVE Alert: CVE-2024-13344
Vulnerability Summary: CVE-2024-13344 The Advance Seat Reservation Management for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the...
CVE Alert: CVE-2025-3708
Vulnerability Summary: CVE-2025-3708 Le-show medical practice management system from Le-yan has a SQL Injection vulnerability, allowing unauthenticated remote attackers to...
CVE Alert: CVE-2025-3858
Vulnerability Summary: CVE-2025-3858 The Formality plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ parameter in all...
CVE Alert: CVE-2025-3709
Vulnerability Summary: CVE-2025-3709 Agentflow from Flowring Technology has an Account Lockout Bypass vulnerability, allowing unauthenticated remote attackers to exploit this...
CVE Alert: CVE-2025-3748
Vulnerability Summary: CVE-2025-3748 The Taxonomy Chain Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's pn_chain_menu...
CVE Alert: CVE-2025-3707
Vulnerability Summary: CVE-2025-3707 The eHDR CTMS from Sunnet has a SQL Injection vulnerability, allowing remote attackers with regular privileges to...
[HELLCAT] – Ransomware Victim: www
Ransomware Group: HELLCAT VICTIM NAME: www NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating...
HackerOne Bug Bounty Disclosure: -names-nsf-and-all-names-files-route-to-public-api-on-rubygems-org-jagat-singh
Company Name: RubyGems Company HackerOne URL: https://hackerone.com/rubygems Submitted By:jagat-singhLink to Submitters Profile:https://hackerone.com/jagat-singh Report Title:`/namesnsf` and all `/names*` files route to...
[MONTI] – Ransomware Victim: American Eagle Logistics
Ransomware Group: MONTI VICTIM NAME: American Eagle Logistics NOTE: No files or stolen information are by RedPacket Security. Any legal...
CVE Alert: CVE-2025-3488
Vulnerability Summary: CVE-2025-3488 The WPML plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpml_language_switcher shortcode in...
CVE Alert: CVE-2025-3438
Vulnerability Summary: CVE-2025-3438 The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is...
