Aggregator

In its 2025 Global Third-Party Breach Report, SecurityScorecard has found that 35.5% of all cyber breaches in 2024 were third-party related, up from 29% in 2023

A vulnerability was found in Exim up to 4.98.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to use after free. This vulnerability is known as CVE-2025-30232. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Driving Directions Plugin up to 1.4.4 on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-28903. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Omnify Plugin up to 2.0.3 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-28882. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Fiverr Official Search Box Plugin up to 1.0.8 on WordPress. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-28885. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in gravity2pdf Gravity 2 PDF Plugin up to 3.1.3 on WordPress and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-28911. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Lightview Plus Plugin up to 3.1.3 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-28890. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Blue Captcha Plugin up to 1.7.4 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-28880. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as problematic was found in WP Event Ticketing Plugin up to 1.3.4 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-28899. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Key4ce osTicket Bridge Plugin up to 1.4.0 on WordPress. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-28877. The attack may be initiated remotely. There is no exploit available.

Dark Storm Team Targeted the Website of Glassdoor

A vulnerability was found in NextGEN Gallery Voting Plugin up to 2.7.6 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-28869. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Custom Product Stickers for Woocommerce Plugin up to 1.9.0 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-28889. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in origincode Product Catalog Plugin up to 1.0.4 on WordPress and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to sql injection. This vulnerability is handled as CVE-2025-30524. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in WP Multistore Locator Plugin up to 2.5.2 on WordPress and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. This vulnerability is known as CVE-2025-28898. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Shuffle Plugin up to 0.5 on WordPress. Affected is an unknown function. The manipulation leads to sql injection. This vulnerability is traded as CVE-2025-28873. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Visual Text Editor Plugin up to 1.2.1 on WordPress. This issue affects some unknown processing. The manipulation leads to code injection. The identification of this vulnerability is CVE-2025-28893. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as critical was found in CrushFTP up to 10.8.3/11.3.0. This vulnerability affects unknown code of the component HTTP Request Handler. The manipulation leads to improper authentication. This vulnerability was named CVE-2025-2825. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Trust Payments Gateway for WooCommerce Plugin up to 1.1.4 on WordPress. This affects an unknown part. The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2025-28942. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Build Plugin up to 1.0.3 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-26869. The attack may be launched remotely. There is no exploit available.