Dismissed suggestions Untriaged suggestions Draft issues Published issues Dismissed suggestions These automatic suggestions were dismissed after initial triaging. Restore to select a suggestion for a revision. CVE-2025-58245 5.9 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): HIGH User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 1 month ago by @mweinelt Activity log Created automatic suggestion 2 months ago @mweinelt removed 2 packages traderepublic-portfolio-downloader portfolio-filemanager 1 month ago @mweinelt dismissed 1 month ago WordPress Portfolio Plugin <= 2.58 - Cross Site Scripting (XSS) Vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bestweblayout Portfolio allows DOM-Based XSS. This issue affects Portfolio : from n/a through 2.58. portfolio =<2.58 CVE-2025-58244 8.8 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH updated 1 month ago by @mweinelt Activity log Created automatic suggestion 2 months ago @mweinelt removed package akkuPackages.cyclone-iset-constructors 1 month ago @mweinelt dismissed 1 month ago WordPress Constructo Theme <= 4.3.9 - Cross Site Request Forgery (CSRF) Vulnerability Cross-Site Request Forgery (CSRF) vulnerability in Anps Constructo allows Object Injection. This issue affects Constructo: from n/a through 4.3.9. constructo =<4.3.9 CVE-2025-58020 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 1 month ago by @mweinelt Activity log Created automatic suggestion 2 months ago @mweinelt removed package haskellPackages.theatre-dev 1 month ago @mweinelt dismissed 1 month ago WordPress Theater for WordPress Plugin <= 0.18.8 - Cross Site Scripting (XSS) Vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeroen Schmit Theater for WordPress allows Stored XSS. This issue affects Theater for WordPress: from n/a through 0.18.8. theatre =<0.18.8 CVE-2025-58652 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 1 month ago by @mweinelt Activity log Created automatic suggestion 2 months ago @mweinelt removed package haskellPackages.data-carousel 1 month ago @mweinelt dismissed 1 month ago WordPress Carousel Ultimate Plugin <= 1.8 - Cross Site Scripting (XSS) Vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Carousel Ultimate allows Stored XSS. This issue affects Carousel Ultimate: from n/a through 1.8. carousel =<1.8
CVE-2025-58245 5.9 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): HIGH User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 1 month ago by @mweinelt Activity log Created automatic suggestion 2 months ago @mweinelt removed 2 packages traderepublic-portfolio-downloader portfolio-filemanager 1 month ago @mweinelt dismissed 1 month ago WordPress Portfolio Plugin <= 2.58 - Cross Site Scripting (XSS) Vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bestweblayout Portfolio allows DOM-Based XSS. This issue affects Portfolio : from n/a through 2.58. portfolio =<2.58
CVE-2025-58244 8.8 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH updated 1 month ago by @mweinelt Activity log Created automatic suggestion 2 months ago @mweinelt removed package akkuPackages.cyclone-iset-constructors 1 month ago @mweinelt dismissed 1 month ago WordPress Constructo Theme <= 4.3.9 - Cross Site Request Forgery (CSRF) Vulnerability Cross-Site Request Forgery (CSRF) vulnerability in Anps Constructo allows Object Injection. This issue affects Constructo: from n/a through 4.3.9. constructo =<4.3.9
CVE-2025-58020 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 1 month ago by @mweinelt Activity log Created automatic suggestion 2 months ago @mweinelt removed package haskellPackages.theatre-dev 1 month ago @mweinelt dismissed 1 month ago WordPress Theater for WordPress Plugin <= 0.18.8 - Cross Site Scripting (XSS) Vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeroen Schmit Theater for WordPress allows Stored XSS. This issue affects Theater for WordPress: from n/a through 0.18.8. theatre =<0.18.8
CVE-2025-58652 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 1 month ago by @mweinelt Activity log Created automatic suggestion 2 months ago @mweinelt removed package haskellPackages.data-carousel 1 month ago @mweinelt dismissed 1 month ago WordPress Carousel Ultimate Plugin <= 1.8 - Cross Site Scripting (XSS) Vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Carousel Ultimate allows Stored XSS. This issue affects Carousel Ultimate: from n/a through 1.8. carousel =<1.8