Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total917
Critical917
High0
Medium0
Reset
Showing 161-180 of 917 records
Threat Entry Updated 2025-12-01

CVE-2025-13539 - Findall Membership Plugin

The FindAll Membership plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.4. This is due to the plugin not properly logging in a user with the data that was previously verified through the 'findall_membership_check_facebook_user' and the 'findall_membership_check_google_user' functions. This makes it possible for unauthenticated attackers to log in as administrative users, as long as they have an existing account on the site which can easily be created by default through the temp user functionality, and access to the administrative user's email.

PLUGIN Findall Membership

CVE-2025-13539

CRITICAL CVSS 9.8 2025-11-27
Open Full Technical Breakdown
Threat Entry Updated 2025-12-01

CVE-2025-13538 - Findall Listing Plugin

The FindAll Listing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.5. This is due to the 'findall_listing_user_registration_additional_params' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site. Note: The vulnerability can only be exploited if the FindAll Membership plugin is also activated, because user registration is in that plugin.

PLUGIN Findall Listing

CVE-2025-13538

CRITICAL CVSS 9.8 2025-11-27
Open Full Technical Breakdown
Threat Entry Updated 2025-12-01

CVE-2025-13597 - Ai Feeds Plugin

The AI Feeds plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check in the 'actualizador_git.php' file in all versions up to, and including, 1.0.11. This makes it possible for unauthenticated attackers to download arbitrary GitHub repositories and overwrite plugin files on the affected site's server which may make remote code execution possible.

PLUGIN Ai Feeds

CVE-2025-13597

CRITICAL CVSS 9.8 2025-11-25
Open Full Technical Breakdown
Threat Entry Updated 2025-12-01

CVE-2025-13595 - Cibeles Ai Plugin

The CIBELES AI plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check in the 'actualizador_git.php' file in all versions up to, and including, 1.10.8. This makes it possible for unauthenticated attackers to download arbitrary GitHub repositories and overwrite plugin files on the affected site's server which may make remote code execution possible.

PLUGIN Cibeles Ai

CVE-2025-13595

CRITICAL CVSS 9.8 2025-11-25
Open Full Technical Breakdown
Threat Entry Updated 2025-11-25

CVE-2025-13559 - Edukart Pro Plugin

The EduKart Pro plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. This is due to the 'edukart_pro_register_user_front_end' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site.

PLUGIN Edukart Pro

CVE-2025-13559

CRITICAL CVSS 9.8 2025-11-25
Open Full Technical Breakdown
Threat Entry Updated 2025-11-25

CVE-2025-6389 - Sneeit Framework Plugin

The Sneeit Framework plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 8.3 via the sneeit_articles_pagination_callback() function. This is due to the function accepting user input and then passing that through call_user_func(). This makes it possible for unauthenticated attackers to execute code on the server which can be leveraged to inject backdoors or, for example, create new administrative user accounts.

PLUGIN Sneeit Framework

CVE-2025-6389

CRITICAL CVSS 9.8 2025-11-25
Open Full Technical Breakdown
Threat Entry Updated 2025-11-21

CVE-2025-11127 - Mstoreapp Mobile App Plugin

The Mstoreapp Mobile App WordPress plugin through 2.08 and Mstoreapp Mobile Multivendor through 9.0.1 do not properly verify users identify when using an AJAX action, allowing unauthenticated users to retrieve a valid session for arbitrary users by knowing their email address.

PLUGIN Mstoreapp Mobile App

CVE-2025-11127

CRITICAL CVSS 9.8 2025-11-21
Open Full Technical Breakdown
Threat Entry Updated 2025-11-26

CVE-2025-11456 - Wsdesk Plugin

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the eh_crm_new_ticket_post() function in all versions up to, and including, 3.3.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

PLUGIN Wsdesk

CVE-2025-11456

CRITICAL CVSS 9.8 2025-11-21
Open Full Technical Breakdown
Threat Entry Updated 2026-01-09

CVE-2025-12057 - Before 3 Plugin

The WavePlayer WordPress plugin before 3.8.0 does not have authorization in an AJAX action as well as does not validate the file to be copied locally, allowing unauthenticated users to upload arbitrary file on the server and lead to RCE

PLUGIN Before 3

CVE-2025-12057

CRITICAL CVSS 9.8 2025-11-19
Open Full Technical Breakdown
Threat Entry Updated 2025-11-18

CVE-2025-9501 - W3 Total Cache Plugin

The W3 Total Cache WordPress plugin before 2.8.13 is vulnerable to command injection via the _parse_dynamic_mfunc function, allowing unauthenticated users to execute PHP commands by submitting a comment with a malicious payload to a post.

PLUGIN W3 Total Cache

CVE-2025-9501

CRITICAL CVSS 9.0 2025-11-17
Open Full Technical Breakdown
Threat Entry Updated 2025-11-12

CVE-2025-12539 - Web Performance Plugin

The TNC Toolbox: Web Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.2. This is due to the plugin storing cPanel API credentials (hostname, username, and API key) in files within the web-accessible wp-content directory without adequate protection in the "Tnc_Wp_Toolbox_Settings::save_settings" function. This makes it possible for unauthenticated attackers to retrieve these credentials and use them to interact with the cPanel API, which can lead to arbitrary file uploads, remote code execution, and full compromise of the hosting environment.

PLUGIN Web Performance

CVE-2025-12539

CRITICAL CVSS 10.0 2025-11-11
Open Full Technical Breakdown
Threat Entry Updated 2025-11-12

CVE-2025-12813 - Holiday Class Post Calendar Plugin

The Holiday class post calendar plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7.1 via the 'contents' parameter. This is due to a lack of sanitization of user-supplied data when creating a cache file. This makes it possible for unauthenticated attackers to execute code on the server.

PLUGIN Holiday Class Post Calendar

CVE-2025-12813

CRITICAL CVSS 9.8 2025-11-11
Open Full Technical Breakdown
Threat Entry Updated 2025-11-12

CVE-2025-11457 - Easycommerce Plugin

The EasyCommerce – AI-Powered, Fast & Beautiful WordPress Ecommerce Plugin plugin for WordPress is vulnerable to Privilege Escalation in versions 0.9.0-beta2 to 1.5.0. This is due to the /easycommerce/v1/orders REST API endpoint not properly restricting the ability for users to select roles during registration. This makes it possible for unauthenticated attackers to gain administrator-level access to a vulnerable site.

PLUGIN Easycommerce

CVE-2025-11457

CRITICAL CVSS 9.8 2025-11-11
Open Full Technical Breakdown
Threat Entry Updated 2025-11-12

CVE-2025-11170 - Cpi Wp Migration Plugin

The WP移行専用プラグイン for CPI plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the Cpiwm_Import_Controller::import function in all versions up to, and including, 1.0.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

PLUGIN Cpi Wp Migration

CVE-2025-11170

CRITICAL CVSS 9.8 2025-11-11
Open Full Technical Breakdown
Threat Entry Updated 2025-11-12

CVE-2025-12352 - Gravity Forms Plugin

The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the copy_post_image() function in all versions up to, and including, 2.9.20. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. This only impacts sites that have allow_url_fopen set to `On`, the post creation form enabled along with a file upload field for the post

PLUGIN Gravity Forms

CVE-2025-12352

CRITICAL CVSS 9.8 2025-11-07
Open Full Technical Breakdown
Threat Entry Updated 2026-01-20

CVE-2025-48089 - WordPress Core

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rainbow-Themes Education WordPress Theme | HiStudy histudy allows SQL Injection.This issue affects Education WordPress Theme | HiStudy: from n/a through < 3.1.0.

CORE WordPress Core

CVE-2025-48089

CRITICAL CVSS 9.8 2025-11-06
Open Full Technical Breakdown
Threat Entry Updated 2025-11-06

CVE-2025-12674 - Kiotvietsync Plugin

The KiotViet Sync plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the create_media() function in all versions up to, and including, 1.8.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

PLUGIN Kiotvietsync

CVE-2025-12674

CRITICAL CVSS 9.8 2025-11-05
Open Full Technical Breakdown
Threat Entry Updated 2025-11-06

CVE-2025-11749 - Ai Engine Plugin

The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.3 via the /mcp/v1/ REST API endpoint that exposes the 'Bearer Token' value when 'No-Auth URL' is enabled. This makes it possible for unauthenticated attackers to extract the bearer token, which can be used to gain access to a valid session and perform many actions like creating a new administrator account, leading to privilege escalation.

PLUGIN Ai Engine

CVE-2025-11749

CRITICAL CVSS 9.8 2025-11-05
Open Full Technical Breakdown
Threat Entry Updated 2025-11-04

CVE-2025-12682 - Easy Upload Files During Checkout Plugin

The Easy Upload Files During Checkout plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing file type validation in the 'file_during_checkout' function in all versions up to, and including, 2.9.8. This makes it possible for unauthenticated attackers to upload arbitrary JavaScript files on the affected site's server which may make remote code execution possible.

PLUGIN Easy Upload Files During Checkout

CVE-2025-12682

CRITICAL CVSS 9.8 2025-11-04
Open Full Technical Breakdown
Threat Entry Updated 2025-11-26

CVE-2025-12493 - Shoplentor Plugin

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.2.5 via the 'load_template' function. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php file types can be uploaded…

PLUGIN Shoplentor

CVE-2025-12493

CRITICAL CVSS 9.8 2025-11-04
Open Full Technical Breakdown
Scroll to top