In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between July 04-05, 2025.
During this period, The National Vulnerability Database published 186, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 13
High: 41
Medium: 58
Low: 1
Severity Not Assigned: 73
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2025-5953
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The WP Human Resource Management plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization in the ajax_insert_employee() and update_empoyee() functions in versions 2.0.0 through 2.2.17. The AJAX handler reads the client-supplied $_POST['role'] and, after basic cleaning via hrm_clean(), passes it directly to wp_insert_user() and later to $user->set_role() without verifying that the current user is allowed to assign that role. This makes it possible for authenticated attackers, with Employee-level access and above, to elevate their privileges to administrator.
References: https://plugins.trac.wordpress.org/browser/hrm/tags/2.2.17/class/employee.php#L543
https://plugins.trac.wordpress.org/browser/hrm/tags/2.2.17/class/employee.php#L591
https://plugins.trac.wordpress.org/browser/hrm/tags/2.2.17/class/employee.php#L89
https://wordpress.org/plugins/hrm/#developers
https://www.wordfence.com/threat-intel/vulnerabilities/id/3ba33a18-429f-4a3e-b018-bdfbbe6e8482?source=cve
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
2. CVE-2025-6238
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: The AI Engine plugin for WordPress is vulnerable to open redirect in version 2.8.4. This is due to an insecure OAuth implementation, as the 'redirect_uri' parameter is missing validation during the authorization flow. This makes it possible for unauthenticated attackers to intercept the authorization code and obtain an access token by redirecting the user to an attacker-controlled URI. Note: OAuth is disabled, the 'Meow_MWAI_Labs_OAuth' class is not loaded in the plugin in the patched version 2.8.5.
References: https://plugins.trac.wordpress.org/browser/ai-engine/tags/2.8.4/labs/oauth.php
https://plugins.trac.wordpress.org/changeset/3321384/ai-engine/trunk/labs/mcp.php
https://plugins.trac.wordpress.org/changeset/3321384/ai-engine/trunk/labs/oauth.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/1edc84fd-8cb5-4899-9444-1b6ae3144917?source=cve
CWE-ID: CWE-601
Common Platform Enumerations (CPE): Not Found
3. CVE-2025-6586
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: The Download Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the dpwap_plugin_locInstall function in all versions up to, and including, 2.2.8. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
References: https://plugins.trac.wordpress.org/browser/download-plugin/tags/2.2.8/app/Plugins/Dpwapuploader.php#L300
https://www.wordfence.com/threat-intel/vulnerabilities/id/37734c25-cce3-41fb-babf-714ba7a4bced?source=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
4. CVE-2025-6782
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The GoZen Forms plugin for WordPress is vulnerable to SQL Injection via the 'forms-id' parameter of the dirGZActiveForm() function in all versions up to, and including, 1.1.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://wordpress.org/plugins/gozen-forms/
https://www.wordfence.com/threat-intel/vulnerabilities/id/d874a041-1cd4-4ca1-85bd-4050630d8502?source=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
5. CVE-2025-6783
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The GoZen Forms plugin for WordPress is vulnerable to SQL Injection via the 'forms-id' parameter of the emdedSc() function in all versions up to, and including, 1.1.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://wordpress.org/plugins/gozen-forms/
https://www.wordfence.com/threat-intel/vulnerabilities/id/784998a7-550d-4299-9995-af01e5ee1d21?source=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
6. CVE-2025-6814
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The Booking X plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_now() function in versions 1.0 to 1.1.2. This makes it possible for unauthenticated attackers to download all plugin data, including user accounts, user meta, and PayPal credentials, by issuing a crafted POST request.
References: https://plugins.trac.wordpress.org/browser/booking-x/tags/1.1.2/admin/class-bookingx-admin.php#L784
https://plugins.trac.wordpress.org/browser/booking-x/tags/1.1.2/includes/class-bookingx.php#L322
https://wordpress.org/plugins/booking-x/#developers
https://www.wordfence.com/threat-intel/vulnerabilities/id/6a30d572-e086-4b83-8cb7-4cef9a3253bd?source=cve
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
7. CVE-2025-24748
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup All In One Slider Responsive allows SQL Injection. This issue affects All In One Slider Responsive: from n/a through 3.7.9.
References: https://patchstack.com/database/wordpress/plugin/all_in_one_carousel/vulnerability/wordpress-all-in-one-slider-responsive-plugin-3-7-9-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
8. CVE-2025-28951
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in CreedAlly Bulk Featured Image allows Upload a Web Shell to a Web Server. This issue affects Bulk Featured Image: from n/a through 1.2.1.
References: https://patchstack.com/database/wordpress/plugin/bulk-featured-image/vulnerability/wordpress-bulk-featured-image-plugin-1-2-1-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
9. CVE-2025-28967
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Steve Truman Contact Us page - Contact people LITE allows SQL Injection. This issue affects Contact Us page - Contact people LITE: from n/a through 3.7.4.
References: https://patchstack.com/database/wordpress/plugin/contact-us-page-contact-people/vulnerability/wordpress-contact-us-page-contact-people-lite-plugin-3-7-4-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
10. CVE-2025-28969
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in cybio Gallery Widget allows SQL Injection. This issue affects Gallery Widget: from n/a through 1.2.1.
References: https://patchstack.com/database/wordpress/plugin/gallery-widget/vulnerability/wordpress-gallery-widget-plugin-1-2-1-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
11. CVE-2025-30947
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in gopiplus Cool fade popup allows Blind SQL Injection. This issue affects Cool fade popup: from n/a through 10.1.
References: https://patchstack.com/database/wordpress/plugin/cool-fade-popup/vulnerability/wordpress-cool-fade-popup-plugin-10-1-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
12. CVE-2025-30969
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in gopiplus iFrame Images Gallery allows SQL Injection. This issue affects iFrame Images Gallery: from n/a through 9.0.
References: https://patchstack.com/database/wordpress/plugin/wp-iframe-images-gallery/vulnerability/wordpress-iframe-images-gallery-plugin-9-0-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
13. CVE-2025-30979
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in gopiplus Pixelating image slideshow gallery allows SQL Injection. This issue affects Pixelating image slideshow gallery: from n/a through 8.0.
References: https://patchstack.com/database/wordpress/plugin/pixelating-image-slideshow-gallery/vulnerability/wordpress-pixelating-image-slideshow-gallery-plugin-8-0-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
14. CVE-2025-23970
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Incorrect Privilege Assignment vulnerability in aonetheme Service Finder Booking allows Privilege Escalation. This issue affects Service Finder Booking: from n/a through 6.0.
References: https://patchstack.com/database/wordpress/plugin/sf-booking/vulnerability/wordpress-service-finder-booking-6-0-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-266
Common Platform Enumerations (CPE): Not Found
15. CVE-2025-24771
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes Content Manager Light allows Reflected XSS. This issue affects Content Manager Light: from n/a through 3.2.
References: https://patchstack.com/database/wordpress/plugin/content-manager-light/vulnerability/wordpress-content-manager-light-plugin-3-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
16. CVE-2025-24780
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in printcart Printcart Web to Print Product Designer for WooCommerce allows SQL Injection. This issue affects Printcart Web to Print Product Designer for WooCommerce: from n/a through 2.4.0.
References: https://patchstack.com/database/wordpress/plugin/printcart-integration/vulnerability/wordpress-printcart-web-to-print-product-designer-for-woocommerce-2-3-9-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
17. CVE-2025-28968
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vladimir Prelovac WP Wall allows Reflected XSS. This issue affects WP Wall: from n/a through 1.7.3.
References: https://patchstack.com/database/wordpress/plugin/wp-wall/vulnerability/wordpress-wp-wall-plugin-1-7-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
18. CVE-2025-28978
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hung Trang Si SB Breadcrumbs allows Reflected XSS. This issue affects SB Breadcrumbs: from n/a through 1.0.
References: https://patchstack.com/database/wordpress/plugin/sb-breadcrumbs/vulnerability/wordpress-sb-breadcrumbs-plugin-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
19. CVE-2025-28980
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.0
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in machouinard Aviation Weather from NOAA allows Path Traversal. This issue affects Aviation Weather from NOAA: from n/a through 0.7.2.
References: https://patchstack.com/database/wordpress/plugin/aviation-weather-from-noaa/vulnerability/wordpress-aviation-weather-from-noaa-0-7-2-arbitrary-file-deletion-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
20. CVE-2025-28983
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ClickandPledge Click & Pledge Connect allows Privilege Escalation. This issue affects Click & Pledge Connect: from 25.04010101 through WP6.8.
References: https://patchstack.com/database/wordpress/plugin/click-pledge-connect/vulnerability/wordpress-click-pledge-connect-plugin-25-04010101-wp6-8-privilege-escalation-via-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
21. CVE-2025-30933
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in LiquidThemes LogisticsHub allows Upload a Web Shell to a Web Server. This issue affects LogisticsHub: from n/a through 1.1.6.
References: https://patchstack.com/database/wordpress/theme/logistics-hub/vulnerability/wordpress-logisticshub-1-1-6-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
22. CVE-2025-31037
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in favethemes Homey allows Reflected XSS. This issue affects Homey: from n/a through 2.4.5.
References: https://patchstack.com/database/wordpress/theme/homey/vulnerability/wordpress-homey-theme-2-4-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
23. CVE-2025-32297
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in quantumcloud Simple Link Directory allows SQL Injection. This issue affects Simple Link Directory: from n/a through 14.7.3.
References: https://patchstack.com/database/wordpress/plugin/qc-simple-link-directory/vulnerability/wordpress-simple-link-directory-pro-plugin-14-7-3-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
24. CVE-2025-32311
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuanticaLabs Pressroom - News Magazine WordPress Theme allows Reflected XSS. This issue affects Pressroom - News Magazine WordPress Theme: from n/a through 6.9.
References: https://patchstack.com/database/wordpress/theme/pressroom/vulnerability/wordpress-pressroom-news-magazine-wordpress-theme-theme-6-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
25. CVE-2025-39487
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ValvePress Rankie allows Reflected XSS. This issue affects Rankie: from n/a through 1.8.2.
References: https://patchstack.com/database/wordpress/plugin/valvepress-rankie/vulnerability/wordpress-rankie-plugin-1-8-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
26. CVE-2025-47627
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LCweb PrivateContent - Mail Actions allows PHP Local File Inclusion. This issue affects PrivateContent - Mail Actions: from n/a through 2.3.2.
References: https://patchstack.com/database/wordpress/plugin/private-content-mail-actions/vulnerability/wordpress-privatecontent-mail-actions-plugin-2-3-2-local-file-inclusion-vulnerability?_s_id=cve
CWE-ID: CWE-98
Common Platform Enumerations (CPE): Not Found
27. CVE-2025-49070
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NasaTheme Elessi allows PHP Local File Inclusion. This issue affects Elessi: from n/a through n/a.
References: https://patchstack.com/database/wordpress/theme/elessi-theme/vulnerability/wordpress-elessi-6-4-1-local-file-inclusion-vulnerability?_s_id=cve
CWE-ID: CWE-98
Common Platform Enumerations (CPE): Not Found
28. CVE-2025-49245
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cmoreira Testimonials Showcase allows Reflected XSS. This issue affects Testimonials Showcase: from n/a through 1.9.16.
References: https://patchstack.com/database/wordpress/plugin/testimonials-showcase/vulnerability/wordpress-testimonials-showcase-plugin-1-9-16-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
29. CVE-2025-49247
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cmoreira Team Showcase allows DOM-Based XSS. This issue affects Team Showcase: from n/a through n/a.
References: https://patchstack.com/database/wordpress/plugin/team-showcase-cm/vulnerability/wordpress-team-showcase-plugin-25-05-13-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
30. CVE-2025-49274
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in awplife Neom Blog allows Reflected XSS. This issue affects Neom Blog: from n/a through 0.0.9.
References: https://patchstack.com/database/wordpress/theme/neom-blog/vulnerability/wordpress-neom-blog-theme-0-0-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
31. CVE-2025-49302
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Scott Paterson Easy Stripe allows Remote Code Inclusion. This issue affects Easy Stripe: from n/a through 1.1.
References: https://patchstack.com/database/wordpress/plugin/easy-stripe/vulnerability/wordpress-easy-stripe-1-1-remote-code-execution-rce-vulnerability?_s_id=cve
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
32. CVE-2025-49414
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Fastw3b LLC FW Gallery allows Using Malicious Files. This issue affects FW Gallery: from n/a through 8.0.0.
References: https://patchstack.com/database/wordpress/plugin/fw-gallery/vulnerability/wordpress-fw-gallery-8-0-0-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
33. CVE-2025-49417
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Deserialization of Untrusted Data vulnerability in BestWpDeveloper WooCommerce Product Multi-Action allows Object Injection. This issue affects WooCommerce Product Multi-Action: from n/a through 1.3.
References: https://patchstack.com/database/wordpress/plugin/woo-product-multiaction/vulnerability/wordpress-woocommerce-product-multi-action-1-3-deserialization-of-untrusted-data-vulnerability?_s_id=cve
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
34. CVE-2025-49418
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 2.7
Description: Server-Side Request Forgery (SSRF) vulnerability in TeconceTheme Allmart allows Server Side Request Forgery. This issue affects Allmart: from n/a through 1.0.0.
References: https://patchstack.com/database/wordpress/plugin/allmart-core/vulnerability/wordpress-allmart-1-0-0-server-side-request-forgery-ssrf-vulnerability?_s_id=cve
CWE-ID: CWE-918
Common Platform Enumerations (CPE): Not Found
35. CVE-2025-49866
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nikel Beautiful Cookie Consent Banner allows Reflected XSS. This issue affects Beautiful Cookie Consent Banner: from n/a through 4.6.1.
References: https://patchstack.com/database/wordpress/plugin/beautiful-and-responsive-cookie-consent/vulnerability/wordpress-beautiful-cookie-consent-banner-4-6-1-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
36. CVE-2025-49867
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes allows Privilege Escalation. This issue affects RealHomes: from n/a through 4.4.0.
References: https://patchstack.com/database/wordpress/theme/realhomes/vulnerability/wordpress-realhomes-4-4-0-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-266
Common Platform Enumerations (CPE): Not Found
37. CVE-2025-49870
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozmoslabs Paid Member Subscriptions allows SQL Injection. This issue affects Paid Member Subscriptions: from n/a through 2.15.1.
References: https://patchstack.com/database/wordpress/plugin/paid-member-subscriptions/vulnerability/wordpress-paid-member-subscriptions-2-15-1-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
38. CVE-2025-4414
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in cmsmasters CMSMasters Content Composer allows PHP Local File Inclusion. This issue affects CMSMasters Content Composer: from n/a through n/a.
References: https://patchstack.com/database/wordpress/plugin/cmsmasters-content-composer/vulnerability/wordpress-cmsmasters-content-composer-2-5-7-local-file-inclusion-vulnerability?_s_id=cve
CWE-ID: CWE-98
Common Platform Enumerations (CPE): Not Found
39. CVE-2025-52718
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 2.7
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Bearsthemes Alone allows Remote Code Inclusion. This issue affects Alone: from n/a through 7.8.2.
References: https://patchstack.com/database/wordpress/theme/alone/vulnerability/wordpress-alone-7-8-2-arbitrary-code-execution-vulnerability?_s_id=cve
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
40. CVE-2025-52776
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thanhtungtnt Video List Manager allows Stored XSS. This issue affects Video List Manager: from n/a through 1.7.
References: https://patchstack.com/database/wordpress/plugin/video-list-manager/vulnerability/wordpress-video-list-manager-1-7-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
41. CVE-2025-52796
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tggfref WP-Recall allows Reflected XSS. This issue affects WP-Recall: from n/a through 16.26.14.
References: https://patchstack.com/database/wordpress/plugin/wp-recall/vulnerability/wordpress-wp-recall-16-26-14-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
42. CVE-2025-52798
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eyecix JobSearch allows Reflected XSS. This issue affects JobSearch: from n/a through 2.9.0.
References: https://patchstack.com/database/wordpress/plugin/wp-jobsearch/vulnerability/wordpress-jobsearch-2-9-0-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
43. CVE-2025-52805
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: Path Traversal vulnerability in VaultDweller Leyka allows PHP Local File Inclusion. This issue affects Leyka: from n/a through 3.31.9.
References: https://patchstack.com/database/wordpress/plugin/leyka/vulnerability/wordpress-leyka-3-31-9-local-file-inclusion-vulnerability?_s_id=cve
CWE-ID: CWE-35
Common Platform Enumerations (CPE): Not Found
44. CVE-2025-52807
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusWP Kossy - Minimalist eCommerce WordPress Theme allows PHP Local File Inclusion. This issue affects Kossy - Minimalist eCommerce WordPress Theme: from n/a through 1.45.
References: https://patchstack.com/database/wordpress/theme/kossy/vulnerability/wordpress-kossy-minimalist-ecommerce-wordpress-theme-1-45-local-file-inclusion-vulnerability?_s_id=cve
CWE-ID: CWE-98
Common Platform Enumerations (CPE): Not Found
45. CVE-2025-52813
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: Missing Authorization vulnerability in pietro MobiLoud allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MobiLoud: from n/a through 4.6.5.
References: https://patchstack.com/database/wordpress/plugin/mobiloud-mobile-app-plugin/vulnerability/wordpress-mobiloud-4-6-5-broken-access-control-vulnerability?_s_id=cve
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
46. CVE-2025-52828
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Deserialization of Untrusted Data vulnerability in designthemes Red Art allows Object Injection. This issue affects Red Art: from n/a through 3.7.
References: https://patchstack.com/database/wordpress/theme/redart/vulnerability/wordpress-red-art-3-7-php-object-injection-vulnerability?_s_id=cve
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
47. CVE-2025-52830
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bsecuretech bSecure – Your Universal Checkout allows Blind SQL Injection. This issue affects bSecure – Your Universal Checkout: from n/a through 1.7.9.
References: https://patchstack.com/database/wordpress/plugin/bsecure/vulnerability/wordpress-bsecure-your-universal-checkout-1-7-9-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
48. CVE-2025-52831
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in thanhtungtnt Video List Manager allows SQL Injection. This issue affects Video List Manager: from n/a through 1.7.
References: https://patchstack.com/database/wordpress/plugin/video-list-manager/vulnerability/wordpress-video-list-manager-1-7-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
49. CVE-2025-52832
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpo-HR NGG Smart Image Search allows SQL Injection. This issue affects NGG Smart Image Search: from n/a through 3.4.1.
References: https://patchstack.com/database/wordpress/plugin/ngg-smart-image-search/vulnerability/wordpress-ngg-smart-image-search-3-4-1-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
50. CVE-2025-52833
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in designthemes LMS allows SQL Injection. This issue affects LMS: from n/a through 9.1.
References: https://patchstack.com/database/wordpress/theme/lms/vulnerability/wordpress-lms-9-1-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
51. CVE-2025-49809
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.1
Impact Score: 6.0
Description: mtr through 0.95, in certain privileged contexts, mishandles execution of a program specified by the MTR_PACKET environment variable. NOTE: mtr on macOS may often have Sudo rules, as an indirect consequence of Homebrew not installing setuid binaries.
References: https://github.com/Homebrew/homebrew-core/issues/35085
https://github.com/traviscross/mtr/blob/master/SECURITY
https://github.com/traviscross/mtr/commit/5226f105f087c29d3cfad9f28000e7536af91ac6
CWE-ID: CWE-829
Common Platform Enumerations (CPE): Not Found
52. CVE-2025-46733
Base Score: 7.9
Base Severity: HIGH
Exploitability Score: 2.0
Impact Score: 5.3
Description: OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In version 4.5.0, using a specially crafted tee-supplicant binary running in REE userspace, an attacker can trigger a panic in a TA that uses the libutee Secure Storage API. Many functions in libutee, specifically those which make up the Secure Storage API, will panic if a system call returns an unexpected return code. This behavior is mandated by the TEE Internal Core API specification. However, in OP-TEE’s implementation, return codes of secure storage operations are passed through unsanitized from the REE tee-supplicant, through the Linux kernel tee-driver, through the OP-TEE kernel, back to libutee. Thus, an attacker with access to REE userspace, and the ability to stop tee-supplicant and replace it with their own process (generally trivial for a root user, and depending on the way permissions are set up, potentially available even to less privileged users) can run a malicious tee-supplicant process that responds to storage requests with unexpected response codes, triggering a panic in the requesting TA. This is particularly dangerous for TAs built with `TA_FLAG_SINGLE_INSTANCE` (corresponding to `gpd.ta.singleInstance` and `TA_FLAG_INSTANCE_KEEP_ALIVE` (corresponding to `gpd.ta.keepAlive`). The behavior of these TAs may depend on memory that is preserved between sessions, and the ability of an attacker to panic the TA and reload it with a clean memory space can compromise the behavior of those TAs. A critical example of this is the optee_ftpm TA. It uses the kept alive memory to hold PCR values, which crucially must be non-resettable. An attacker who can trigger a panic in the fTPM TA can reset the PCRs, and then extend them PCRs with whatever they choose, falsifying boot measurements, accessing sealed data, and potentially more. The impact of this issue depends significantly on the behavior of affected TAs. For some, it could manifest as a denial of service, while for others, like the fTPM TA, it can result in the disclosure of sensitive data. Anyone running the fTPM TA is affected, but similar attacks may be possible on other TAs that leverage the Secure Storage API. A fix is available in commit 941a58d78c99c4754fbd4ec3079ec9e1d596af8f.
References: https://github.com/OP-TEE/optee_os/commit/941a58d78c99c4754fbd4ec3079ec9e1d596af8f
https://github.com/OP-TEE/optee_os/security/advisories/GHSA-f35r-hm2m-p6c3
CWE-ID: CWE-755
Common Platform Enumerations (CPE): Not Found
53. CVE-2025-52496
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.4
Impact Score: 5.8
Description: Mbed TLS before 3.6.4 has a race condition in AESNI detection if certain compiler optimizations occur. An attacker may be able to extract an AES key from a multithreaded program, or perform a GCM forgery.
References: https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-1.md
CWE-ID: CWE-733
Common Platform Enumerations (CPE): Not Found
54. CVE-2025-48952
Base Score: 9.4
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.5
Description: NetAlertX is a network, presence scanner, and alert framework. Prior to version 25.6.7, a vulnerability in the authentication logic allows users to bypass password verification using SHA-256 magic hashes, due to loose comparison in PHP. In vulnerable versions of the application, a password comparison is performed using the `==` operator at line 40 in front/index.php. This introduces a security issue where specially crafted "magic hash" values that evaluate to true in a loose comparison can bypass authentication. Because of the use of `==` instead of the strict `===`, different strings that begin with 0e and are followed by only digits can be interpreted as scientific notation (i.e., zero) and treated as equal. This issue falls under the Login Bypass vulnerability class. Users with certain "weird" passwords that produce magic hashes are particularly affected. Services relying on this logic are at risk of unauthorized access. Version 25.6.7 fixes the vulnerability.
References: https://github.com/jokob-sk/NetAlertX/security/advisories/GHSA-4p4p-vq2v-9489
CWE-ID: CWE-697
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between July 04-05, 2025.
During this period, The National Vulnerability Database published 186, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 13
High: 41
Medium: 58
Low: 1
Severity Not Assigned: 73
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2025-5953
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The WP Human Resource Management plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization in the ajax_insert_employee() and update_empoyee() functions in versions 2.0.0 through 2.2.17. The AJAX handler reads the client-supplied $_POST['role'] and, after basic cleaning via hrm_clean(), passes it directly to wp_insert_user() and later to $user->set_role() without verifying that the current user is allowed to assign that role. This makes it possible for authenticated attackers, with Employee-level access and above, to elevate their privileges to administrator.
References: https://plugins.trac.wordpress.org/browser/hrm/tags/2.2.17/class/employee.php#L543
https://plugins.trac.wordpress.org/browser/hrm/tags/2.2.17/class/employee.php#L591
https://plugins.trac.wordpress.org/browser/hrm/tags/2.2.17/class/employee.php#L89
https://wordpress.org/plugins/hrm/#developers
https://www.wordfence.com/threat-intel/vulnerabilities/id/3ba33a18-429f-4a3e-b018-bdfbbe6e8482?source=cve
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
2. CVE-2025-6238
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: The AI Engine plugin for WordPress is vulnerable to open redirect in version 2.8.4. This is due to an insecure OAuth implementation, as the 'redirect_uri' parameter is missing validation during the authorization flow. This makes it possible for unauthenticated attackers to intercept the authorization code and obtain an access token by redirecting the user to an attacker-controlled URI. Note: OAuth is disabled, the 'Meow_MWAI_Labs_OAuth' class is not loaded in the plugin in the patched version 2.8.5.
References: https://plugins.trac.wordpress.org/browser/ai-engine/tags/2.8.4/labs/oauth.php
https://plugins.trac.wordpress.org/changeset/3321384/ai-engine/trunk/labs/mcp.php
https://plugins.trac.wordpress.org/changeset/3321384/ai-engine/trunk/labs/oauth.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/1edc84fd-8cb5-4899-9444-1b6ae3144917?source=cve
CWE-ID: CWE-601
Common Platform Enumerations (CPE): Not Found
3. CVE-2025-6586
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: The Download Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the dpwap_plugin_locInstall function in all versions up to, and including, 2.2.8. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
References: https://plugins.trac.wordpress.org/browser/download-plugin/tags/2.2.8/app/Plugins/Dpwapuploader.php#L300
https://www.wordfence.com/threat-intel/vulnerabilities/id/37734c25-cce3-41fb-babf-714ba7a4bced?source=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
4. CVE-2025-6782
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The GoZen Forms plugin for WordPress is vulnerable to SQL Injection via the 'forms-id' parameter of the dirGZActiveForm() function in all versions up to, and including, 1.1.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://wordpress.org/plugins/gozen-forms/
https://www.wordfence.com/threat-intel/vulnerabilities/id/d874a041-1cd4-4ca1-85bd-4050630d8502?source=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
5. CVE-2025-6783
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The GoZen Forms plugin for WordPress is vulnerable to SQL Injection via the 'forms-id' parameter of the emdedSc() function in all versions up to, and including, 1.1.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://wordpress.org/plugins/gozen-forms/
https://www.wordfence.com/threat-intel/vulnerabilities/id/784998a7-550d-4299-9995-af01e5ee1d21?source=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
6. CVE-2025-6814
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The Booking X plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_now() function in versions 1.0 to 1.1.2. This makes it possible for unauthenticated attackers to download all plugin data, including user accounts, user meta, and PayPal credentials, by issuing a crafted POST request.
References: https://plugins.trac.wordpress.org/browser/booking-x/tags/1.1.2/admin/class-bookingx-admin.php#L784
https://plugins.trac.wordpress.org/browser/booking-x/tags/1.1.2/includes/class-bookingx.php#L322
https://wordpress.org/plugins/booking-x/#developers
https://www.wordfence.com/threat-intel/vulnerabilities/id/6a30d572-e086-4b83-8cb7-4cef9a3253bd?source=cve
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
7. CVE-2025-24748
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup All In One Slider Responsive allows SQL Injection. This issue affects All In One Slider Responsive: from n/a through 3.7.9.
References: https://patchstack.com/database/wordpress/plugin/all_in_one_carousel/vulnerability/wordpress-all-in-one-slider-responsive-plugin-3-7-9-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
8. CVE-2025-28951
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in CreedAlly Bulk Featured Image allows Upload a Web Shell to a Web Server. This issue affects Bulk Featured Image: from n/a through 1.2.1.
References: https://patchstack.com/database/wordpress/plugin/bulk-featured-image/vulnerability/wordpress-bulk-featured-image-plugin-1-2-1-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
9. CVE-2025-28967
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Steve Truman Contact Us page - Contact people LITE allows SQL Injection. This issue affects Contact Us page - Contact people LITE: from n/a through 3.7.4.
References: https://patchstack.com/database/wordpress/plugin/contact-us-page-contact-people/vulnerability/wordpress-contact-us-page-contact-people-lite-plugin-3-7-4-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
10. CVE-2025-28969
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in cybio Gallery Widget allows SQL Injection. This issue affects Gallery Widget: from n/a through 1.2.1.
References: https://patchstack.com/database/wordpress/plugin/gallery-widget/vulnerability/wordpress-gallery-widget-plugin-1-2-1-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
11. CVE-2025-30947
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in gopiplus Cool fade popup allows Blind SQL Injection. This issue affects Cool fade popup: from n/a through 10.1.
References: https://patchstack.com/database/wordpress/plugin/cool-fade-popup/vulnerability/wordpress-cool-fade-popup-plugin-10-1-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
12. CVE-2025-30969
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in gopiplus iFrame Images Gallery allows SQL Injection. This issue affects iFrame Images Gallery: from n/a through 9.0.
References: https://patchstack.com/database/wordpress/plugin/wp-iframe-images-gallery/vulnerability/wordpress-iframe-images-gallery-plugin-9-0-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
13. CVE-2025-30979
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in gopiplus Pixelating image slideshow gallery allows SQL Injection. This issue affects Pixelating image slideshow gallery: from n/a through 8.0.
References: https://patchstack.com/database/wordpress/plugin/pixelating-image-slideshow-gallery/vulnerability/wordpress-pixelating-image-slideshow-gallery-plugin-8-0-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
14. CVE-2025-23970
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Incorrect Privilege Assignment vulnerability in aonetheme Service Finder Booking allows Privilege Escalation. This issue affects Service Finder Booking: from n/a through 6.0.
References: https://patchstack.com/database/wordpress/plugin/sf-booking/vulnerability/wordpress-service-finder-booking-6-0-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-266
Common Platform Enumerations (CPE): Not Found
15. CVE-2025-24771
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes Content Manager Light allows Reflected XSS. This issue affects Content Manager Light: from n/a through 3.2.
References: https://patchstack.com/database/wordpress/plugin/content-manager-light/vulnerability/wordpress-content-manager-light-plugin-3-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
16. CVE-2025-24780
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in printcart Printcart Web to Print Product Designer for WooCommerce allows SQL Injection. This issue affects Printcart Web to Print Product Designer for WooCommerce: from n/a through 2.4.0.
References: https://patchstack.com/database/wordpress/plugin/printcart-integration/vulnerability/wordpress-printcart-web-to-print-product-designer-for-woocommerce-2-3-9-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
17. CVE-2025-28968
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vladimir Prelovac WP Wall allows Reflected XSS. This issue affects WP Wall: from n/a through 1.7.3.
References: https://patchstack.com/database/wordpress/plugin/wp-wall/vulnerability/wordpress-wp-wall-plugin-1-7-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
18. CVE-2025-28978
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hung Trang Si SB Breadcrumbs allows Reflected XSS. This issue affects SB Breadcrumbs: from n/a through 1.0.
References: https://patchstack.com/database/wordpress/plugin/sb-breadcrumbs/vulnerability/wordpress-sb-breadcrumbs-plugin-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
19. CVE-2025-28980
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.0
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in machouinard Aviation Weather from NOAA allows Path Traversal. This issue affects Aviation Weather from NOAA: from n/a through 0.7.2.
References: https://patchstack.com/database/wordpress/plugin/aviation-weather-from-noaa/vulnerability/wordpress-aviation-weather-from-noaa-0-7-2-arbitrary-file-deletion-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
20. CVE-2025-28983
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ClickandPledge Click & Pledge Connect allows Privilege Escalation. This issue affects Click & Pledge Connect: from 25.04010101 through WP6.8.
References: https://patchstack.com/database/wordpress/plugin/click-pledge-connect/vulnerability/wordpress-click-pledge-connect-plugin-25-04010101-wp6-8-privilege-escalation-via-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
21. CVE-2025-30933
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in LiquidThemes LogisticsHub allows Upload a Web Shell to a Web Server. This issue affects LogisticsHub: from n/a through 1.1.6.
References: https://patchstack.com/database/wordpress/theme/logistics-hub/vulnerability/wordpress-logisticshub-1-1-6-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
22. CVE-2025-31037
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in favethemes Homey allows Reflected XSS. This issue affects Homey: from n/a through 2.4.5.
References: https://patchstack.com/database/wordpress/theme/homey/vulnerability/wordpress-homey-theme-2-4-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
23. CVE-2025-32297
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in quantumcloud Simple Link Directory allows SQL Injection. This issue affects Simple Link Directory: from n/a through 14.7.3.
References: https://patchstack.com/database/wordpress/plugin/qc-simple-link-directory/vulnerability/wordpress-simple-link-directory-pro-plugin-14-7-3-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
24. CVE-2025-32311
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuanticaLabs Pressroom - News Magazine WordPress Theme allows Reflected XSS. This issue affects Pressroom - News Magazine WordPress Theme: from n/a through 6.9.
References: https://patchstack.com/database/wordpress/theme/pressroom/vulnerability/wordpress-pressroom-news-magazine-wordpress-theme-theme-6-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
25. CVE-2025-39487
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ValvePress Rankie allows Reflected XSS. This issue affects Rankie: from n/a through 1.8.2.
References: https://patchstack.com/database/wordpress/plugin/valvepress-rankie/vulnerability/wordpress-rankie-plugin-1-8-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
26. CVE-2025-47627
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LCweb PrivateContent - Mail Actions allows PHP Local File Inclusion. This issue affects PrivateContent - Mail Actions: from n/a through 2.3.2.
References: https://patchstack.com/database/wordpress/plugin/private-content-mail-actions/vulnerability/wordpress-privatecontent-mail-actions-plugin-2-3-2-local-file-inclusion-vulnerability?_s_id=cve
CWE-ID: CWE-98
Common Platform Enumerations (CPE): Not Found
27. CVE-2025-49070
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NasaTheme Elessi allows PHP Local File Inclusion. This issue affects Elessi: from n/a through n/a.
References: https://patchstack.com/database/wordpress/theme/elessi-theme/vulnerability/wordpress-elessi-6-4-1-local-file-inclusion-vulnerability?_s_id=cve
CWE-ID: CWE-98
Common Platform Enumerations (CPE): Not Found
28. CVE-2025-49245
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cmoreira Testimonials Showcase allows Reflected XSS. This issue affects Testimonials Showcase: from n/a through 1.9.16.
References: https://patchstack.com/database/wordpress/plugin/testimonials-showcase/vulnerability/wordpress-testimonials-showcase-plugin-1-9-16-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
29. CVE-2025-49247
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cmoreira Team Showcase allows DOM-Based XSS. This issue affects Team Showcase: from n/a through n/a.
References: https://patchstack.com/database/wordpress/plugin/team-showcase-cm/vulnerability/wordpress-team-showcase-plugin-25-05-13-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
30. CVE-2025-49274
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in awplife Neom Blog allows Reflected XSS. This issue affects Neom Blog: from n/a through 0.0.9.
References: https://patchstack.com/database/wordpress/theme/neom-blog/vulnerability/wordpress-neom-blog-theme-0-0-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
31. CVE-2025-49302
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Scott Paterson Easy Stripe allows Remote Code Inclusion. This issue affects Easy Stripe: from n/a through 1.1.
References: https://patchstack.com/database/wordpress/plugin/easy-stripe/vulnerability/wordpress-easy-stripe-1-1-remote-code-execution-rce-vulnerability?_s_id=cve
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
32. CVE-2025-49414
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Fastw3b LLC FW Gallery allows Using Malicious Files. This issue affects FW Gallery: from n/a through 8.0.0.
References: https://patchstack.com/database/wordpress/plugin/fw-gallery/vulnerability/wordpress-fw-gallery-8-0-0-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
33. CVE-2025-49417
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Deserialization of Untrusted Data vulnerability in BestWpDeveloper WooCommerce Product Multi-Action allows Object Injection. This issue affects WooCommerce Product Multi-Action: from n/a through 1.3.
References: https://patchstack.com/database/wordpress/plugin/woo-product-multiaction/vulnerability/wordpress-woocommerce-product-multi-action-1-3-deserialization-of-untrusted-data-vulnerability?_s_id=cve
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
34. CVE-2025-49418
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 2.7
Description: Server-Side Request Forgery (SSRF) vulnerability in TeconceTheme Allmart allows Server Side Request Forgery. This issue affects Allmart: from n/a through 1.0.0.
References: https://patchstack.com/database/wordpress/plugin/allmart-core/vulnerability/wordpress-allmart-1-0-0-server-side-request-forgery-ssrf-vulnerability?_s_id=cve
CWE-ID: CWE-918
Common Platform Enumerations (CPE): Not Found
35. CVE-2025-49866
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nikel Beautiful Cookie Consent Banner allows Reflected XSS. This issue affects Beautiful Cookie Consent Banner: from n/a through 4.6.1.
References: https://patchstack.com/database/wordpress/plugin/beautiful-and-responsive-cookie-consent/vulnerability/wordpress-beautiful-cookie-consent-banner-4-6-1-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
36. CVE-2025-49867
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes allows Privilege Escalation. This issue affects RealHomes: from n/a through 4.4.0.
References: https://patchstack.com/database/wordpress/theme/realhomes/vulnerability/wordpress-realhomes-4-4-0-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-266
Common Platform Enumerations (CPE): Not Found
37. CVE-2025-49870
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozmoslabs Paid Member Subscriptions allows SQL Injection. This issue affects Paid Member Subscriptions: from n/a through 2.15.1.
References: https://patchstack.com/database/wordpress/plugin/paid-member-subscriptions/vulnerability/wordpress-paid-member-subscriptions-2-15-1-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
38. CVE-2025-4414
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in cmsmasters CMSMasters Content Composer allows PHP Local File Inclusion. This issue affects CMSMasters Content Composer: from n/a through n/a.
References: https://patchstack.com/database/wordpress/plugin/cmsmasters-content-composer/vulnerability/wordpress-cmsmasters-content-composer-2-5-7-local-file-inclusion-vulnerability?_s_id=cve
CWE-ID: CWE-98
Common Platform Enumerations (CPE): Not Found
39. CVE-2025-52718
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 2.7
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Bearsthemes Alone allows Remote Code Inclusion. This issue affects Alone: from n/a through 7.8.2.
References: https://patchstack.com/database/wordpress/theme/alone/vulnerability/wordpress-alone-7-8-2-arbitrary-code-execution-vulnerability?_s_id=cve
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
40. CVE-2025-52776
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thanhtungtnt Video List Manager allows Stored XSS. This issue affects Video List Manager: from n/a through 1.7.
References: https://patchstack.com/database/wordpress/plugin/video-list-manager/vulnerability/wordpress-video-list-manager-1-7-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
41. CVE-2025-52796
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tggfref WP-Recall allows Reflected XSS. This issue affects WP-Recall: from n/a through 16.26.14.
References: https://patchstack.com/database/wordpress/plugin/wp-recall/vulnerability/wordpress-wp-recall-16-26-14-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
42. CVE-2025-52798
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eyecix JobSearch allows Reflected XSS. This issue affects JobSearch: from n/a through 2.9.0.
References: https://patchstack.com/database/wordpress/plugin/wp-jobsearch/vulnerability/wordpress-jobsearch-2-9-0-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
43. CVE-2025-52805
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: Path Traversal vulnerability in VaultDweller Leyka allows PHP Local File Inclusion. This issue affects Leyka: from n/a through 3.31.9.
References: https://patchstack.com/database/wordpress/plugin/leyka/vulnerability/wordpress-leyka-3-31-9-local-file-inclusion-vulnerability?_s_id=cve
CWE-ID: CWE-35
Common Platform Enumerations (CPE): Not Found
44. CVE-2025-52807
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusWP Kossy - Minimalist eCommerce WordPress Theme allows PHP Local File Inclusion. This issue affects Kossy - Minimalist eCommerce WordPress Theme: from n/a through 1.45.
References: https://patchstack.com/database/wordpress/theme/kossy/vulnerability/wordpress-kossy-minimalist-ecommerce-wordpress-theme-1-45-local-file-inclusion-vulnerability?_s_id=cve
CWE-ID: CWE-98
Common Platform Enumerations (CPE): Not Found
45. CVE-2025-52813
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: Missing Authorization vulnerability in pietro MobiLoud allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MobiLoud: from n/a through 4.6.5.
References: https://patchstack.com/database/wordpress/plugin/mobiloud-mobile-app-plugin/vulnerability/wordpress-mobiloud-4-6-5-broken-access-control-vulnerability?_s_id=cve
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
46. CVE-2025-52828
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Deserialization of Untrusted Data vulnerability in designthemes Red Art allows Object Injection. This issue affects Red Art: from n/a through 3.7.
References: https://patchstack.com/database/wordpress/theme/redart/vulnerability/wordpress-red-art-3-7-php-object-injection-vulnerability?_s_id=cve
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
47. CVE-2025-52830
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bsecuretech bSecure – Your Universal Checkout allows Blind SQL Injection. This issue affects bSecure – Your Universal Checkout: from n/a through 1.7.9.
References: https://patchstack.com/database/wordpress/plugin/bsecure/vulnerability/wordpress-bsecure-your-universal-checkout-1-7-9-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
48. CVE-2025-52831
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in thanhtungtnt Video List Manager allows SQL Injection. This issue affects Video List Manager: from n/a through 1.7.
References: https://patchstack.com/database/wordpress/plugin/video-list-manager/vulnerability/wordpress-video-list-manager-1-7-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
49. CVE-2025-52832
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpo-HR NGG Smart Image Search allows SQL Injection. This issue affects NGG Smart Image Search: from n/a through 3.4.1.
References: https://patchstack.com/database/wordpress/plugin/ngg-smart-image-search/vulnerability/wordpress-ngg-smart-image-search-3-4-1-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
50. CVE-2025-52833
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in designthemes LMS allows SQL Injection. This issue affects LMS: from n/a through 9.1.
References: https://patchstack.com/database/wordpress/theme/lms/vulnerability/wordpress-lms-9-1-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
51. CVE-2025-49809
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.1
Impact Score: 6.0
Description: mtr through 0.95, in certain privileged contexts, mishandles execution of a program specified by the MTR_PACKET environment variable. NOTE: mtr on macOS may often have Sudo rules, as an indirect consequence of Homebrew not installing setuid binaries.
References: https://github.com/Homebrew/homebrew-core/issues/35085
https://github.com/traviscross/mtr/blob/master/SECURITY
https://github.com/traviscross/mtr/commit/5226f105f087c29d3cfad9f28000e7536af91ac6
CWE-ID: CWE-829
Common Platform Enumerations (CPE): Not Found
52. CVE-2025-46733
Base Score: 7.9
Base Severity: HIGH
Exploitability Score: 2.0
Impact Score: 5.3
Description: OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In version 4.5.0, using a specially crafted tee-supplicant binary running in REE userspace, an attacker can trigger a panic in a TA that uses the libutee Secure Storage API. Many functions in libutee, specifically those which make up the Secure Storage API, will panic if a system call returns an unexpected return code. This behavior is mandated by the TEE Internal Core API specification. However, in OP-TEE’s implementation, return codes of secure storage operations are passed through unsanitized from the REE tee-supplicant, through the Linux kernel tee-driver, through the OP-TEE kernel, back to libutee. Thus, an attacker with access to REE userspace, and the ability to stop tee-supplicant and replace it with their own process (generally trivial for a root user, and depending on the way permissions are set up, potentially available even to less privileged users) can run a malicious tee-supplicant process that responds to storage requests with unexpected response codes, triggering a panic in the requesting TA. This is particularly dangerous for TAs built with `TA_FLAG_SINGLE_INSTANCE` (corresponding to `gpd.ta.singleInstance` and `TA_FLAG_INSTANCE_KEEP_ALIVE` (corresponding to `gpd.ta.keepAlive`). The behavior of these TAs may depend on memory that is preserved between sessions, and the ability of an attacker to panic the TA and reload it with a clean memory space can compromise the behavior of those TAs. A critical example of this is the optee_ftpm TA. It uses the kept alive memory to hold PCR values, which crucially must be non-resettable. An attacker who can trigger a panic in the fTPM TA can reset the PCRs, and then extend them PCRs with whatever they choose, falsifying boot measurements, accessing sealed data, and potentially more. The impact of this issue depends significantly on the behavior of affected TAs. For some, it could manifest as a denial of service, while for others, like the fTPM TA, it can result in the disclosure of sensitive data. Anyone running the fTPM TA is affected, but similar attacks may be possible on other TAs that leverage the Secure Storage API. A fix is available in commit 941a58d78c99c4754fbd4ec3079ec9e1d596af8f.
References: https://github.com/OP-TEE/optee_os/commit/941a58d78c99c4754fbd4ec3079ec9e1d596af8f
https://github.com/OP-TEE/optee_os/security/advisories/GHSA-f35r-hm2m-p6c3
CWE-ID: CWE-755
Common Platform Enumerations (CPE): Not Found
53. CVE-2025-52496
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.4
Impact Score: 5.8
Description: Mbed TLS before 3.6.4 has a race condition in AESNI detection if certain compiler optimizations occur. An attacker may be able to extract an AES key from a multithreaded program, or perform a GCM forgery.
References: https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-1.md
CWE-ID: CWE-733
Common Platform Enumerations (CPE): Not Found
54. CVE-2025-48952
Base Score: 9.4
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.5
Description: NetAlertX is a network, presence scanner, and alert framework. Prior to version 25.6.7, a vulnerability in the authentication logic allows users to bypass password verification using SHA-256 magic hashes, due to loose comparison in PHP. In vulnerable versions of the application, a password comparison is performed using the `==` operator at line 40 in front/index.php. This introduces a security issue where specially crafted "magic hash" values that evaluate to true in a loose comparison can bypass authentication. Because of the use of `==` instead of the strict `===`, different strings that begin with 0e and are followed by only digits can be interpreted as scientific notation (i.e., zero) and treated as equal. This issue falls under the Login Bypass vulnerability class. Users with certain "weird" passwords that produce magic hashes are particularly affected. Services relying on this logic are at risk of unauthorized access. Version 25.6.7 fixes the vulnerability.
References: https://github.com/jokob-sk/NetAlertX/security/advisories/GHSA-4p4p-vq2v-9489
CWE-ID: CWE-697
Common Platform Enumerations (CPE): Not Found