Aggregator

A vulnerability marked as critical has been reported in Share This Image Plugin up to 2.09 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to missing authorization. This vulnerability is traded as CVE-2026-25010. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability labeled as critical has been found in Oxygen Plugin up to 6.0.8 on WordPress. Affected by this vulnerability is an unknown functionality. Executing a manipulation can lead to server-side request forgery. This vulnerability appears as CVE-2025-69299. The attack may be performed from remote. There is no available exploit.

A vulnerability identified as problematic has been detected in UsersWP Plugin up to 1.2.53 on WordPress. Affected is the function ajax_avatar_banner_upload. Performing a manipulation results in cross-site request forgery. This vulnerability is reported as CVE-2026-25015. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability categorized as critical has been discovered in Uroan Core Plugin up to 1.4.4 on WordPress. This impacts an unknown function. Such manipulation leads to sql injection. This vulnerability is documented as CVE-2025-69365. The attack can be executed remotely. There is not any exploit available.

A vulnerability was found in WPJobster Plugin up to 6.3.5 on WordPress. It has been rated as problematic. This affects an unknown function. This manipulation causes cross site scripting. This vulnerability is registered as CVE-2026-22339. Remote exploitation of the attack is possible. No exploit is available.

嗯，用户让我用中文总结一下这篇文章，控制在一百个字以内，而且不需要用“文章内容总结”或者“这篇文章”这样的开头。直接写描述就行。 首先，我需要快速阅读文章内容。文章主要讲的是欧盟可能禁止进口俄罗斯的铂族金属和铜，作为新的贸易制裁措施。欧盟的目标是在本月通过这项限制，但需要所有成员国的同意。如果实施的话，俄罗斯的铱、铑、铂和铜都会被限制。这可能会加剧欧洲金属市场的供应问题。受影响最大的是诺里尔斯克镍业公司，他们占全球钯金供应量的40%，在产业链中非常重要。 接下来，我需要提取关键信息：欧盟、禁止进口、俄罗斯、铂族金属和铜、贸易制裁、供应问题、诺里尔斯克镍业公司。 然后，把这些信息浓缩成一句话，不超过一百个字。要确保涵盖主要点：欧盟考虑禁止进口俄罗斯的铂族金属和铜作为制裁措施，这可能加剧欧洲金属供应问题，并影响诺里尔斯克镍业公司。 最后，检查是否符合要求：没有使用开头语，控制在一百字以内。 欧盟考虑禁止进口俄罗斯铂族金属和铜作为新制裁措施,可能加剧欧洲金属市场供应问题,主要影响诺里尔斯克镍业公司,该公司占全球钯金供应量40%。

A vulnerability was found in WP Bannerize Pro Plugin up to 1.11.0 on WordPress. It has been declared as critical. The impacted element is an unknown function. The manipulation results in missing authorization. This vulnerability is cataloged as CVE-2026-25012. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in JobBoard Job Listing Plugin up to 1.2.8 on WordPress. It has been classified as problematic. The affected element is an unknown function. The manipulation leads to information disclosure. This vulnerability is listed as CVE-2025-68855. The attack may be initiated remotely. There is no available exploit.

2025年12月6号准备写下这些文字，不过后来发生一些事情需要处理，无奈把这个念头搁置下来。今天我的事项处理得差不多了。

A vulnerability was found in WP Custom Admin Interface Plugin up to 7.41 on WordPress and classified as critical. Impacted is an unknown function. Executing a manipulation can lead to missing authorization. This vulnerability is tracked as CVE-2026-25011. The attack can be launched remotely. No exploit exists.

A vulnerability has been found in Saasplate Core Plugin up to 1.2.8 on WordPress and classified as critical. This issue affects some unknown processing. Performing a manipulation results in sql injection. This vulnerability is identified as CVE-2025-69309. The attack can be initiated remotely. There is not any exploit available.

A vulnerability, which was classified as critical, was found in Sunshine Photo Cart Plugin up to 3.5.6.2 on WordPress. This vulnerability affects unknown code. Such manipulation leads to missing authorization. This vulnerability is referenced as CVE-2025-67973. It is possible to launch the attack remotely. No exploit is available.

A vulnerability, which was classified as critical, has been found in Extensions for CF7 Plugin up to 3.4.0 on WordPress. This affects an unknown part. This manipulation causes improper control of resource identifiers. The identification of this vulnerability is CVE-2026-24991. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as critical was found in Schedula Plugin up to 1.0 on WordPress. Affected by this issue is some unknown functionality. The manipulation results in missing authorization. This vulnerability was named CVE-2025-67970. The attack may be performed from remote. There is no available exploit.

A vulnerability classified as critical has been found in ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System Plugin up to 3.3.5 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2025-68837. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability described as critical has been identified in ELECOM WRC-X1500GS-B and WRC-X1500GSA-B. Affected is an unknown function of the component Request Handler. Executing a manipulation can lead to os command injection. This vulnerability is handled as CVE-2026-22550. The attack can be executed remotely. There is not any exploit available.

A vulnerability marked as problematic has been reported in ELECOM WRC-X1500GS-B and WRC-X1500GSA-B. This impacts an unknown function. Performing a manipulation results in use of weak credentials. This vulnerability is known as CVE-2026-24449. The attack may be carried out on the physical device. No exploit is available.

A vulnerability labeled as critical has been found in ELECOM WAB-S733IW2-PD, WAB-S733IW-AC, WAB-S733IW-PD, WAB-S300IW2-PD, WAB-S300IW-AC and WAB-S300IW-PD. This affects an unknown function of the component Packet Handler. Such manipulation leads to stack-based buffer overflow. This vulnerability is traded as CVE-2026-24465. The attack may be launched remotely. There is no exploit available.

A vulnerability identified as problematic has been detected in ELECOM WRC-X1500GS-B and WRC-X1500GSA-B. The impacted element is an unknown function. This manipulation causes cross-site request forgery. This vulnerability appears as CVE-2026-20704. The attack may be initiated remotely. There is no available exploit.

A vulnerability categorized as critical has been discovered in Medinik Core Plugin up to 1.3.6 on WordPress. The affected element is an unknown function. The manipulation results in sql injection. This vulnerability is reported as CVE-2025-69307. The attack can be launched remotely. No exploit exists.