CVE-2026-2446 Powerpack for LearnDash < 1.3.0 - Unauthenticated Arbitrary Option Update

The PowerPack for LearnDash WordPress plugin before 1.3.0 does not have authorization and CRSF checks in an AJAX action, allowing unauthenticated users to update arbitrary WordPress options such as defaultrole etc and create arbitrary admin users...

EUVD-2023-33933

Malicious code in bioql PyPI...

EUVD-2023-33934

Malicious code in bioql PyPI...

CVE-2010-2446

Rbot Reaction plugin allows command execution...

CVE-2012-2446

Cross-site scripting XSS vulnerability in tools/locallookup.php in the WebAdmin Portal in Netsweeper allows remote attackers to inject arbitrary web script or HTML via the group parameter in a lookup action...

PT-2025-14610 · Undefined · Undefined

Four CVEs assigned: CVE-2025-2446 path traversal, CVE-2025-2439 GGUF parser read, CVE-2025-2445 Python-engine injection, CVE-2025-2447 missing CSRF...

PT-2025-14612 · Undefined · Undefined

Four CVEs assigned: CVE-2025-2446 path traversal, CVE-2025-2439 GGUF parser read, CVE-2025-2445 Python-engine injection, CVE-2025-2447 missing CSRF...

WordPress WP Editor Plugin <= 1.2.9 is vulnerable to PHP Object Injection

Software WP Editor Type Plugin Vulnerable versions = 1.2.9 Fixed in 1.2.9.1 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2022-2446 Patch priority Low CVSS severity Low 7.2 Developer Claim ownership PSID 2c7bc2d905b6 Credits Rasoul Jahanshahi Required privilege...

CVE-2024-2446

creationtimestamp| type| source ---|---|--- 2024-03-15 11:26:30+00:00| seen| https://t.me/ctinow/208628 2024-03-15 11:26:54+00:00| seen| https://t.me/ctinow/208644 2024-03-16 21:20:03+00:00| seen| https://t.me/arpsyndicate/4258...

CVE-2024-2446

Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to limit the number of @-mentions processed per message, allowing an authenticated attacker to crash the client applications of other users via large, crafted messages...

CVE-2024-2446

Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to limit the number of @-mentions processed per message, allowing an authenticated attacker to crash the client applications of other users via large, crafted messages...

CVE-2024-2446

CVE-2024-2446 affects Mattermost server/mattermost-client components where there is no effective limit on the number of mentions processed per message. The description in connected sources specifies that Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x be...

CVE-2023-2446

creationtimestamp| type| source ---|---|--- 2023-11-23 10:58:01+00:00| seen| https://t.me/CyberSecurityTechnologies/9447 2024-08-16 08:51:05+00:00| seen| https://t.me/Rootsec2/1998 2024-08-16 08:51:14+00:00| seen| https://t.me/Rootsec2/2051 2026-04-09 21:02:36+00:00| seen|...

UserPro < 5.1.5 - Missing Authorization to Arbitrary Shortcode Execution via userpro_shortcode_template

Description The UserPro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'userproshortcodetemplate' function in versions up to, and including, 5.1.4. This makes it possible for unauthenticated attackers to arbitrary shortcode execution. An...

UserPro < 5.1.2 - Authentication Bypass to Administrator

Description The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.1. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log ...

CVE-2023-2448

The UserPro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'userproshortcodetemplate' function in versions up to, and including, 5.1.4. This makes it possible for unauthenticated attackers to arbitrary shortcode execution. An attacker ca...

Authentication flaw

The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.1. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as any...

Design/Logic Flaw

The UserPro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'userproshortcodetemplate' function in versions up to, and including, 5.1.4. This makes it possible for unauthenticated attackers to arbitrary shortcode execution. An attacker ca...

Sql injection

The UserPro plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 5.1.1. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function userproprocessform. The function uses the plainte...

CVE-2023-2437 UserPro <= 5.1.1 - Authentication Bypass to Administrator

The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.1. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as any...