89 matches found
CVE-2026-32488
Incorrect Privilege Assignment vulnerability in wpeverest User Registration user-registration allows Privilege Escalation.This issue affects User Registration: from n/a through = 4.4.9...
CVE-2026-32488
Incorrect Privilege Assignment vulnerability in wpeverest User Registration user-registration allows Privilege Escalation.This issue affects User Registration: from n/a through = 4.4.9...
CVE-2026-32488
CVE-2026-32488 affects the WordPress plugin User Registration (wpeverest) up to version 4.4.9 . The vulnerability arises from an incorrect privilege assignment that enables privilege escalation . Per the entry, the CVSS metrics indicate a Network exploit vector, high attack complexity, no privile...
CVE-2026-32488 WordPress User Registration plugin <= 4.4.9 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in wpeverest User Registration user-registration allows Privilege Escalation.This issue affects User Registration: from n/a through = 4.4.9...
CVE-2026-32488 WordPress User Registration plugin <= 4.4.9 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in wpeverest User Registration user-registration allows Privilege Escalation.This issue affects User Registration: from n/a through = 4.4.9...
WordPress plugin User Registration 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress User Registration plugin <= 4.4.9 - Privilege Escalation vulnerability
Privilege Escalation vulnerability discovered by 0xd4rk5id3 in WordPress Plugin User Registration versions = 4.4.9...
EUVD-2026-12745
mdjnelson/moodle-modcustomcert is a Moodle plugin for creating dynamically generated certificates with complete customization via the web browser. Prior to versions 4.4.9 and 5.0.3, a teacher who holds mod/customcert:manage in any single course can read and silently overwrite certificate elements...
Custom certificate activity 安全漏洞
Custom Certificate Activity is a dynamically generated and customizable PDF certificate plugin developed by Mark Nelson as an individual developer. Versions of Custom Certificate Activity prior to 4.4.9 and 5.0.3 contained security vulnerabilities. These vulnerabilities stemmed from the...
CVE-2026-27472
SPIP before 4.4.9 allows Blind Server-Side Request Forgery SSRF via syndicated sites in the private area. When editing a syndicated site, the application does not verify that the syndication URL is a valid remote URL, allowing an authenticated attacker to make the server issue requests to arbitra...
CVE-2026-27473
SPIP
CVE-2025-71247
SPIP 4.4.9 fixes an authenticated SSRF in the syndicated sites feature. CVE-2025-71247 affects SPIP
CVE-2026-24353
Missing Authorization vulnerability in wpeverest User Registration user-registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through = 4.4.9...
CVE-2026-24353
Missing Authorization vulnerability in wpeverest User Registration user-registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through = 4.4.9...
PT-2026-4249
Missing Authorization vulnerability in wpeverest User Registration user-registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through = 4.4.9...
WordPress plugin User Registration security vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
CVE-2025-61873
Best Practical Request Tracker RT before 4.4.9, 5.0.9, and 6.0.2 allows CSV Injection via ticket values when TSV export is used...
UBUNTU-CVE-2025-61873
Best Practical Request Tracker RT before 4.4.9, 5.0.9, and 6.0.2 allows CSV Injection via ticket values when TSV export is used...
CVE-2025-61873
Summary: CVE-2025-61873 affects Best Practical Request Tracker (RT). The connected Debian advisory confirms the issue is a CSV injection vulnerability in RT exports to TSV from search results, caused by ticket values containing certain characters and exported in TSV, enabling injection. Debian li...
CVE-2025-61873
Best Practical Request Tracker RT before 4.4.9, 5.0.9, and 6.0.2 allows CSV Injection via ticket values when TSV export is used...