444 matches found
CVE-2026-2354 Swiss Toolkit For WP <= 1.4.6 - Authenticated (Author+) Arbitrary File Upload via upload_extension_files()
The Swiss Toolkit For WP plugin for WordPress is vulnerable to arbitrary file upload due to a flawed file type validation bypass in the uploadextensionfiles function in all versions up to, and including, 1.4.6. The uploadextensionfiles function hooks into WordPress's wpcheckfiletypeandext filter...
EUVD-2026-42228
The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Event Calendar widget in all versions up to, and including, 6.6.2 due to insufficient input sanitization and output escaping on event titles sourced...
CVE-2026-6101
The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Arbitrary File Write in versions up to and including 1.1.12. This is due to unsafe ZIP file extraction in the ampforwpsavelocalfont function combined with inadequate cleanup that fails to remove nested directories and...
CVE-2026-6101 AMP for WP <= 1.1.12 - Authenticated (Author+) Arbitrary File Write via Role-Based Access Configuration with Local Font Upload
The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Arbitrary File Write in versions up to and including 1.1.12. This is due to unsafe ZIP file extraction in the ampforwpsavelocalfont function combined with inadequate cleanup that fails to remove nested directories and...
Coder's workspace app upsert allows cross-workspace agent rebinding via user-controlled app ID
Summary UpsertWorkspaceApp overwrites an existing app's agentid on a primary-key conflict and insertAgentApp accepts the app ID from the provisioner's CompleteJob payload without verifying it belongs to the workspace being built. CompleteJob runs under dbauthz.AsProvisionerd so the authorization...
CVE-2026-7311
The TinyPNG – JPEG, PNG & WebP image compression plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteconvertedimagesize function in all versions up to, and including, 3.6.13. This makes it possible for authenticated attackers, with...
CVE-2026-10089
The Insert Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post custom field keys meta key names in all versions up to, and including, 3.11.4. This is due to insufficient output escaping in the themeta function: while the custom field VALUE is sanitized with wpksespost...
EUVD-2026-41252
The yootheme WordPress theme before 5.0.35 does not prevent its bundled front-end framework from treating certain HTML attributes, which are permitted by wpksespost, as markup, allowing users with the Author role to perform Stored Cross-Site Scripting attacks that execute in the browser of any us...
EUVD-2026-41249
The Insert Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post custom field keys meta key names in all versions up to, and including, 3.11.4. This is due to insufficient output escaping in the themeta function: while the custom field VALUE is sanitized with wpksespost...
CVE-2026-5821
The CVE-2026-5821 entry details a vulnerability in the WordPress Image Optimizer plugin (versions up to 1.7.4). The root cause is insufficient path validation in Image_Backup::remove(), where backup file paths stored in the image_optimizer_metadata post meta are used directly for deletion without...
EUVD-2026-41247
The Image Optimizer plugin for WordPress is vulnerable to arbitrary file deletion in versions up to and including 1.7.4. This is due to insufficient path validation in the ImageBackup::remove function where backup file paths stored in post meta are used directly in file deletion operations withou...
PT-2026-55284
Name of the Vulnerable Software and Affected Versions TinyPNG – JPEG, PNG & WebP image compression plugin for WordPress versions prior to 3.6.14 Description Insufficient file path validation in the delete converted image size function allows authenticated attackers with author-level access or...
CVE-2026-10096
The Qi Blocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.4.9 via the 'pageid' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with author-level access and above, t...
CVE-2026-10096
The Qi Blocks WordPress plugin is vulnerable to Insecure Direct Object Reference in all versions up to and including 1.4.9 via the page_id parameter. Authenticated users with author-level access can modify stored Qi Blocks styles on arbitrary posts, templates, or widgets, including site-wide surf...
EUVD-2026-40936
The Qi Blocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.4.9 via the 'pageid' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with author-level access and above, t...
EUVD-2026-40909
The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.0.21. This is due to insufficient output escaping and missing server-side validation of the Animated Box widget's animationeffect setting before it is rendered inside a...
EUVD-2026-40888
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blockid' and other shortcode attributes of the 'givewpcampaigncomments' shortcode in versions up to, and including, 4.16.0. This is due to insufficient input sanitizati...
CVE-2026-8380
The CVE-2026-8380 issue affects the Frontend File Manager (nmedia-user-file-uploader) WordPress plugin
CVE-2026-9620
The WP Latest Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via crafted image src attributes in post content in versions up to, and including, 5.0.11. This is due to insufficient output escaping in the field and loop functions, which extract the raw src attribute value...
EUVD-2026-38684
The WP Latest Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via crafted image src attributes in post content in versions up to, and including, 5.0.11. This is due to insufficient output escaping in the field and loop functions, which extract the raw src attribute value...