Vuldb Updates

A vulnerability, which was classified as problematic, has been found in Booking X Plugin up to 1.1.2 on WordPress. Affected by this issue is the function export_now of the component HTTP POST Request Handler. The manipulation leads to missing authorization. This vulnerability is handled as CVE-2025-6814. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in GoZen Forms Plugin up to 1.1.5 on WordPress and classified as critical. This vulnerability affects the function emdedSc. The manipulation of the argument ID leads to sql injection. This vulnerability was named CVE-2025-6783. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in GoZen Forms Plugin up to 1.1.5 on WordPress and classified as critical. This issue affects the function dirGZActiveForm. The manipulation of the argument forms-id leads to sql injection. The identification of this vulnerability is CVE-2025-6782. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Smart Docs Plugin up to 1.1.0 on WordPress. This affects the function smartdocs_search of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-6787. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as problematic was found in Portfolio for Elementor & Image Gallery Plugin up to 3.2.0/3.2.1 on WordPress. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-7046. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Cockpit up to 2.11.3. It has been rated as problematic. This issue affects some unknown processing of the file /system/users/save. The manipulation of the argument name/email leads to cross site scripting. The identification of this vulnerability is CVE-2025-7053. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component. The vendor was contacted early about this disclosure and acted very professional. A patch and new release was made available very quickly.

A vulnerability classified as critical was found in WP Human Resource Management Plugin up to 2.2.17 on WordPress. Affected by this vulnerability is the function ajax_insert_employee of the component AJAX Handler. The manipulation of the argument role leads to missing authorization. This vulnerability is known as CVE-2025-5953. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in WP Firebase Push Notification Plugin up to 1.2.0 on WordPress. This issue affects the function wfpn_brodcast_notification_message. The manipulation leads to cross-site request forgery. The identification of this vulnerability is CVE-2025-5924. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in ProcessingJS Plugin up to 1.2.2 on WordPress. Affected is the function pjs4wp. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-6039. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in WP Shortcodes Plugin Plugin up to 7.4.0 on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation of the argument data-url leads to cross site scripting. This vulnerability is traded as CVE-2025-5567. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in e4jvikwp VikRentCar Car Rental Management System Plugin up to 1.4.3 on WordPress. This affects the function do_updatecar. The manipulation leads to unrestricted upload. This vulnerability is uniquely identified as CVE-2025-5322. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in MintyDocs Extension up to 1.39.x/1.42.x/1.43.1 on Mediawiki. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-53493. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in MintyDocs Extension up to 1.39.x/1.42.x/1.43.1 on Mediawiki. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-53492. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Microsoft Windows and classified as critical. This vulnerability affects unknown code of the component SMB Client. The manipulation leads to improper access controls. This vulnerability was named CVE-2025-33073. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Brother Industries/FUJIFILM Business Innovation/RICOH/Toshiba Tec Printer and classified as problematic. Affected by this issue is some unknown functionality of the file /etc/mnt_info.csv of the component HTTP Service/IPP Service. The manipulation leads to file and directory information exposure. This vulnerability is handled as CVE-2024-51977. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in D-Link DIR-859 1.06B01. It has been rated as critical. Affected by this issue is some unknown functionality of the file /hedwig.cgi of the component HTTP POST Request Handler. The manipulation of the argument service with the input ../../../../htdocs/webinc/getcfg/DHCPS6.BRIDGE-1.xml leads to path traversal. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is handled as CVE-2024-0769. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to disable the affected component. Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.

A vulnerability was found in ABB RMC-100 and RMC-100 LITE. It has been rated as critical. Affected by this issue is some unknown functionality of the component REST Interface. The manipulation leads to stack-based buffer overflow. This vulnerability is handled as CVE-2025-6072. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in ABB RMC-100 and RMC-100 LITE. This affects an unknown part of the component REST Interface. The manipulation leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2025-6073. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in ABB RMC-100 and RMC-100 LITE. This issue affects some unknown processing of the component MQTT Handler. The manipulation leads to use of hard-coded cryptographic key . The identification of this vulnerability is CVE-2025-6071. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in Bolt CMS up to 3.7.0 and classified as critical. This vulnerability affects unknown code of the file /async/browse/cache/.sessions. The manipulation of the argument displayname leads to code injection. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability was named CVE-2025-34086. The attack can be initiated remotely. There is no exploit available.