CVE-2026-3173

The Meta Field Block plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.5.1. This is due to the plugin allowing users to specify arbitrary object IDs and object types via block attributes without validating whether the authenticated user...

Rails 安全漏洞

Rails is an open-source web application framework based on the Ruby language, developed by the Rails team in the United States. Security vulnerabilities exist in versions of Rails prior to 8.1.2.1, 8.0.4.1, and 7.2.3.1. These vulnerabilities stem from the acceptance and persistence of arbitrary...

PT-2026-27259

Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, DirectUploadsController accepts arbitrary metadata from the client and persists it on the blob. Because internal flags like identified and analyzed are stored in the...

XML Injection

jsPDF is vulnerable to XML Injection. The vulnerability is due to improper input sanitization in the addMetadata function, which allows an attacker to inject arbitrary XMP metadata into generated PDFs and compromise their integrity when the input is unsanitized...

WordPress Gallery by FooGallery plugin <= 3.1.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Gallery Metadata Exposure vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Gallery Metadata Exposure vulnerability discovered by s00me00ne in WordPress Plugin FooGallery versions = 3.1.9...

WordPress EventON plugin < 4.5.6 - Unauthenticated Arbitrary Post Metadata Update vulnerability

Unauthenticated Arbitrary Post Metadata Update vulnerability discovered by Erwan LR WPScan in WordPress Plugin EventON versions 4.5.6...

WordPress Tainacan plugin <= 1.0.1 - Missing Authorization to Unauthenticated Arbitrary Metadata Section Creation vulnerability

Missing Authorization to Unauthenticated Arbitrary Metadata Section Creation vulnerability discovered by Deadbee - NA in WordPress Plugin Tainacan versions = 1.0.1...

CVE-2023-6630

The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the CF7getcustomfield and CF7getcurrentuser shortcodes due to missing validation on a user controlled key. This makes it possible for...

Custom Field Template < 2.6.2 - Authenticated(Contributor+) Information Exposure

Description The Custom Field Template plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.1 via the 'cft' shortcode. This makes it possible for authenticated attackers with contributor access and above, to extract sensitive data including...

Input validation

The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the CF7getcustomfield and CF7getcurrentuser shortcodes due to missing validation on a user controlled key. This makes it possible for...

CVE-2023-6630 Contact Form 7 – Dynamic Text Extension <= 4.1.0 - Insecure Direct Object Reference

The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the CF7getcustomfield and CF7getcurrentuser shortcodes due to missing validation on a user controlled key. This makes it possible for...

PT-2024-15032 · WordPress · Contact Form 7 – Dynamic Text Extension

Name of the Vulnerable Software and Affected Versions: Contact Form 7 – Dynamic Text Extension plugin for WordPress versions up to, and including, 4.1.0 Description: The issue allows authenticated attackers with contributor access or higher to access arbitrary metadata of any post type, referenci...

GHSA-267V-3V32-G6Q5 Cross-site Scripting via missing Binding syntax validation

Impact The package does not validate the ACS Location URI according to the SAML binding being parsed. If abused, this flaw allows attackers to register malicious Service Providers at the IdP and inject Javascript in the ACS endpoint definition, achieving Cross-Site-Scripting XSS in the IdP contex...

openstack-barbican: Barbican allows authenticated users to add/modify/delete arbitrary metadata on any secret

An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data,...

Cross site request forgery (csrf)

The Contact Form Advanced Database WordPress plugin through 1.0.8 does not have any authorisation as well as CSRF checks in its deletecf7data and exportcf7data AJAX actions, available to any authenticated users, which could allow users with a role as low as subscriber to call them. The...

PT-2021-16285 · WordPress · Contact Form Advanced Database

Name of the Vulnerable Software and Affected Versions: Contact Form Advanced Database WordPress plugin versions 1.0.8 and earlier Description: The issue concerns the lack of authorization and CSRF checks in the delete cf7 data and export cf7 data AJAX actions, which are accessible to any...

UBUNTU-CVE-2015-4165

The snapshot API in Elasticsearch before 1.6.0 when another application exists on the system that can read Lucene files and execute code from them, is accessible by the attacker, and the Java VM on which Elasticsearch is running can write to a location that the other application can read and...