CVE-2026-7284 Easy Elements for Elementor <= 1.4.4 - Unauthenticated Privilege Escalation via easyel_handle_register

The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to privilege escalation via user registration in all versions up to, and including, 1.4.4. This is due to the 'easyelhandleregister' function not restricting what user roles a user can register with...

CVE-2026-6506

CVE-2026-6506 affects the InfusedWoo Pro plugin for WordPress (up to version 5.1.2) due to the function infusedwoo_gdpr_upddata() lacking authorization and capability checks and not restricting which user meta keys can be updated. This enables authenticated attackers with subscriber-level access ...

PT-2026-40891

The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.1.2. This is due to the infusedwoo gdpr upddata function missing authorization and capability checks, as well as lacking restrictions on which user meta keys can be updated. This...

CVE-2026-0238

Technical details for CVE-2026-0238 are not publicly available in the provided documents. Monitor for updates.

F5 BIG-IP 安全漏洞

F5 BIG-IP is an application delivery platform developed by F5 Technologies in the United States. It integrates functions such as network traffic management, application security management, and load balancing. F5 BIG-IP has a security vulnerability. This vulnerability arises from attackers with...

WordPress Continually plugin <= 4.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by Kazuma Matsumoto - GMO Cybersecurity by IERAE, Inc. in WordPress Plugin Continually versions = 4.3.1...

📄 phpMyFAQ 4.0.16 Improper Authorization

phpMyFAQ versions 4.0.16 and below suffer from an improper authorization vulnerability. Exploit Title: phpMyFAQ = 4.0.16 - Improper Authorization Google Dork: N/A Date: 2026-01-23 Exploit Author: GUIA BRAHIM FOUAD Vendor Homepage: https://www.phpmyfaq.de/ Software Link:...

CI4MS: Blogs Posts (Categories) Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

Summary Vulnerability: Blogs Posts Categories Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS - Stored Cross-Site Scripting via Unsanitized Blog Post Content in Blog Management Categories Description The application fails to properly sanitize user-controlled input wh...

CVE-2026-4484 Masteriyo LMS <= 2.1.6 - Missing Authorization to Authenticated (Student+) Privilege Escalation to Administrator

The Masteriyo LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.6. This is due to the plugin allowing a user to update the user role through the 'InstructorsController::prepareobjectfordatabase' function. This makes it possible for...

DEBIAN-CVE-2026-33549

SPIP 4.4.10 through 4.4.12 before 4.4.13 allows unintended privilege assignment of administrator privileges during the editing of an author data structure because of STATUT mishandling...

CVE-2026-33549

SPIP 4.4.10 through 4.4.12 before 4.4.13 allows unintended privilege assignment of administrator privileges during the editing of an author data structure because of STATUT mishandling...

CVE-2026-33549

SPIP 4.4.10 through 4.4.12 before 4.4.13 allows unintended privilege assignment of administrator privileges during the editing of an author data structure because of STATUT mishandling...

CVE-2026-4261 Expire Users <= 1.2.2 - Authenticated (Subscriber+) Privilege Escalation to Administrator via save_extra_user_profile_fields

The Expire Users plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.2. This is due to the plugin allowing a user to update the 'onexpiredefaulttorole' meta through the 'saveextrauserprofilefields' function. This makes it possible for authenticated...

PT-2026-26880

The Expire Users plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.2. This is due to the plugin allowing a user to update the 'on expire default to role' meta through the 'save extra user profile fields' function. This makes it possible for...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to insufficient validation of permission requirements in the team member roles API endpoint. An attacker can gain unauthorized privilege to demote users to guest status by exploiting this flaw while...

WordPress plugin Datalogics Ecommerce Delivery 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...

Keycloak Server Private SPI: Improper Access Control Allows Administrators to Bypass Attribute Visibility Restrictions and Modify Unmanaged User Profile Attributes

A flaw was found in Keycloak. An administrator with manage-users permission can bypass the "Only administrators can view" setting for unmanaged attributes, allowing them to modify these attributes. This improper access control can lead to unauthorized changes to user profiles, even when the syste...

PT-2026-22316

IM-LogicDesigner module of intra-mart Accel Platform contains insecure deserialization issue. This can be exploited only when IM-LogicDesigner is deployed on the system. Arbitrary code may be executed when some crafted file is imported by a user with the administrative privilege...

CVE-2025-29952

Improper Initialization within the AMD Secure Encrypted Virtualization SEV firmware can allow an admin privileged attacker to corrupt RMP covered memory, potentially resulting in loss of guest memory integrity...

CVE-2025-15100 JAY Login & Register <= 2.6.03 - Authenticated (Subscriber+) Privilege Escalation via jay_panel_ajax_update_profile

The JAY Login & Register plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.6.03. This is due to the plugin allowing a user to update arbitrary user meta through the 'jaypanelajaxupdateprofile' function. This makes it possible for authenticated...