VulDB Recent Entries

A vulnerability was found in Colibri Page Builder Plugin up to 1.0.335 on WordPress and classified as problematic. Affected by this vulnerability is the function colibri_loop. The manipulation results in cross site scripting. This vulnerability is known as CVE-2025-11376. It is possible to launch the attack remotely. No exploit is available.

A vulnerability has been found in Emplibot Plugin up to 1.0.9 on WordPress and classified as critical. Affected is the function emplibot_call_webhook_with_error. The manipulation leads to server-side request forgery. This vulnerability is traded as CVE-2025-11970. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in YITH WooCommerce Quick View Plugin up to 2.7.0 on WordPress. This impacts the function yith_quick_view of the component Shortcode Handler. Executing manipulation can lead to cross site scripting. This vulnerability appears as CVE-2025-8617. The attack may be performed from remote. There is no available exploit.

A vulnerability, which was classified as critical, has been found in URL Shortener Plugin Plugin up to 3.0.7 on WordPress. This affects an unknown function. Performing manipulation of the argument analytic_id results in sql injection. This vulnerability is reported as CVE-2025-10738. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability classified as problematic was found in myCred Plugin up to 2.9.7 on WordPress. The impacted element is the function cashcred_pay_now. Such manipulation leads to missing authorization. This vulnerability is documented as CVE-2025-12362. The attack can be executed remotely. There is not any exploit available.

A vulnerability classified as problematic has been found in Devs CRM Plugin up to 1.1.8 on WordPress. The affected element is an unknown function of the file /wp-json/devs-crm/v1/bulk-update of the component API Endpoint. This manipulation causes missing authorization. This vulnerability is registered as CVE-2025-13093. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability, which was classified as problematic, has been found in SolarEdge Monitoring platform. Affected is an unknown function. Performing manipulation results in cross site scripting. This vulnerability is known as CVE-2025-36746. Remote exploitation of the attack is possible. No exploit is available. This product is a managed service. This means that users cannot maintain vulnerability countermeasures themselves.

A vulnerability classified as critical was found in SolarEdge SE3680H up to 4.21. This impacts an unknown function of the component Debug Interface. Such manipulation leads to improper authentication. This vulnerability is traded as CVE-2025-36743. The attack can be executed directly on the physical device. There is no exploit available. Upgrading the affected component is advised.

A vulnerability classified as problematic has been found in SolarEdge SE3680H up to 4.21. This affects an unknown function. This manipulation causes debug messages revealing unnecessary information. This vulnerability appears as CVE-2025-36744. It is feasible to perform the attack on the physical device. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in SolarEdge SE3680H up to 4.21. The impacted element is an unknown function of the component Linux Kernel. The manipulation results in use of unmaintained third party components. This vulnerability is reported as CVE-2025-36745. An attack on the physical device is feasible. No exploit exists. Upgrading the affected component is recommended.

A vulnerability marked as problematic has been reported in Apache StreamPark up to 2.1.6. The affected element is an unknown function. The manipulation leads to risky cryptographic algorithm. This vulnerability is documented as CVE-2025-54981. The attack can be initiated remotely. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability labeled as problematic has been found in Apache StreamPark up to 2.1.6. Impacted is an unknown function. Executing manipulation can lead to use of hard-coded cryptographic key . This vulnerability is registered as CVE-2025-54947. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.

A vulnerability identified as critical has been detected in HAPPY Plugin up to 1.0.9 on WordPress. This issue affects the function submit_form_reply of the component Support Ticket Handler. Performing manipulation of the argument happy_topic_id results in missing authorization. This vulnerability is cataloged as CVE-2025-14581. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability categorized as problematic has been discovered in Custom Post Type UI Plugin up to 1.18.1 on WordPress. This vulnerability affects unknown code of the component Import Handler. Such manipulation of the argument label leads to cross site scripting. This vulnerability is listed as CVE-2025-14056. The attack may be performed from remote. There is no available exploit.

A vulnerability was found in GenerateBlocks Plugin up to 2.1.2 on WordPress. It has been rated as problematic. This affects the function get_user_meta_rest of the file generateblocks/v1/meta/. This manipulation of the argument names/email/phone/address causes information disclosure. This vulnerability is tracked as CVE-2025-12512. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability was found in Employee Spotlight Plugin up to 5.1.3 on WordPress. It has been declared as problematic. Affected by this issue is the function employee_spotlight_check_optin. The manipulation results in missing authorization. This vulnerability is identified as CVE-2025-13403. The attack can be executed remotely. There is not any exploit available.

A vulnerability was found in Ays Image Slider Plugin up to 2.7.0 on WordPress. It has been classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is referenced as CVE-2025-14454. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability was found in Solution Plugin up to 3.1.0 on WordPress and classified as critical. Affected is an unknown function. Executing manipulation of the argument filterText can lead to sql injection. The identification of this vulnerability is CVE-2025-14477. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in HT Plugins HT Slider for Elementor Plugin up to 1.7.4 on WordPress and classified as problematic. This impacts an unknown function. Performing manipulation of the argument slide_title results in cross site scripting. This vulnerability was named CVE-2025-14278. The attack may be initiated remotely. There is no available exploit.

A vulnerability, which was classified as critical, was found in Design Import Export Plugin up to 2.2 on WordPress. This affects an unknown function of the component XML File Import. Such manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2025-14050. The attack can be launched remotely. No exploit exists.