Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.1 CVE-2025-54710

WordPress Tiktok Feed Plugin <= 1.0.21 - Broken Access Control Vulnerability_CVE-2025-54710

Missing Authorization vulnerability in bPlugins Tiktok Feed allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Tik...

bPlugins Tiktok Feed n/a CVE
HIGH 7.1 CVE-2025-54714

WordPress Zephyr Project Manager Plugin <= 3.3.201 - Broken Access Control Vulnerability_CVE-2025-54714

Missing Authorization vulnerability in Dylan James Zephyr Project Manager allows Exploiting Incorrectly Configured Access Control Security Levels. ...

Dylan James Zephyr Project Manager n/a CVE
HIGH 8.1 CVE-2025-54716

WordPress Ireca Theme <= 1.8.5 - Local File Inclusion Vulnerability_CVE-2025-54716

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme Ireca allows PHP ...

ovatheme Ireca n/a CVE
HIGH 7.1 CVE-2025-54724

WordPress Golo Theme <= 1.7.1 - Cross Site Scripting (XSS) Vulnerability_CVE-2025-54724

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxper Golo allows Reflected XSS. This issue a...

uxper Golo n/a CVE
HIGH 8.1 CVE-2025-54731

WordPress YouTube Showcase Plugin <= 3.5.1 - PHP Object Injection Vulnerability_CVE-2025-54731

Improper Control of Generation of Code ('Code Injection') vulnerability in emarket-design YouTube Showcase allows Object Injection. This issue affe...

emarket-design YouTube Showcase n/a CVE
HIGH 8.8 CVE-2025-54742

WordPress WpEvently Plugin <= 4.4.8 - PHP Object Injection Vulnerability_CVE-2025-54742

Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently allows Object Injection. This issue affects WpEvently: from n/a through...

magepeopleteam WpEvently n/a CVE
HIGH 8.7 CVE-2025-46409

CVE-2025-46409_CVE-2025-46409

Inadequate encryption strength issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier). If this vulnerability is exploite...

DOS Co., Ltd. SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) CVE
HIGH 7.3 CVE-2025-53396

CVE-2025-53396_CVE-2025-53396

Incorrect permission assignment for critical resource issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier), which may ...

DOS Co., Ltd. SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) (Affected under MacOS environment only) CVE
HIGH 7.1 CVE-2025-54819

CVE-2025-54819_CVE-2025-54819

Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a...

DOS Co., Ltd. SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) CVE
HIGH 8.7 CVE-2025-58072

CVE-2025-58072_CVE-2025-58072

Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a...

DOS Co., Ltd. SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) (Affected under MacOS environment only) CVE