High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| aapanel–aapanel WP Toolkit | The aapanel WP Toolkit plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization checks within the auto_login() function in versions 1.0 to 1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to bypass all role checks and gain full admin privileges. | 2025-07-18 | 8.8 | CVE-2025-6813 |
| aaroncampbell–Attachment Manager | The Attachment Manager plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the handle_actions() function in all versions up to, and including, 2.1.2. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). | 2025-07-18 | 9.1 | CVE-2025-7643 |
| Adrian Tobey–Groundhogg | Unrestricted Upload of File with Dangerous Type vulnerability in Adrian Tobey Groundhogg allows Upload a Web Shell to a Web Server. This issue affects Groundhogg: from n/a through 4.2.1. | 2025-07-16 | 9.1 | CVE-2025-48300 |
| Alcatel-Lucent–OmniAccess Stellar Products | Successful exploitation of the vulnerability could allow an attacker to inject commands with root privileges on the access point, potentially leading to the loss of confidentiality, integrity, availability, and full control of the access point. | 2025-07-16 | Content was cut in order to protect the source.Please visit the source for the rest of the article. |