Overview CVE-2025-10039 is a medium-severity security vulnerability affecting the ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress. This vulnerability allows authenticated attackers with Subscriber-level access (and higher roles) to read the contents of all support tickets within the system. This is achieved through an Insecure Direct Object Reference (IDOR) in the ‘eh_crm_ticket_single_view_client’ function, due to a lack of proper validation on a user-controlled key. The vulnerability was published on 2025-11-21 and impacts versions up to and including 3.2.9 of the plugin. Technical Details The root cause of this vulnerability lies in the eh_crm_ticket_single_view_client function within the plugin’s codebase.…
-
-
Overview CVE-2025-40211 describes a use-after-free vulnerability in the ACPI video driver of the Linux kernel. This flaw, if exploited, could lead to system instability, crashes, or potentially arbitrary code execution. The vulnerability stems from the improper handling of brightness switching work queues during device removal. A fix has been implemented to address this issue, and users are strongly advised to update their kernels. Technical Details The vulnerability lies within the acpi_video_switch_brightness() function, which is triggered by a delayed work queue (switch_brightness_work). When a video device is unregistered (acpi_video_dev_unregister_backlight()), the device->brightness and device->backlight structures are freed. However, if the delayed work…
-
Overview CVE-2025-40210 describes a vulnerability in the Linux kernel’s NFSv4 (Network File System version 4) implementation. Specifically, it relates to the handling of NFSv4 COMPOUND operations. The vulnerability arises from the removal of a previous limit on the number of operations allowed within a single NFSv4 COMPOUND request. This allows an attacker to craft a malicious NFSv4 request with an excessively large operation count, leading to potential denial-of-service conditions or other unexpected behavior. Technical Details The vulnerability was introduced when a patch aimed at improving NFSv4 performance by removing the cap on the number of operations per NFSv4 COMPOUND request…
-
Overview CVE-2025-40209 identifies a memory leak vulnerability within the Btrfs file system implementation in the Linux kernel. Specifically, the issue resides in the btrfs_add_qgroup_relation function. Incorrect handling of error conditions, particularly invalid qgroup levels (src >= dst), leads to a failure to free pre-allocated memory, potentially allowing an unprivileged user to exhaust kernel memory with repeated triggering of the vulnerability. Technical Details The vulnerability stems from an early return in btrfs_add_qgroup_relation when invalid qgroup levels are detected (source level is greater than or equal to destination level). Prior to acquiring the necessary mutex or entering any error handling path that…
-
Overview A critical SQL Injection vulnerability, identified as CVE-2025-13138, has been discovered in the WP Directory Kit plugin for WordPress. This vulnerability affects all versions up to and including 1.4.3. Unauthenticated attackers can exploit this flaw to inject malicious SQL queries, potentially leading to sensitive data extraction from the database. Technical Details The vulnerability lies within the select_2_ajax() function in the Wdk_frontendajax.php file. Specifically, the columns_search parameter is not properly sanitized before being used in an SQL query. The lack of sufficient escaping on user-supplied input and inadequate preparation of the SQL query allows attackers to inject arbitrary SQL code.…
-
Overview A Stored Cross-Site Scripting (XSS) vulnerability has been discovered in the Magical Products Display plugin for WordPress, identified as CVE-2025-12964. This vulnerability affects all versions up to and including 1.1.29. Authenticated attackers with Contributor-level access or higher can exploit this flaw to inject malicious scripts into website pages. These scripts will then execute whenever a user accesses the compromised page. Technical Details The vulnerability resides within the MPD Pricing Table widget of the plugin. Specifically, the ‘mpdpr_title_tag’ and ‘mpdpr_subtitle_tag’ parameters are vulnerable. The plugin fails to properly sanitize and escape user-supplied input for HTML tag names used in the…
-
Overview A critical SQL Injection vulnerability has been identified in the Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress. Designated as CVE-2025-12750, this flaw affects all versions up to, and including, 4.2.6.1. Exploitation of this vulnerability could allow authenticated attackers with Administrator-level access or higher to extract sensitive information from your WordPress database. Immediate action is required to mitigate this risk. Technical Details The vulnerability stems from insufficient escaping of the ‘term’ parameter and inadequate preparation in the existing SQL query. Specifically, the issue resides within the plugin’s codebase where user-supplied input is not properly sanitized before being…
-
Overview A high-severity Stored Cross-Site Scripting (XSS) vulnerability has been identified in the Simple User Registration plugin for WordPress, tracked as CVE-2025-12160. This vulnerability affects all versions up to, and including, 6.6 of the plugin. Due to insufficient input sanitization and output escaping of the ‘wpr_admin_msg’ parameter, unauthenticated attackers can inject malicious JavaScript code into the WordPress database. This code will then execute whenever a user accesses a page where the ‘wpr_admin_msg’ is displayed, potentially leading to account compromise, data theft, or other malicious activities. Technical Details The vulnerability lies in the lack of proper input sanitization and output escaping…
-
Overview A stored Cross-Site Scripting (XSS) vulnerability has been identified in the WP Delete Post Copies plugin for WordPress, tracked as CVE-2025-12066. This vulnerability affects versions up to and including 6.0.2. Successful exploitation could allow attackers with administrator-level permissions to inject malicious JavaScript code into the WordPress site, potentially compromising user accounts and data. Technical Details The vulnerability exists due to insufficient input sanitization and output escaping of admin settings within the plugin. Specifically, authenticated attackers with administrator privileges (or higher) can inject arbitrary web scripts through the plugin’s settings. When a user accesses a page containing the injected script,…
-
Overview A high-severity vulnerability, identified as CVE-2025-13156, has been discovered in the Vitepos – Point of Sale (POS) for WooCommerce plugin for WordPress. This vulnerability affects all versions up to and including 3.3.0. It allows authenticated attackers with subscriber-level access (or higher) to upload arbitrary files to the affected site’s server, potentially leading to remote code execution. Technical Details The vulnerability stems from missing file type validation within the insert_media_attachment() function. Specifically, the save_update_category_img() function accepts user-supplied file types without proper validation when processing category images. This lack of validation allows an attacker to upload malicious files, such as PHP…