Common Vulnerabilities and Exposures (CVE)

CVE-2025-20768

Dec 3, 2025 04:55:28 UTC

In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitati...

CVE-2025-20769

Dec 3, 2025 04:55:27 UTC

In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitat...

CVE-2025-20770

Dec 3, 2025 04:55:24 UTC

In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch...

CVE-2025-20771

Dec 3, 2025 04:55:23 UTC

In display, there is a possible escalation of privilege due to improper input validation. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for ex...

CVE-2025-20772

Dec 3, 2025 04:55:22 UTC

In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch...

CVE-2025-20773

Dec 3, 2025 04:55:21 UTC

In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch...

CVE-2025-20774

Dec 3, 2025 04:55:20 UTC

In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitat...

CVE-2025-20775

Dec 3, 2025 04:55:17 UTC

In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch...

CVE-2025-20776

Dec 3, 2025 04:55:16 UTC

In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitati...

CVE-2025-20777

Dec 3, 2025 04:55:15 UTC

In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitat...

CVE-2025-10304

Dec 3, 2025 03:27:15 UTC

The Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the process_status_unlink() function in all versions up to, and ...

CVE-2025-12585

Dec 3, 2025 03:27:14 UTC

The MxChat – AI Chatbot for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.5 via upload filenames. This makes it possible for unauthenticated attackers to extract ses...

CVE-2025-13495

Dec 3, 2025 03:27:13 UTC

The FluentCart plugin for WordPress is vulnerable to SQL Injection via the 'groupKey' parameter in all versions up to, and including, 1.3.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparat...

CVE-2025-13646

Dec 3, 2025 02:25:30 UTC

The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ajax_unzip_file' function in versions 2.13.1 to 2.13.2. This makes it possible for authenticated attackers, wi...

CVE-2025-13448

Dec 3, 2025 02:25:29 UTC

The CSSIgniter Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'element' shortcode attribute in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This m...