Overview CVE-2025-12814 is a medium severity vulnerability affecting the SiteSEO – SEO Simplified plugin for WordPress. Specifically, it allows authenticated attackers with limited permissions (access to at least one SiteSEO setting capability) to reset the plugin’s settings to their default configuration. This is due to an insufficient capability check in the siteseo_reset_settings function. This vulnerability impacts all versions of the SiteSEO plugin up to, and including, version 1.3.2. Technical Details The vulnerability resides in the ajax.php file within the SiteSEO plugin. The siteseo_reset_settings function, intended to reset the plugin’s configuration, lacks proper authorization checks. Specifically, it doesn’t verify if the…

Overview CVE-2025-12751 is a medium-severity vulnerability affecting the WSChat – WordPress Live Chat plugin for WordPress. This vulnerability allows authenticated attackers, including those with Subscriber-level access or higher, to reset the plugin’s settings without the necessary permissions. The vulnerability exists in versions up to and including 3.1.6 of the plugin. Technical Details The vulnerability stems from a missing capability check on the reset_settings AJAX endpoint within the WSChat plugin. Specifically, the code lacks proper validation to ensure that the user initiating the reset has the appropriate authorization to do so. As a result, any authenticated user, even with minimal privileges…

Overview A stored Cross-Site Scripting (XSS) vulnerability, identified as CVE-2025-12710, has been discovered in the Pet-Manager – Petfinder plugin for WordPress. This vulnerability affects all versions up to and including 3.6.1. Authenticated attackers with Contributor-level access or higher can exploit this flaw to inject malicious JavaScript code into pages. This code will then execute whenever other users access those compromised pages. Technical Details The vulnerability stems from insufficient input sanitization and output escaping within the kwm-petfinder shortcode. User-supplied attributes to this shortcode are not properly validated, allowing attackers to inject arbitrary web scripts. The vulnerable code is specifically located within…

Overview A critical SQL Injection vulnerability, identified as CVE-2025-12646, has been discovered in the Community Events plugin for WordPress. This flaw affects all versions up to and including 1.5.4. Unauthenticated attackers can exploit this vulnerability to inject malicious SQL code, potentially leading to sensitive data extraction from the WordPress database. Technical Details The vulnerability stems from insufficient escaping of the 'dayofyear' parameter. User-supplied input for this parameter is not properly sanitized, and the existing SQL query lacks sufficient preparation. This allows attackers to append arbitrary SQL queries to the original query. By crafting malicious input for the dayofyear parameter, an…

Overview CVE-2025-12359 is a Server-Side Request Forgery (SSRF) vulnerability affecting the Responsive Lightbox & Gallery plugin for WordPress, specifically versions up to and including 2.5.3. This flaw allows authenticated attackers with Author-level access or higher to force the WordPress server to make requests to arbitrary internal or external locations. Due to insufficient validation of user-supplied URLs used to determine image dimensions, attackers can exploit the ‘get_image_size_by_url’ function. This can lead to information disclosure and potential modification of internal resources. Technical Details The vulnerability resides in how the ‘get_image_size_by_url’ function (used by the plugin when processing image URLs for gallery items)…

Overview CVE-2025-12174 identifies a medium-severity vulnerability in the Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings for WordPress. Specifically, versions up to and including 8.5.2 are affected by a missing capability check on two AJAX actions: directorist_prepare_listings_export_file and directorist_type_slug_change. This flaw allows authenticated attackers with Subscriber-level access (or higher) to export listing details and modify the Directorist slug, leading to potential data exposure and site manipulation. Technical Details The vulnerability stems from the lack of proper authorization checks within the AJAX handler functions associated with the directorist_prepare_listings_export_file and directorist_type_slug_change actions. WordPress plugins should verify that the user initiating an…

Overview CVE-2025-12057 identifies a critical security vulnerability affecting versions of the WavePlayer WordPress plugin prior to 3.8.0. This vulnerability allows unauthenticated users to upload arbitrary files to the server, potentially leading to Remote Code Execution (RCE). The issue stems from a lack of authorization checks in an AJAX action and insufficient validation of the file being copied locally. Technical Details The WavePlayer plugin, before version 3.8.0, fails to properly implement authorization controls for a specific AJAX action. This means that an attacker can trigger this AJAX action without needing to authenticate as a WordPress user (e.g., administrator, editor, etc.). Furthermore,…

Overview CVE-2025-12426 is a medium severity vulnerability affecting the Quiz Maker plugin for WordPress, versions up to and including 6.7.0.80. This vulnerability allows unauthenticated attackers to retrieve sensitive information, specifically quiz answers, without proper authorization. The flaw stems from the exposure of quiz answers through the `ays_quiz_check_answer` AJAX action without adequate security checks. Technical Details The vulnerability resides in the plugin’s handling of AJAX requests for checking quiz answers. The `ays_quiz_check_answer` AJAX action is protected by a nonce, which is intended to prevent Cross-Site Request Forgery (CSRF) attacks. However, this nonce is publicly available to all website visitors through the…

Overview CVE-2025-12349 describes an authorization vulnerability affecting the Icegram Express – Email Subscribers, Newsletters and Marketing Automation Plugin for WordPress. Specifically, versions up to and including 5.9.10 are susceptible. This flaw allows unauthenticated attackers to trigger immediate email sending, bypassing scheduled delivery and potentially overwhelming the server with a flood of emails, leading to Denial of Service (DoS) conditions. Technical Details The vulnerability resides in the trigger_mailing_queue_sending function within the plugin. The core issue is the lack of proper authorization checks before executing this function. This means an attacker can directly call this function without needing to authenticate as a…

Overview CVE-2025-6251 details a stored Cross-Site Scripting (XSS) vulnerability discovered in the Royal Elementor Addons and Templates plugin for WordPress. This vulnerability affects all versions up to and including 1.7.1036. An attacker with Contributor-level access or higher can inject malicious JavaScript code into pages. This code will then execute whenever a user visits the infected page, potentially leading to account compromise, data theft, or other malicious activities. Technical Details The vulnerability lies within the $item['field_id'] parameter used by the plugin. Due to insufficient input sanitization and output escaping, an authenticated attacker can inject arbitrary web scripts into form builder components.…