CVE-2026-54220

uBB.threads is vulnerable to a Cross-Site Request Forgery CSRF due to a lack of protective mechanisms. This allows an attacker to trick an authenticated user into executing unintended actions. Because vendor contact attempts were unsuccessful, the vulnerability has only been confirmed in version...

CVE-2026-8039 Fancy Testimonials <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting

The Fancy Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'author' shortcode attribute in the 'testimonial' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...

EUVD-2026-37845

The PressPrimer Quiz – AI Quiz Maker, Exam Builder & LMS Assessment Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.3.0 via the 'ruleid' parameter due to missing validation on a user controlled key. This makes it possible for...

CVE-2026-12407 E2Pdf <= 1.32.26 - Missing Authorization to Authenticated (Custom+) Arbitrary Option Update / Privilege Escalation via 'screen_action' Parameter

The E2Pdf – Export Pdf Tool for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.32.26. This is due to the screenaction function lacking a dedicated capability check and nonce verification — when invoked via the ?action=screen routing path...

Broadstreet WordPress plugin - Reflected XSS

Broadstreet WordPress plugin 1.51.8 contains a reflected XSS caused by unsanitised and unescaped parameter output, letting attackers execute scripts against high privilege users such as admin, exploit requires victim interaction. id: CVE-2025-4652 info: name: Broadstreet WordPress plugin -...

LiteLLM - Arbitrary File Read

LiteLLM 1.83.0 contains a broken access control vulnerability caused by lack of admin role enforcement on /config/update endpoint, letting authenticated users modify configurations, execute code, read files, and take over accounts. id: CVE-2026-35029 info: name: LiteLLM - Arbitrary File Read...

pfSense - Arbitrary File Write

diagroutes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the common protection...

WordPress Events Calendar <1.4.5 - Cross-Site Scripting

WordPress Events Calendar plugin before 1.4.5 contains multiple cross-site scripting vulnerabilities. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the...

MagnusBilling Alarm Module - Cross-Site Scripting

Improper neutralization of input during web page generation vulnerability in MagnusSolution MagnusBilling Alarm Module modules allows authenticated stored cross-site scripting. This vulnerability is associated with program files protected/components/MagnusLog.Php.This issue affects MagnusBilling-...

Shield Security Plugin < 20.0.6 - Cross-Site Scripting

The Shield Security WordPress plugin before 20.0.6 contains a reflected cross-site scripting vulnerability. The plugin does not properly sanitize and escape the 'navsub' parameter in the admin dashboard, allowing authenticated users to execute arbitrary JavaScript in the context of other...

DataEase 2.10.4-2.10.7 - Remote Code Execution

DataEase prior to version 2.10.8 contains a remote code execution caused by insecure backend JDBC link handling, letting authenticated users execute arbitrary code, exploit requires user authentication. id: CVE-2025-32966 info: name: DataEase 2.10.4-2.10.7 - Remote Code Execution author: ChrisJr4...

EUVD-2026-37803

In SignalRGB versions prior to 1.3.7.0, the \.\SignalIo device object is created without an explicit SDDL security descriptor and without FILEDEVICESECUREOPEN. This results in overly permissive default access control, allowing any authenticated local user to obtain a handle to the device and issu...

CVE-2026-8049

In SignalRGB versions prior to 1.3.7.0, the \.\SignalIo device object is created without an explicit SDDL security descriptor and without FILEDEVICESECUREOPEN. This results in overly permissive default access control, allowing any authenticated local user to obtain a handle to the device and issu...

CVE-2026-55197

Hermes WebUI before 0.51.443 contains a broken access control vulnerability in the /api/session endpoint that allows authenticated users to disclose cross-profile session transcripts. Attackers can bypass profile boundary checks by directly querying session IDs belonging to other profiles via GET...

WordPress Equalize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 compliance plugin <= 1.42.1 - Missing Authorization to Authenticated (Author+) Arbitrary Accessibility Issue Modification vulnerability

Missing Authorization to Authenticated Author+ Arbitrary Accessibility Issue Modification vulnerability discovered by g0wthr in WordPress Plugin Accessibility Checker by Equalize Digital versions = 1.42.1...

WordPress E2Pdf – Export Pdf Tool for WordPress plugin <= 1.32.26 - Missing Authorization to Authenticated (Custom+) Arbitrary Option Update / Privilege Escalation vulnerability

Missing Authorization to Authenticated Custom+ Arbitrary Option Update / Privilege Escalation vulnerability discovered by endy in WordPress Plugin e2pdf versions = 1.32.26...

WordPress Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin <= 5.0.3 - Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Order Modification vulnerability

Insecure Direct Object Reference to Authenticated Custom+ Arbitrary Order Modification vulnerability discovered by Kirasec in WordPress Plugin Dokan versions = 5.0.3...

CVE-2026-12165 Contest Gallery <= 30.0.2 - Authenticated (Author+) Privilege Escalation via 'RegistryUserRole' Parameter

The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 30.0.2 via the RegistryUserRole parameter. This is due to the plugin's admin menu being registered at the editposts...

CVE-2026-12165

CVE-2026-12165 affects the WordPress plugin “Contest Gallery” (versions

CVE-2026-8089 weMail < 2.1.3 - Reflected Cross-Site Scripting

The weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommerce WordPress plugin before 2.1.3 does not properly escape a user-supplied parameter before reflecting it into an HTML attribute on a non-nonce-protected AJAX response, allowing unauthenticated...