CVE-2026-0740

The Ninja Forms - File Uploads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'NFFUAJAXControllersUploads::handleupload' function in all versions up to, and including, 3.3.26. This makes it possible for unauthenticated attackers to upload...

WordPress Ninja Forms - File Upload plugin <= 3.3.26 - Unauthenticated Arbitrary File Upload vulnerability

WordPress Ninja Forms - File Upload plugin = 3.3.26 - Unauthenticated Arbitrary File Upload vulnerability discovered by Sélim Lanouar whattheslime in WordPress Plugin Ninja Forms File Uploads Extension versions = 3.3.26...

CVE-2026-0740 Ninja Forms - File Upload <= 3.3.26 - Unauthenticated Arbitrary File Upload

The Ninja Forms - File Uploads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'NFFUAJAXControllersUploads::handleupload' function in all versions up to, and including, 3.3.26. This makes it possible for unauthenticated attackers to upload...

CVE-2026-0740 Ninja Forms - File Upload <= 3.3.26 - Unauthenticated Arbitrary File Upload

The Ninja Forms - File Uploads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'NFFUAJAXControllersUploads::handleupload' function in all versions up to, and including, 3.3.26. This makes it possible for unauthenticated attackers to upload...

WordPress plugin Ninja Forms - File Uploads 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

CVE-2026-34795 Endian Firewall /cgi-bin/logs_log.cgi DATE Perl Command Injection

Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logslog.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open call, which allows command injection due to an incomplete...

MiracleLinux 7 : gnutls-3.3.26-9.el7 (AXSA:2017-2203:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2203:01 advisory. GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language...

CVE-2023-5979

The eCommerce Product Catalog Plugin for WordPress plugin before 3.3.26 does not have CSRF checks in some of its admin pages, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as delete all products...

CVE-2023-51688

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress.This issue affects eCommerce Product Catalog Plugin for WordPress: from n/a through 3.3.26...

PT-2023-31882 · WordPress · Ecommerce Product Catalog Plugin

Name of the Vulnerable Software and Affected Versions: eCommerce Product Catalog Plugin for WordPress versions 3.3.26 and earlier Description: The issue is related to the exposure of sensitive information to an unauthorized actor. This is a problem where sensitive data is made accessible to...

WordPress eCommerce Product Catalog Plugin <= 3.3.26 is vulnerable to Sensitive Data Exposure

Software eCommerce Product Catalog Type Plugin Vulnerable versions = 3.3.26 Fixed in 3.3.27 OWASP Top 10 A4: Insecure Design Classification Sensitive Data Exposure CVE CVE-2023-51688 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID d7f671a2c15c Credits Muhammad Daffa Requir...

CVE-2023-5979

The eCommerce Product Catalog Plugin for WordPress plugin before 3.3.26 does not have CSRF checks in some of its admin pages, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as delete all products...

PT-2023-32457 · WordPress · Ecommerce Product Catalog Plugin

Name of the Vulnerable Software and Affected Versions: eCommerce Product Catalog Plugin for WordPress versions prior to 3.3.26 Description: The issue is related to the lack of CSRF checks in some admin pages of the plugin, which could allow attackers to make logged-in users perform unwanted actio...

WordPress plugin eCommerce Product Catalog security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...

CVE-2023-47839

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress plugin = 3.3.26 versions...

CVE-2023-47839

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress plugin = 3.3.26 versions...

PT-2018-14016 · Phonepe · Phonepe

Name of the Vulnerable Software and Affected Versions: PhonePe wallet aka com.PhonePe.app versions 3.0.6 through 3.3.26 Description: The issue might allow attackers to impersonate a user and set up their account without their knowledge. To exploit this, the user has to explicitly install a...

PT-2018-14015 · Phonepe · Phonepe

Name of the Vulnerable Software and Affected Versions: PhonePe wallet aka com.PhonePe.app versions 3.0.6 through 3.3.26 Description: The issue might allow attackers to discover sensitive information, including Credit/Debit card numbers, expiration dates, and CVV numbers. To exploit this, a user...

PT-2018-14014 · Phonepe · Phonepe

Name of the Vulnerable Software and Affected Versions: PhonePe wallet aka com.PhonePe.app versions 3.0.6 through 3.3.26 Description: The issue allows attackers to perform Account Takeover attacks by exploiting the Forgot Password feature. To exploit this, the user has to explicitly install a...

Scientific Linux Security Update : gnutls on SL7.x x86_64 (20170801)

The following packages have been upgraded to a later upstream version: gnutls 3.3.26. Security Fixes : - A double-free flaw was found in the way GnuTLS parsed certain X.509 certificates with Proxy Certificate Information extension. An attacker could create a specially crafted certificate which,...