927 matches found
WordPress Select All Categories and Taxonomies <1.3.2 - Cross-Site Scripting
WordPress Select All Categories and Taxonomies plugin before 1.3.2 contains a cross-site scripting vulnerability. The settings page of the plugin does not properly sanitize the tab parameter before outputting it back. An attacker can inject arbitrary script in the browser of an unsuspecting user ...
Social Buttons Pack by BestWebSof < 1.1.1 - Cross-Site Scripting
The social-buttons-pack plugin before 1.1.1 for WordPress has multiple XSS issues. id: CVE-2017-18500 info: name: Social Buttons Pack by BestWebSof 1.1.1 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The social-buttons-pack plugin before 1.1.1 for WordPress has...
GHSA-MGQ6-VR84-7M2J OpenClaw: QQBot native approval buttons did not enforce configured approver identity
Summary OpenClaw's QQBot channel can deliver native approval buttons for exec and plugin approvals. In affected releases, the button callback path resolved approvals without enforcing the configured QQBot approver identity. The text command approval path used the authorization check; the issue wa...
EUVD-2025-210351
Contributor Broken Access Control in Forget About Shortcode Buttons = 2.1.3 versions...
CVE-2025-63041
Contributor Broken Access Control in Forget About Shortcode Buttons = 2.1.3 versions...
CVE-2025-63041
CVE-2025-63041 affects the WordPress plugin Forget About Shortcode Buttons (versions
WordPress Forget About Shortcode Buttons plugin <= 2.1.3 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Forget About Shortcode Buttons versions = 2.1.3...
PT-2026-52709
Name of the Vulnerable Software and Affected Versions Forget About Shortcode Buttons versions prior to 2.1.4 Description Broken access control allows contributors to perform unauthorized actions within the software. Recommendations Update to a version newer than 2.1.3...
CVE-2026-49082
Subscriber Sensitive Data Exposure in Chatway Live Chat AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons = 1.4.8 versions...
CVE-2026-34904
Cross-Site Request Forgery CSRF vulnerability in Analytify Simple Social Media Share Buttons allows Cross Site Request Forgery.This issue affects Simple Social Media Share Buttons: from n/a through 6.2.0...
WordPress Chatway Live Chat – AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons plugin <= 1.4.8 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by dodoh4t in WordPress Plugin Chatway Live Chat AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons versions = 1.4.8...
CVE-2026-35630
OpenClaw before 2026.5.18 contains an authorization bypass vulnerability in QQBot native approval buttons that fails to enforce configured approver identity. Non-approver users can click approval buttons to resolve pending exec or plugin approval requests without proper authorization...
Missing Authorization
Overview @openclaw/qqbot is an OpenClaw QQ Bot channel plugin for group and direct-message workflows. Affected versions of this package are vulnerable to Missing Authorization in the QQBot native approval buttons process. An attacker can gain unauthorized access to resolve pending exec or plugin...
Missing Authorization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authorization in the QQBot native approval buttons process. An attacker can gain unauthorized access to resolve pending exec or plugin approval requests by interacting with approv...
CVE-2026-35630
OpenClaw before 2026.5.18 contains an authorization bypass vulnerability in QQBot native approval buttons that fails to enforce configured approver identity. Non-approver users can click approval buttons to resolve pending exec or plugin approval requests without proper authorization...
CVE-2026-35630 OpenClaw < 2026.5.18 - QQBot Missing Approver Identity Enforcement in Native Approval Buttons
OpenClaw before 2026.5.18 contains an authorization bypass vulnerability in QQBot native approval buttons that fails to enforce configured approver identity. Non-approver users can click approval buttons to resolve pending exec or plugin approval requests without proper authorization...
CVE-2026-35630 OpenClaw < 2026.5.18 - QQBot Missing Approver Identity Enforcement in Native Approval Buttons
OpenClaw before 2026.5.18 contains an authorization bypass vulnerability in QQBot native approval buttons that fails to enforce configured approver identity. Non-approver users can click approval buttons to resolve pending exec or plugin approval requests without proper authorization...
EUVD-2026-33335
OpenClaw before 2026.5.18 contains an authorization bypass vulnerability in QQBot native approval buttons that fails to enforce configured approver identity. Non-approver users can click approval buttons to resolve pending exec or plugin approval requests without proper authorization...
CVE-2026-35630
OpenClaw OpenClaw before 2026.5.18 has an authorization bypass in QQBot native approval buttons that does not enforce the configured approver identity. Non-approvers can click approval buttons to resolve pending exec or plugin approval requests without proper authorization. Affected product: Open...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Platform/x86: intel-vbtn – Protect the ACPI notify handler from racing with itself Since the commit e2ffcda16290 “ACPI: OSL: Allow Notify handlers to run on all CPUs”, ACPI notify handlers like intel-vbtn’s notifyhandler may run ...