218 matches found
CVE-2026-3878
The WP Docs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpdocsoptionsiconsize' parameter in all versions up to, and including, 2.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level...
CVE-2026-3878
The vulnerability affects the WordPress WP Docs plugin, with a Stored Cross-Site Scripting (XSS) flaw in the wpdocs_options[icon_size] parameter across all versions up to 2.2.9. The root cause is insufficient input sanitization and output escaping, allowing authenticated attackers with subscriber...
CVE-2026-1085
The True Ranker plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.9. This is due to missing nonce validation on the seolocalrank-signout action. This makes it possible for unauthenticated attackers to disconnect the administrator's True...
EUVD-2026-10126
The True Ranker plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.9. This is due to missing nonce validation on the seolocalrank-signout action. This makes it possible for unauthenticated attackers to disconnect the administrator's True...
PT-2026-23836
The True Ranker plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.9. This is due to missing nonce validation on the seolocalrank-signout action. This makes it possible for unauthenticated attackers to disconnect the administrator's True...
CVE-2026-25332
Missing Authorization vulnerability in Fahad Mahmood Endless Posts Navigation endless-posts-navigation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Endless Posts Navigation: from n/a through = 2.2.9...
CVE-2026-25332 WordPress Endless Posts Navigation plugin <= 2.2.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in Fahad Mahmood Endless Posts Navigation endless-posts-navigation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Endless Posts Navigation: from n/a through = 2.2.9...
WordPress plugin Endless Posts Navigation 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
WordPress Endless Posts Navigation plugin <= 2.2.9 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Endless Posts Navigation versions = 2.2.9...
EUVD-2026-5247
Missing Authorization vulnerability in Brecht Visual Link Preview visual-link-preview allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Visual Link Preview: from n/a through = 2.2.9...
CVE-2026-24984
CVE-2026-24984 affects the WordPress Visual Link Preview plugin up to and including version 2.2.9, describing a Missing/Incorrectly Configured Authorization vulnerability that allows access control bypass. The issue, documented in multiple sources, indicates a Broken Access Control risk with CVSS...
CVE-2026-24984 WordPress Visual Link Preview plugin <= 2.2.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in Brecht Visual Link Preview visual-link-preview allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Visual Link Preview: from n/a through = 2.2.9...
WordPress plugin Visual Link Preview 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
PT-2026-6232
Name of the Vulnerable Software and Affected Versions Brecht Visual Link Preview versions through 2.2.9 Description A missing authorization flaw exists in Brecht Visual Link Preview, potentially allowing exploitation due to incorrectly configured access control security levels. Recommendations...
WordPress EventON Lite< 2.2.9 - Unauthenticated Virtual Event Settings Update vulnerability
Unauthenticated Virtual Event Settings Update vulnerability discovered by Erwan LR WPScan in WordPress Plugin EventON versions 2.2.9...
MiracleLinux 3 : dbmail-2.2.5-1.8AXS3 (AXSA:2008-85:01)
The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2008-85:01 advisory. Description of problem: Dbmail is the name of a group of programs that enable the possibility of storing and retrieving mail messages from a database. DBMail...
CVE-2025-68715
An issue was discovered in Panda Wireless PWRU0 devices with firmware 2.2.9 that exposes multiple HTTP endpoints /goform/setWan, /goform/setLan, /goform/wirelessBasic that do not enforce authentication. A remote unauthenticated attacker can modify WAN, LAN, and wireless settings directly, leading...
CVE-2025-68715
An issue was discovered in Panda Wireless PWRU0 devices with firmware 2.2.9 that exposes multiple HTTP endpoints /goform/setWan, /goform/setLan, /goform/wirelessBasic that do not enforce authentication. A remote unauthenticated attacker can modify WAN, LAN, and wireless settings directly, leading...
CVE-2025-68715
An issue was discovered in Panda Wireless PWRU0 devices with firmware 2.2.9 that exposes multiple HTTP endpoints /goform/setWan, /goform/setLan, /goform/wirelessBasic that do not enforce authentication. A remote unauthenticated attacker can modify WAN, LAN, and wireless settings directly, leading...
CVE-2025-68715
CVE-2025-68715 affects Panda Wireless PWRU0 devices with firmware 2.2.9. The issue exposes HTTP endpoints /goform/setWan, /goform/setLan, and /goform/wirelessBasic that do not require authentication. A remote unauthenticated attacker can modify WAN, LAN, and wireless settings directly, enabling p...