@antv/chart-advisor (>=1.0.0 <=1.1.7), @opd/ava (=1.0.0) +1 more potentially affected by unknown CVE via @antv/dw-transform (=1.1.7)

@antv/dw-transform NPM version =1.1.7 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/dw-transform and may be impacted: - @antv/chart-advisor =1.0.0, =1.0.0, =1.0.10 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3877...

CVE-2026-44665

Summary of CVE-2026-44665 details (from provided sources): The vulnerability affects the fast-xml-builder library, where input data containing quotes in attribute values, if the processEntities flag is not enabled, can cause an attribute value to be split into multiple attributes. This enables an...

CVE-2026-44665 fast-xml-builder: Attribute values with unwanted quotes can bypass malicious or unwanted attributes

fast-xml-builder builds XML from JSON. Prior to 1.1.7, when an input data has quotes in attribute values but process entities is not enabled, it breaks the attribute value into multiple attributes. This gives the room for an attacker to insert unwanted attributes to the XML/HTML. This vulnerabili...

CVE-2026-32370

Missing Authorization vulnerability in raratheme Influencer influencer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Influencer: from n/a through = 1.1.7...

CVE-2026-1253

The Group Chat & Video Chat by AtomChat plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'atomchatupdateauthajax' and 'atomchatupdatelayoutajax' functions in all versions up to, and including, 1.1.7. This makes it possible for...

CVE-2026-1253

The CVE concerns the WordPress plugin Group Chat & Video Chat by AtomChat. A missing capability check in the AJAX handlers atomchat_update_auth_ajax and atomchat_update_layout_ajax affects all versions up to and including 1.1.7. This allows authenticated users with Subscriber-level access and abo...

CVE-2026-3475

CVE-2026-3475 affects the WordPress plugin Instant Popup Builder (

CVE-2026-3475 Instant Popup Builder <= 1.1.7 - Unauthenticated Arbitrary Shortcode Execution via 'token' Parameter

The Instant Popup Builder plugin for WordPress is vulnerable to Unauthenticated Arbitrary Shortcode Execution in all versions up to and including 1.1.7. This is due to the handleemailverificationpage function constructing a shortcode string from user-supplied GET parameters token, email and passi...

CVE-2026-3475

The Instant Popup Builder plugin for WordPress is vulnerable to Unauthenticated Arbitrary Shortcode Execution in all versions up to and including 1.1.7. This is due to the handleemailverificationpage function constructing a shortcode string from user-supplied GET parameters token, email and passi...

CVE-2026-3475 Instant Popup Builder <= 1.1.7 - Unauthenticated Arbitrary Shortcode Execution via 'token' Parameter

The Instant Popup Builder plugin for WordPress is vulnerable to Unauthenticated Arbitrary Shortcode Execution in all versions up to and including 1.1.7. This is due to the handleemailverificationpage function constructing a shortcode string from user-supplied GET parameters token, email and passi...

EUVD-2026-11866

Missing Authorization vulnerability in raratheme Influencer influencer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Influencer: from n/a through = 1.1.7...

EUVD-2026-11810

Missing Authorization vulnerability in raratheme JobScout jobscout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobScout: from n/a through = 1.1.7...

CVE-2026-32370

Missing Authorization vulnerability in raratheme Influencer influencer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Influencer: from n/a through = 1.1.7...

CVE-2026-32334

Missing Authorization vulnerability in raratheme JobScout jobscout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobScout: from n/a through = 1.1.7...

CVE-2026-32370

Missing Authorization vulnerability in raratheme Influencer influencer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Influencer: from n/a through = 1.1.7...

CVE-2026-32370

CVE-2026-32370 describes a Broken Access Control in the WordPress Influencer theme

CVE-2026-32370 WordPress Influencer theme <= 1.1.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in raratheme Influencer influencer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Influencer: from n/a through = 1.1.7...

CVE-2026-32370 WordPress Influencer theme <= 1.1.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in raratheme Influencer influencer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Influencer: from n/a through = 1.1.7...

CVE-2026-32334

The CVE concerns the WordPress JobScout theme (

CVE-2026-32334 WordPress JobScout theme <= 1.1.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in raratheme JobScout jobscout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobScout: from n/a through = 1.1.7...