Refine your search
7 vulnerabilities found for by themeisle
CVE-2025-12045 (GCVE-0-2025-12045)
Vulnerability from cvelistv5
Published
2025-11-04 11:19
Modified
2025-11-04 18:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
The Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the category and tag 'name' parameters in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| themeisle | Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More |
Version: * ≤ 3.0.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12045",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-04T18:53:18.230614Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-04T18:53:30.602Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts \u0026 More",
"vendor": "themeisle",
"versions": [
{
"lessThanOrEqual": "3.0.2",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dmitrii Ignatyev"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts \u0026 More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the category and tag \u0027name\u0027 parameters in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-04T11:19:27.966Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/139a264b-082b-45db-ac9e-4974bf86c56f?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/themeisle-companion/trunk/obfx_modules/elementor-extra-widgets/widgets/elementor/posts-grid.php#L1912"
},
{
"url": "https://plugins.trac.wordpress.org/browser/themeisle-companion/trunk/obfx_modules/elementor-extra-widgets/widgets/elementor/posts-grid.php#L1878"
},
{
"url": "https://research.cleantalk.org/cve-2025-12045/"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3388856/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-21T19:56:59.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-11-03T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Orbit Fox Companion \u003c= 3.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via Post Taxonomy"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-12045",
"datePublished": "2025-11-04T11:19:27.966Z",
"dateReserved": "2025-10-21T19:37:36.665Z",
"dateUpdated": "2025-11-04T18:53:30.602Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-10145 (GCVE-0-2025-10145)
Vulnerability from cvelistv5
Published
2025-10-28 05:27
Modified
2025-10-28 20:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Summary
The Auto Featured Image (Auto Post Thumbnail) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.1.7 via the upload_to_library function. This makes it possible for authenticated attackers, with Author-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. On Cloud instances, this issue allows for metadata retrieval.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| themeisle | Auto Featured Image (Auto Post Thumbnail) |
Version: * ≤ 4.1.7 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10145",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-28T20:03:52.985743Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-28T20:04:08.491Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Auto Featured Image (Auto Post Thumbnail)",
"vendor": "themeisle",
"versions": [
{
"lessThanOrEqual": "4.1.7",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jonas Benjamin Friedli"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Auto Featured Image (Auto Post Thumbnail) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.1.7 via the upload_to_library function. This makes it possible for authenticated attackers, with Author-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. On Cloud instances, this issue allows for metadata retrieval."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-28T05:27:29.647Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/93acfae6-470b-4637-b76b-e1162b80253f?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/auto-post-thumbnail/tags/4.1.7/includes/class-apt.php#L821"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-25T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-10-17T15:19:45.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-10-27T16:26:51.000+00:00",
"value": "Disclosed"
}
],
"title": "Auto Featured Image (Auto Post Thumbnail) \u003c= 4.1.7 - Authenticated (Author+) Server-Side Request Forgery"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-10145",
"datePublished": "2025-10-28T05:27:29.647Z",
"dateReserved": "2025-09-08T21:57:57.014Z",
"dateUpdated": "2025-10-28T20:04:08.491Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9322 (GCVE-0-2025-9322)
Vulnerability from cvelistv5
Published
2025-10-25 06:49
Modified
2025-10-27 15:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Summary
The Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions plugin for WordPress is vulnerable to SQL Injection via the 'wpfs-form-name' parameter in all versions up to, and including, 8.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| themeisle | Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions |
Version: * ≤ 8.3.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9322",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-27T15:44:15.155761Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T15:44:23.530Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Stripe Payment Forms by WP Full Pay \u2013 Accept Credit Card Payments, Donations \u0026 Subscriptions",
"vendor": "themeisle",
"versions": [
{
"lessThanOrEqual": "8.3.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Mazzolini"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Stripe Payment Forms by WP Full Pay \u2013 Accept Credit Card Payments, Donations \u0026 Subscriptions plugin for WordPress is vulnerable to SQL Injection via the \u0027wpfs-form-name\u0027 parameter in all versions up to, and including, 8.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-25T06:49:23.256Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/886b612a-d0d1-4880-b423-eb62410a28cd?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3378785%40wp-full-stripe-free\u0026new=3378785%40wp-full-stripe-free\u0026sfp_email=\u0026sfph_mail=#file6"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-26T20:26:17.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-10-24T18:16:58.000+00:00",
"value": "Disclosed"
}
],
"title": "Stripe Payment Forms \u003c= 8.3.1 - Unauthenticated SQL Injection"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-9322",
"datePublished": "2025-10-25T06:49:23.256Z",
"dateReserved": "2025-08-21T19:32:17.388Z",
"dateUpdated": "2025-10-27T15:44:23.530Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-11128 (GCVE-0-2025-11128)
Vulnerability from cvelistv5
Published
2025-10-23 12:32
Modified
2025-10-23 13:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Summary
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.1.0 via the 'feedzy_sanitize_feeds' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query information from internal services.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| themeisle | RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator |
Version: * ≤ 5.1.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11128",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-23T13:38:55.005647Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-23T13:39:12.823Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging, News \u0026 YouTube Video Feeds Aggregator",
"vendor": "themeisle",
"versions": [
{
"lessThanOrEqual": "5.1.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lucas Montes"
}
],
"descriptions": [
{
"lang": "en",
"value": "The RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging, News \u0026 YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.1.0 via the \u0027feedzy_sanitize_feeds\u0027 function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query information from internal services."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-23T12:32:32.611Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c33ec58f-3e83-425a-9f0f-5e529be15e05?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/feedzy-rss-feeds/trunk/includes/gutenberg/feedzy-rss-feeds-gutenberg-block.php#L280"
},
{
"url": "https://plugins.trac.wordpress.org/browser/feedzy-rss-feeds/trunk/includes/gutenberg/feedzy-rss-feeds-gutenberg-block.php#L309"
},
{
"url": "https://plugins.trac.wordpress.org/browser/feedzy-rss-feeds/trunk/includes/gutenberg/feedzy-rss-feeds-gutenberg-block.php#L336"
},
{
"url": "https://plugins.trac.wordpress.org/browser/feedzy-rss-feeds/trunk/includes/gutenberg/feedzy-rss-feeds-gutenberg-block.php#L399"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3378828/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-27T22:08:01.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-10-22T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Feedzy RSS Feeds Lite \u003c= 5.1.0 - Authenticated (Subscriber+) Server-Side Request Forgery"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-11128",
"datePublished": "2025-10-23T12:32:32.611Z",
"dateReserved": "2025-09-27T21:52:08.932Z",
"dateUpdated": "2025-10-23T13:39:12.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-11691 (GCVE-0-2025-11691)
Vulnerability from cvelistv5
Published
2025-10-18 06:42
Modified
2025-10-20 17:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Summary
The PPOM – Product Addons & Custom Fields for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the PPOM_Meta::get_fields_by_id() function in all versions up to, and including, 33.0.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This is only exploitable when the Enable Legacy Price Calculations setting is enabled.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| themeisle | PPOM – Product Addons & Custom Fields for WooCommerce |
Version: * ≤ 33.0.15 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11691",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-20T17:56:07.756295Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-20T17:59:48.112Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PPOM \u2013 Product Addons \u0026 Custom Fields for WooCommerce",
"vendor": "themeisle",
"versions": [
{
"lessThanOrEqual": "33.0.15",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Talal Nasraddeen"
}
],
"descriptions": [
{
"lang": "en",
"value": "The PPOM \u2013 Product Addons \u0026 Custom Fields for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the PPOM_Meta::get_fields_by_id() function in all versions up to, and including, 33.0.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This is only exploitable when the Enable Legacy Price Calculations setting is enabled."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-18T06:42:49.184Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/eefcc290-b7f7-4cf0-9ccc-db4c883d6426?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/woocommerce-product-addon/trunk/classes/ppom.class.php#L337"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3379431%40woocommerce-product-addon\u0026new=3379431%40woocommerce-product-addon\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-14T17:24:49.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-10-17T18:11:36.000+00:00",
"value": "Disclosed"
}
],
"title": "PPOM \u2013 Product Addons \u0026 Custom Fields for WooCommerce \u003c= 33.0.15 - Unauthenticated SQL Injection"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-11691",
"datePublished": "2025-10-18T06:42:49.184Z",
"dateReserved": "2025-10-13T15:24:04.178Z",
"dateUpdated": "2025-10-20T17:59:48.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-11391 (GCVE-0-2025-11391)
Vulnerability from cvelistv5
Published
2025-10-18 06:42
Modified
2025-10-20 18:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Summary
The PPOM – Product Addons & Custom Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the image cropper functionality in all versions up to, and including, 33.0.15. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. While the vulnerable code is in the free version, this only affected users with the paid version of the software installed and activated.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| themeisle | PPOM – Product Addons & Custom Fields for WooCommerce |
Version: * ≤ 33.0.15 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11391",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-20T18:30:31.634936Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-20T18:30:53.727Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PPOM \u2013 Product Addons \u0026 Custom Fields for WooCommerce",
"vendor": "themeisle",
"versions": [
{
"lessThanOrEqual": "33.0.15",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Talal Nasraddeen"
}
],
"descriptions": [
{
"lang": "en",
"value": "The PPOM \u2013 Product Addons \u0026 Custom Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the image cropper functionality in all versions up to, and including, 33.0.15. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site\u0027s server which may make remote code execution possible. While the vulnerable code is in the free version, this only affected users with the paid version of the software installed and activated."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-18T06:42:48.390Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cf851bed-f5d8-44e2-810d-906ba3d3c1c5?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/woocommerce-product-addon/trunk/inc/hooks.php#L45"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3379431%40woocommerce-product-addon\u0026new=3379431%40woocommerce-product-addon\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-06T20:07:14.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-10-17T18:09:32.000+00:00",
"value": "Disclosed"
}
],
"title": "PPOM \u2013 Product Addons \u0026 Custom Fields for WooCommerce \u003c= 33.0.15 - Unauthenticated Arbitrary File Upload"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-11391",
"datePublished": "2025-10-18T06:42:48.390Z",
"dateReserved": "2025-10-06T20:04:27.764Z",
"dateUpdated": "2025-10-20T18:30:53.727Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9562 (GCVE-0-2025-9562)
Vulnerability from cvelistv5
Published
2025-10-18 06:42
Modified
2025-10-27 16:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
The Redirection for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's qs_date shortcode in all versions up to, and including, 3.2.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| themeisle | Redirection for Contact Form 7 |
Version: * ≤ 3.2.6 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9562",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-20T18:34:21.658144Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T16:13:26.280Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Redirection for Contact Form 7",
"vendor": "themeisle",
"versions": [
{
"lessThanOrEqual": "3.2.6",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Muhammad Yudha - DJ"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Redirection for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\u0027s qs_date shortcode in all versions up to, and including, 3.2.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-18T06:42:46.555Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5a801bb0-a7fc-42c3-b26f-3f7cdb592bea?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpcf7-redirect/tags/3.2.5/wpcf7r-functions.php#L558"
},
{
"url": "https://wordpress.org/plugins/wpcf7-redirect/"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3378810%40wpcf7-redirect\u0026new=3378810%40wpcf7-redirect\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-26T20:26:17.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-10-17T17:48:32.000+00:00",
"value": "Disclosed"
}
],
"title": "Redirection for Contact Form 7 \u003c= 3.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via qs_date Shortcode"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-9562",
"datePublished": "2025-10-18T06:42:46.555Z",
"dateReserved": "2025-08-27T21:14:05.609Z",
"dateUpdated": "2025-10-27T16:13:26.280Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}