CVE-2026-22470 WordPress FireStorm Professional Real Estate plugin <= 2.7.11 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in FireStorm Plugins FireStorm Professional Real Estate fs-real-estate-plugin allows Blind SQL Injection.This issue affects FireStorm Professional Real Estate: from n/a through = 2.7.11...

WordPress FireStorm Professional Real Estate plugin <= 2.7.11 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Mrreee in WordPress Plugin FireStorm Professional Real Estate versions = 2.7.11...

EUVD-2025-201941

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Dream-Theme The7 Elements dt-the7-core allows PHP Local File Inclusion.This issue affects The7 Elements: from n/a through = 2.7.11...

CVE-2025-63076

CVE-2025-63076 affects The7 Elements (dt-the7-core) up to version 2.7.11, enabling PHP Local File Inclusion due to improper filename control in Include/Require. Multiple sources (Wordfence, CVE listings) confirm this vulnerability and indicate it has been patched. The advisory notes the issue as ...

CVE-2025-11244

CVE-2025-11244 affects the WordPress Password Protected plugin (versions ≤ 2.7.11). The vulnerability arises because the plugin trusts client-controlled HTTP headers (eg, X-Forwarded-For, HTTP_CLIENT_IP) in pp_get_ip_address() when the Use transients option is enabled, enabling an unauthenticated...

CVE-2025-11244 Password Protected <= 2.7.11 - Unauthenticated Authorization Bypass via IP Address Spoofing

The Password Protected plugin for WordPress is vulnerable to authorization bypass via IP address spoofing in all versions up to, and including, 2.7.11. This is due to the plugin trusting client-controlled HTTP headers such as X-Forwarded-For, HTTPCLIENTIP, and similar headers to determine user IP...

WordPress The7 Elements plugin <= 2.7.11 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin The7 Elements versions = 2.7.11...

EUVD-2023-1303

Malicious code in bioql PyPI...

EUVD-2023-38279

Malicious code in bioql PyPI...

EUVD-2024-45911

Malicious code in bioql PyPI...

CVE-2023-34178

Cross-Site Request Forgery CSRF vulnerability in Groundhogg Inc. Groundhogg plugin = 2.7.11 versions...

CVE-2021-43792

Discourse is an open source discussion platform. In affected versions a vulnerability affects users of tag groups who use the "Tags are visible only to the following groups" feature. A tag group may only allow a certain group e.g. staff to view certain tags. Users who were tracking or watching th...

WordPress WP SEO Structured Data Schema plugin <= 2.7.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Plugin Settings vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Plugin Settings vulnerability discovered by Jorgson in WordPress Plugin WP SEO Structured Data Schema versions = 2.7.11...

CVE-2024-10105

The Job Postings WordPress plugin before 2.7.11 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress plugin Jobs for WordPress 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

PT-2025-12738 · WordPress · Job Postings

Name of the Vulnerable Software and Affected Versions: Job Postings WordPress plugin versions prior to 2.7.11 Description: The issue allows high privilege users, such as contributors, to perform Stored Cross-Site Scripting attacks. This is possible because the plugin does not properly sanitise an...

PT-2024-35266 · Linear · Linear

Name of the Vulnerable Software and Affected Versions: Linear versions through 2.7.11 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. Specifically, it is a DOM-Based XSS vulnerability. This means that the...

PT-2024-16545 · WordPress · Simple Local Avatars

Name of the Vulnerable Software and Affected Versions: The Simple Local Avatars plugin for WordPress versions up to, and including, 2.7.11 Description: The issue is related to a missing capability check on the sla clear user cache function, allowing authenticated attackers with Subscriber-level...

WordPress Simple Local Avatars Plugin <= 2.7.11 is vulnerable to Broken Access Control

Software Simple Local Avatars Type Plugin Vulnerable versions = 2.7.11 Fixed in 2.8.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10786 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 717b24faeea4 Credits Trương Hữu Phúc...

CVE-2024-51739

Combodo iTop is a simple, web based IT Service Management tool. Unauthenticated user can perform users enumeration, which can make it easier to bruteforce a valid account. As a fix the sentence displayed after resetting password no longer shows if the user exists or not. This fix is included in...