VulDB Recent Entries

A vulnerability, which was classified as problematic, has been found in WC Builder Plugin up to 1.2.0 on WordPress. The affected element is the function wpbforwpbakery_product_additional_information. Performing manipulation of the argument heading_color results in cross site scripting. This vulnerability is known as CVE-2025-14054. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability classified as problematic was found in Product Table for WooCommerce Plugin up to 5.0.8 on WordPress. Impacted is an unknown function. Such manipulation of the argument search_key leads to cross site scripting. This vulnerability is traded as CVE-2025-12398. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Post Grid Gutenberg Blocks for News, Magazines, Blog Websites Plugin up to 5.0.3 on WordPress. This issue affects the function get_dynamic_content of the file /ultp/v2/get_dynamic_content/ of the component REST API Endpoint. This manipulation causes missing authorization. This vulnerability appears as CVE-2025-12980. The attack may be initiated remotely. There is no available exploit.

A vulnerability described as critical has been identified in Migration, Backup, Staging Plugin up to 0.9.120 on WordPress. This vulnerability affects the function check_filesystem_permissions of the component Directory Creation Handler. The manipulation results in file inclusion. This vulnerability is reported as CVE-2025-12654. The attack can be launched remotely. No exploit exists.

A vulnerability marked as critical has been reported in Tainacan Plugin up to 1.0.1 on WordPress. This affects the function create_item_permissions_check. The manipulation leads to missing authorization. This vulnerability is documented as CVE-2025-14043. The attack can be initiated remotely. There is not any exploit available.

A vulnerability labeled as problematic has been found in Frontend Post Submission Manager Lite Plugin up to 1.2.5 on WordPress. Affected by this issue is the function fpsml_form_process. Executing manipulation of the argument post_id can lead to missing authorization. This vulnerability is registered as CVE-2025-14080. It is possible to launch the attack remotely. No exploit is available.

A vulnerability identified as critical has been detected in Live Composer Plugin up to 2.0.2 on WordPress. Affected by this vulnerability is the function dslc_module_posts_output of the component Shortcode Handler. Performing manipulation results in deserialization. This vulnerability is cataloged as CVE-2025-14071. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability categorized as critical has been discovered in Tenda FH1201 1.2.0.14(408). Affected is the function sprintf of the file /goform/SetIpBind. Such manipulation of the argument page leads to stack-based buffer overflow. This vulnerability is listed as CVE-2025-14995. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability was found in Tenda FH1201 and FH1206 1.2.0.14(408)/1.2.0.8(8155). It has been rated as critical. This impacts the function strcat of the file /goform/webtypelibrary of the component HTTP Request Handler. This manipulation of the argument webSiteId causes stack-based buffer overflow. This vulnerability is tracked as CVE-2025-14994. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability was found in Tenda AC18 15.03.05.05. It has been declared as critical. This affects the function sprintf of the file /goform/SetDlnaCfg of the component HTTP Request Handler. The manipulation of the argument scanList results in stack-based buffer overflow. This vulnerability is identified as CVE-2025-14993. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability was found in Tenda AC18 15.03.05.05. It has been classified as critical. The impacted element is the function strcpy of the file /goform/GetParentControlInfo of the component HTTP Request Handler. The manipulation of the argument mac leads to stack-based buffer overflow. This vulnerability is referenced as CVE-2025-14992. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability was found in Campcodes Complete Online Beauty Parlor Management System 1.0 and classified as problematic. The affected element is an unknown function of the file /admin/bwdates-reports-details.php. Executing manipulation of the argument fromdate can lead to cross site scripting. The identification of this vulnerability is CVE-2025-14991. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability has been found in Campcodes Complete Online Beauty Parlor Management System 1.0 and classified as critical. Impacted is an unknown function of the file /admin/view-appointment.php. Performing manipulation of the argument viewid results in sql injection. This vulnerability was named CVE-2025-14990. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability, which was classified as critical, was found in Campcodes Complete Online Beauty Parlor Management System 1.0. This issue affects some unknown processing of the file /admin/search-invoices.php. Such manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2025-14989. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability, which was classified as problematic, has been found in WP JobHunt Plugin up to 7.7 on WordPress. This vulnerability affects the function cs_update_application_status_callback. This manipulation of the argument Status causes cross site scripting. This vulnerability is handled as CVE-2025-7782. The attack can be initiated remotely. There is not any exploit available.

A vulnerability classified as problematic was found in WP JobHunt Plugin up to 7.7 on WordPress. This affects the function cs_update_application_status_callback. The manipulation results in improper control of resource identifiers. This vulnerability is known as CVE-2025-7733. It is possible to launch the attack remotely. No exploit is available.

A vulnerability classified as problematic has been found in Pure WC Variation Swatches Plugin up to 1.1.7 on WordPress. Affected by this issue is some unknown functionality of the component Setting Handler. The manipulation leads to missing authorization. This vulnerability is traded as CVE-2025-12820. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability described as critical has been identified in TP-Link Tapo C200 V3. Affected by this vulnerability is an unknown functionality of the component ONVIF XML Parser. Executing manipulation can lead to buffer overflow. This vulnerability appears as CVE-2025-8065. The attacker needs to be present on the local network. There is no available exploit.

A vulnerability marked as critical has been reported in TP-Link Tapo C200 V3. Affected is an unknown function of the component connectAP interface. Performing manipulation results in missing authentication. This vulnerability is reported as CVE-2025-14300. The attacker must have access to the local network to execute the attack. No exploit exists.

A vulnerability labeled as critical has been found in TP-Link Tapo C200 V3. This impacts an unknown function of the component HTTP Header Handler. Such manipulation of the argument Content-Length leads to allocation of resources. This vulnerability is documented as CVE-2025-14299. The attack requires being on the local network. There is not any exploit available.