WordPress WP Post Author – Author Box, Multiple Authors, Guest Authors & Custom Avatars plugin <= 3.8.3 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin WP Post Author versions = 3.8.3...

CVE-2026-5012

A flaw has been found in elecV2 elecV2P up to 3.8.3. This issue affects the function pm2run of the file /rpc. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been published and may be used. The project was informed of the problem ear...

CVE-2026-5014

A vulnerability was found in elecV2 elecV2P up to 3.8.3. The affected element is the function path.join of the file /log/ of the component Wildcard Handler. The manipulation results in path traversal. The attack may be performed from remote. The exploit has been made public and could be used. The...

CVE-2026-5016

A vulnerability was identified in elecV2 elecV2P up to 3.8.3. This affects the function eAxios of the file /mock of the component URL Handler. Such manipulation of the argument req leads to server-side request forgery. It is possible to launch the attack remotely. The exploit is publicly availabl...

CVE-2026-5016 elecV2 elecV2P URL mock eAxios server-side request forgery

A vulnerability was identified in elecV2 elecV2P up to 3.8.3. This affects the function eAxios of the file /mock of the component URL Handler. Such manipulation of the argument req leads to server-side request forgery. It is possible to launch the attack remotely. The exploit is publicly availabl...

EUVD-2026-16947

A vulnerability was found in elecV2 elecV2P up to 3.8.3. The affected element is the function path.join of the file /log/ of the component Wildcard Handler. The manipulation results in path traversal. The attack may be performed from remote. The exploit has been made public and could be used. The...

CVE-2026-5014

The CVE-2026-5014 affects elecV2 elecV2P up to version 3.8.3, targeting the path.join operation in the /log/ component of the Wildcard Handler. The issue enables path traversal and can be exploited remotely. Public exploit exists; the project was informed via issue reports but has not responded. ...

CVE-2026-5011 elecV2 elecV2P JSON webhook runJSFile code injection

A vulnerability was detected in elecV2 elecV2P up to 3.8.3. This vulnerability affects the function runJSFile of the file /webhook of the component JSON Parser. Performing a manipulation of the argument rawcode results in code injection. Remote exploitation of the attack is possible. The exploit ...

CVE-2026-5011

A vulnerability was detected in elecV2 elecV2P up to 3.8.3. This vulnerability affects the function runJSFile of the file /webhook of the component JSON Parser. Performing a manipulation of the argument rawcode results in code injection. Remote exploitation of the attack is possible. The exploit ...

elecV2P 操作系统命令注入漏洞

elecV2P is a network request modification and scheduled task tool developed by the elecV2 individual developer. Versions of elecV2P 3.8.3 and earlier have a vulnerability related to operating system command injection. This vulnerability stems from the pm2run function in the/rpc file, which allows...

PT-2026-28730

Name of the Vulnerable Software and Affected Versions elecV2 elecV2P versions through 3.8.3 Description A server-side request forgery condition exists due to manipulation of the req argument within the eAxios function located in the /mock file of the URL Handler component. This allows for remote...

elecV2P 路径遍历漏洞

elecV2P is a network request modification and scheduled task tool developed by the elecV2 individual developer. Versions of elecV2P 3.8.3 and earlier have a path traversal vulnerability. This vulnerability stems from improper handling of parameters in the path.join function of the file/store/:key...

CVE-2026-3955

A security vulnerability has been detected in elecV2P up to 3.8.3. Affected by this issue is the function runJSFile of the file source-code/elecV2P-master/webser/wbjs.js of the component jsfile Endpoint. Such manipulation leads to code injection. The attack may be launched remotely. The exploit h...

CVE-2026-3955

The CVE-2026-3955 entry affects elecV2P up to version 3.8.3. The vulnerable component is the function runJSFile in file source-code/elecV2P-master/webser/wbjs.js of the jsfile Endpoint, with code injection as the underlying issue. Attacker can potentially exploit remotely, and public disclosure o...

DEBIAN-CVE-2026-29063

Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Pollution is possible in immutable via the mergeDeep, mergeDeepWith, merge, Map.toJS, and Map.toObject APIs. This issue has been patched in versions 3.8.3, 4.3.7, and 5.1.5...

UBUNTU-CVE-2026-29063

Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Pollution is possible in immutable via the mergeDeep, mergeDeepWith, merge, Map.toJS, and Map.toObject APIs. This issue has been patched in versions 3.8.3, 4.3.7, and 5.1.5...

CVE-2026-29063 Immutable.js: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in immutable

Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Pollution is possible in immutable via the mergeDeep, mergeDeepWith, merge, Map.toJS, and Map.toObject APIs. This issue has been patched in versions 3.8.3, 4.3.7, and 5.1.5...

CVE-2026-29063

CVE-2026-29063 affects Immutable.js, where prototype pollution is possible via mergeDeep(), mergeDeepWith(), merge(), Map.toJS(), and Map.toObject() APIs in versions prior to 3.8.3, 4.3.7, and 5.1.5. IBM security bulletins corroborate the issue and list affected IBM products (e.g., Cloud Pak for ...

Immutable collections for JavaScript 安全漏洞

Immutable Collections for JavaScript is an open-source immutable data collection library developed by Immutable.js. There were security vulnerabilities in versions prior to 3.8.3, 4.3.7, and 5.1.5 of Immutable Collections for JavaScript. These vulnerabilities stemmed from prototype pollution issu...

GHSA-WF6X-7X77-MVGW Immutable is vulnerable to Prototype Pollution

Impact What kind of vulnerability is it? Who is impacted? A Prototype Pollution is possible in immutable via the mergeDeep, mergeDeepWith, merge, Map.toJS, and Map.toObject APIs. Affected APIs | API | Notes | | --------------------------------------- |...