In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between October 25-26, 2025.
During this period, The National Vulnerability Database published 39, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 0
High: 7
Medium: 23
Low: 2
Severity Not Assigned: 7
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2025-11238
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 2.7
Description: The Watu Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTTP Referer header in versions less than, or equal to, 3.4.4 due to insufficient input sanitization and output escaping when the "Save source URL" option is enabled. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever an user accesses an injected page.
References: https://plugins.trac.wordpress.org/changeset/3373855/watu
https://www.wordfence.com/threat-intel/vulnerabilities/id/168e7eac-21ad-43ca-93d1-73c38e12bc29?source=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
2. CVE-2025-12095
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Simple Registration for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.8. This is due to missing nonce validation on the role requests admin page handler in the includes/display-role-admin.php file. This makes it possible for unauthenticated attackers to approve pending role requests and escalate user privileges via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
References: https://plugins.trac.wordpress.org/browser/woocommerce-simple-registration/tags/1.5.8/includes/display-role-admin.php#L132
https://plugins.trac.wordpress.org/changeset/3383124
https://www.wordfence.com/threat-intel/vulnerabilities/id/9c32fcaf-afc3-4493-8cd8-6f49bbe40c7b?source=cve
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
3. CVE-2025-10488
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to arbitrary file move due to insufficient file path validation in the add_listing_action AJAX action in all versions up to, and including, 8.4.8. This makes it possible for unauthenticated attackers to move arbitrary files on the server, which can easily lead to remote code execution when the right file is moved (such as wp-config.php).
References: https://plugins.trac.wordpress.org/browser/directorist/tags/8.4.5/includes/classes/class-add-listing.php#L634
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3377181%40directorist&new=3377181%40directorist&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/2249ef72-9955-4636-b32f-e88720923268?source=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
4. CVE-2025-11893
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to SQL Injection via the donation_ids parameter in all versions up to, and including, 1.8.8.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Exploitation of the vulnerability requires a paid donation.
References: https://plugins.trac.wordpress.org/browser/charitable/trunk/includes/abstracts/abstract-class-charitable-query.php#L194
https://plugins.trac.wordpress.org/changeset/3382719/charitable/trunk/includes/abstracts/abstract-class-charitable-query.php?contextall=1
https://www.wordfence.com/threat-intel/vulnerabilities/id/46b7820c-f36d-4c7d-b326-07259786fc6a?source=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
5. CVE-2025-4203
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The wpForo Forum plugin for WordPress is vulnerable to error‐based or time-based SQL Injection via the get_members() function in all versions up to, and including, 2.4.8 due to missing integer validation on the 'offset' and 'row_count' parameters. The function blindly interpolates 'row_count' into a 'LIMIT offset,row_count' clause using esc_sql() rather than enforcing numeric values. MySQL 5.x’s grammar allows a 'PROCEDURE ANALYSE' clause immediately after a LIMIT clause. Unauthenticated attackers controlling 'row_count' can append a stored‐procedure call, enabling error‐based or time‐based blind SQL injection that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/browser/wpforo/tags/2.4.5/classes/Members.php#L1557
https://plugins.trac.wordpress.org/browser/wpforo/tags/2.4.9/classes/Members.php#L1557
https://wordpress.org/plugins/wpforo/#developers
https://www.wordfence.com/threat-intel/vulnerabilities/id/bc406e8a-c4eb-45c3-a53c-37644e0dabfa?source=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
6. CVE-2025-8416
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The Product Filter by WBW plugin for WordPress is vulnerable to SQL Injection via the 'filtersDataBackend' parameter in all versions up to, and including, 2.9.7. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/browser/woo-product-filter/tags/2.8.6/modules/woofilters/controller.php#L136
https://plugins.trac.wordpress.org/browser/woo-product-filter/tags/2.8.6/modules/woofilters/mod.php#L2056
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3370655%40woo-product-filter&new=3370655%40woo-product-filter&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/d1533e9a-dcb9-4fbb-a1a7-7f4dafd3a1c8?source=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
7. CVE-2025-9322
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions plugin for WordPress is vulnerable to SQL Injection via the 'wpfs-form-name' parameter in all versions up to, and including, 8.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3378785%40wp-full-stripe-free&new=3378785%40wp-full-stripe-free&sfp_email=&sfph_mail=#file6
https://www.wordfence.com/threat-intel/vulnerabilities/id/886b612a-d0d1-4880-b423-eb62410a28cd?source=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between October 25-26, 2025.
During this period, The National Vulnerability Database published 39, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 0
High: 7
Medium: 23
Low: 2
Severity Not Assigned: 7
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2025-11238
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 2.7
Description: The Watu Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTTP Referer header in versions less than, or equal to, 3.4.4 due to insufficient input sanitization and output escaping when the "Save source URL" option is enabled. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever an user accesses an injected page.
References: https://plugins.trac.wordpress.org/changeset/3373855/watu
https://www.wordfence.com/threat-intel/vulnerabilities/id/168e7eac-21ad-43ca-93d1-73c38e12bc29?source=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
2. CVE-2025-12095
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Simple Registration for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.8. This is due to missing nonce validation on the role requests admin page handler in the includes/display-role-admin.php file. This makes it possible for unauthenticated attackers to approve pending role requests and escalate user privileges via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
References: https://plugins.trac.wordpress.org/browser/woocommerce-simple-registration/tags/1.5.8/includes/display-role-admin.php#L132
https://plugins.trac.wordpress.org/changeset/3383124
https://www.wordfence.com/threat-intel/vulnerabilities/id/9c32fcaf-afc3-4493-8cd8-6f49bbe40c7b?source=cve
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
3. CVE-2025-10488
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to arbitrary file move due to insufficient file path validation in the add_listing_action AJAX action in all versions up to, and including, 8.4.8. This makes it possible for unauthenticated attackers to move arbitrary files on the server, which can easily lead to remote code execution when the right file is moved (such as wp-config.php).
References: https://plugins.trac.wordpress.org/browser/directorist/tags/8.4.5/includes/classes/class-add-listing.php#L634
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3377181%40directorist&new=3377181%40directorist&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/2249ef72-9955-4636-b32f-e88720923268?source=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
4. CVE-2025-11893
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to SQL Injection via the donation_ids parameter in all versions up to, and including, 1.8.8.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Exploitation of the vulnerability requires a paid donation.
References: https://plugins.trac.wordpress.org/browser/charitable/trunk/includes/abstracts/abstract-class-charitable-query.php#L194
https://plugins.trac.wordpress.org/changeset/3382719/charitable/trunk/includes/abstracts/abstract-class-charitable-query.php?contextall=1
https://www.wordfence.com/threat-intel/vulnerabilities/id/46b7820c-f36d-4c7d-b326-07259786fc6a?source=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
5. CVE-2025-4203
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The wpForo Forum plugin for WordPress is vulnerable to error‐based or time-based SQL Injection via the get_members() function in all versions up to, and including, 2.4.8 due to missing integer validation on the 'offset' and 'row_count' parameters. The function blindly interpolates 'row_count' into a 'LIMIT offset,row_count' clause using esc_sql() rather than enforcing numeric values. MySQL 5.x’s grammar allows a 'PROCEDURE ANALYSE' clause immediately after a LIMIT clause. Unauthenticated attackers controlling 'row_count' can append a stored‐procedure call, enabling error‐based or time‐based blind SQL injection that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/browser/wpforo/tags/2.4.5/classes/Members.php#L1557
https://plugins.trac.wordpress.org/browser/wpforo/tags/2.4.9/classes/Members.php#L1557
https://wordpress.org/plugins/wpforo/#developers
https://www.wordfence.com/threat-intel/vulnerabilities/id/bc406e8a-c4eb-45c3-a53c-37644e0dabfa?source=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
6. CVE-2025-8416
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The Product Filter by WBW plugin for WordPress is vulnerable to SQL Injection via the 'filtersDataBackend' parameter in all versions up to, and including, 2.9.7. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/browser/woo-product-filter/tags/2.8.6/modules/woofilters/controller.php#L136
https://plugins.trac.wordpress.org/browser/woo-product-filter/tags/2.8.6/modules/woofilters/mod.php#L2056
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3370655%40woo-product-filter&new=3370655%40woo-product-filter&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/d1533e9a-dcb9-4fbb-a1a7-7f4dafd3a1c8?source=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
7. CVE-2025-9322
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions plugin for WordPress is vulnerable to SQL Injection via the 'wpfs-form-name' parameter in all versions up to, and including, 8.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3378785%40wp-full-stripe-free&new=3378785%40wp-full-stripe-free&sfp_email=&sfph_mail=#file6
https://www.wordfence.com/threat-intel/vulnerabilities/id/886b612a-d0d1-4880-b423-eb62410a28cd?source=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found