Security advisories

  • CVE-2025-5083 (5.5) / Wordfence - Amministrazione Trasparente <= 9.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via print_r Function
  • CVE-2025-5082 (6.1) / Wordfence - WP Attachments <= 5.0.12 - Reflected Cross-Site Scripting via attachment_id Parameter
  • CVE-2025-4857 (7.2) / Wordfence - Newsletters <= 4.9.9.9 - Authenticated (Administrator+) Local File Inclusion
  • CVE-2025-4208 (6.3) / Wordfence - NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.9.1 - Authenticated (Custom) Limited Code Execution via get_table_records Function
  • CVE-2025-3468 (6.4) / Wordfence - NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.9.1 - Authenticated (Custom) Stored Cross-Site Scripting
  • CVE-2025-2009 (7.2) / Wordfence - Newsletters <= 4.9.9.7 - Unauthenticated Stored Cross-Site Scripting
  • CVE-2025-1507 (5.3) / Wordfence - ShareThis Dashboard for Google Analytics <= 3.2.1 - Missing Authorization to Unauthenticated Feature Deactivation
  • CVE-2024-6336 (6.9) - GitHub Enterprise Server - Security misconfiguration was identified in GitHub Enterprise Server that allowed sensitive data exposure
  • CVE-2023-39364 (3.5) / GHSA-4pjv-rmrp-r59x - Cacti 1.2.24 - Open redirect in change password functionality
  • CVE-2023-39362 (7.2) / GHSA-g6ff-58cj-x3cp - Cacti 1.2.24 - Authenticated command injection when using SNMP options

Exploits

  • [Python] - CVE-2024-10924 - Really Simple Security (Free, Pro, and Pro Multisite) 9.0.0 - 9.1.1.1 - Authentication Bypass
  • [Python] - CVE-2024-9926 - Jetpack < 13.9.1 - Subscriber+ Arbitrary Feedback Access
  • [text] - CVE-2023-39362 - Cacti 1.2.24 - Authenticated command injection when using SNMP options
  • [Python] - CVE-2022-2884 - GitLab v15.3 - Remote Code Execution (RCE) (Authenticated)
  • [Java] - CVE-2017-8046 - Spring Data REST < 2.6.9 (Ingalls SR9) / 3.0.1 (Kay SR1) - PATCH Request Remote Code Execution
  • [Java] - CVE-2017-5638 - Apache Struts 2.3.5 < 2.3.31 / 2.5 < 2.5.10 - Remote Code Execution