CVE-2026-52694

Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce = 2.0 versions...

CVE-2026-52694 WordPress Signature Add-On for WooCommerce plugin <= 2.0 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce = 2.0 versions...

EUVD-2026-36901

Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce = 2.0 versions...

CVE-2026-52694

CVE-2026-52694 concerns the WordPress Signature Add-On for WooCommerce plugin, affected versions

PT-2026-49519

Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce = 2.0 versions...

WordPress Signature Add-On for WooCommerce plugin <= 2.0 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Averon Averenkov in WordPress Plugin Signature Add-On for WooCommerce versions = 2.0...

CVE-2026-9189 Contact Form 7 – PayPal & Stripe Add-on <= 2.4.9 - Unauthenticated Payment Bypass via Insufficient Verification of Data Authenticity via PayPal IPN Handler ('invoice'/'mc_gross' Verification)

The Contact Form 7 – PayPal & Stripe Add-on plugin for WordPress is vulnerable to Payment Bypass via Insufficient Verification of Data Authenticity in all versions up to, and including, 2.4.9. Although cf7pppaypalipnhandler correctly validates IPN authenticity by posting back to PayPal with...

CVE-2026-9189 Contact Form 7 – PayPal & Stripe Add-on <= 2.4.9 - Unauthenticated Payment Bypass via Insufficient Verification of Data Authenticity via PayPal IPN Handler ('invoice'/'mc_gross' Verification)

The Contact Form 7 – PayPal & Stripe Add-on plugin for WordPress is vulnerable to Payment Bypass via Insufficient Verification of Data Authenticity in all versions up to, and including, 2.4.9. Although cf7pppaypalipnhandler correctly validates IPN authenticity by posting back to PayPal with...

WordPress plugin Contact Form 7 – PayPal & Stripe Add-on 数据伪造问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress Contact Form 7 – PayPal & Stripe Add-on plugin <= 2.4.9 - Unauthenticated Payment Bypass vulnerability

Unauthenticated Payment Bypass vulnerability discovered by Stranger825 in WordPress Plugin Contact Form 7 – PayPal & Stripe Add-on versions = 2.4.9...

PT-2026-44218

The PDF Embedder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.9.3 via the enqueue block assets. This makes it possible for authenticated attackers, with contributor-level access and above, to extract configuration data. License key...

firefox: thunderbird: Unhandled Exception in Add-on Signature Verification

The Mozilla Foundation's Security Advisory: The application can fail to account for exceptions thrown by the loadManifestFromFile method during add-on signature verification. This flaw is triggered by an invalid or unsupported extension manifest and could cause runtime errors that disrupt the...

PT-2026-38440

Name of the Vulnerable Software and Affected Versions Sidekiq-cron versions prior to 2.3.2 Description Sidekiq-cron, an open-source scheduling add-on for Sidekiq, contains a cross-site scripting XSS flaw. This issue occurs when a crafted URL is rendered from the cron.erb file, allowing an attacke...

Astra Linux – Vulnerability in Firefox and Thunderbird

The application failed to account for exceptions thrown by the loadManifestFromFile method during add-on signature verification. This flaw, triggered by an invalid or unsupported extension manifest, could have caused runtime errors that disrupted the signature validation process. As a result, the...

pcs security update

0.12.1-1.el101.3 - Fixed CVE-2026-4800 by updating HA Cluster Management add-on to 0.1.23.2 Resolves: RHEL-164062...

[SECURITY] Fedora 44 Update: qt6-qtimageformats-6.10.3-1.fc44

The core Qt Gui library by default supports reading and writing image files of the most common file formats: PNG, JPEG, BMP, GIF and a few more, ref. Reading and Writing Image Files. The Qt Image Formats add-on module provides optional support for other image file formats, including: MNG, TGA,...

EUVD-2026-23018

Weblate: SSRF via the webhook add-on using unprotected fetchurl...

Weblate: SSRF via the webhook add-on using unprotected fetch_url()

Impact The webhook add-on did not utilize existing SSRF protection. Patches https://github.com/WeblateOrg/weblate/pull/18815 Workarounds Disabling the add-on would avoid misusing this. References Thanks to @Lihfdgjr for reporting this via GitHub...

Server-side Request Forgery (SSRF)

Overview weblate is an A web-based continuous localization system with tight version control integration Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetchurl function in the webhook add-on. An attacker can access internal resources by supplying...

GHSA-F8HV-G549-HWG2 Weblate: SSRF via the webhook add-on using unprotected fetch_url()

Impact The webhook add-on did not utilize existing SSRF protection. Patches https://github.com/WeblateOrg/weblate/pull/18815 Workarounds Disabling the add-on would avoid misusing this. References Thanks to @Lihfdgjr for reporting this via GitHub...