CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-7021 – OpenAI Operator - API Spoofing through Locking Operator on FullScreen
https://notcve.org/view.php?id=CVE-2025-7021
10 Jul 2025 — Fullscreen API Spoofing and UI Redressing in the handling of Fullscreen API and UI rendering in OpenAI Operator SaaS on Web allows a remote attacker to capture sensitive user input (e.g., login credentials, email addresses) via displaying a deceptive fullscreen interface with overlaid fake browser controls and a distracting element (like a cookie consent screen) to obscure fullscreen notifications, tricking the user into interacting with the malicious site. • https://github.com/google/security-research/security/advisories/GHSA-mmgx-755h-wr74 • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-23968 – WordPress AiBud WP plugin <= 1.8.5 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2025-23968
03 Jul 2025 — Unrestricted Upload of File with Dangerous Type vulnerability in WPCenter AiBud WP allows Upload a Web Shell to a Web Server.This issue affects AiBud WP: from n/a through 1.8.5. Vulnerabilidad de carga sin restricciones de archivos con tipo peligroso en WPCenter AiBud WP permite cargar un shell web a un servidor web. Este problema afecta a AiBud WP: desde n/a hasta 1.8.5. The AI Bud – AI Content Generator, AI Chatbot, ChatGPT, Gemini, GPT-4o plugin for WordPress is vulnerable to arbitrary file uploads due t... • https://github.com/d0n601/CVE-2025-23968 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31843 – WordPress OpenAI Tools for WordPress & WooCommerce plugin <= 2.1.5 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2025-31843
01 Apr 2025 — Missing Authorization vulnerability in Wilson OpenAI Tools for WordPress & WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects OpenAI Tools for WordPress & WooCommerce: from n/a through 2.1.5. The OpenAI Tools for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.1.5. This makes it possible for authenticated attackers, with Subscriber-lev... • https://patchstack.com/database/wordpress/plugin/openai-tools-for-wp-wc/vulnerability/wordpress-openai-tools-for-wordpress-woocommerce-plugin-2-1-5-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •