WordPress Client Portal (Pro) plugin <= 5.6.2 - Arbitrary File Download vulnerability

Arbitrary File Download vulnerability discovered by Jarno Vos jrn5151 in WordPress Plugin Client Portal Pro versions = 5.6.2...

GHSA-98WM-CXPW-847P Invoice Ninja Denylist Bypass may Lead to Stored XSS via Invoice Line Items

Vulnerability Details Invoice line item descriptions in Invoice Ninja v5.13.0 bypass the XSS denylist filter, allowing stored XSS payloads to execute when invoices are rendered in the PDF preview or client portal. The line item description field was not passed through purify::clean before...

PT-2026-27631

Name of the Vulnerable Software and Affected Versions Invoice Ninja versions 5.13.0 through 5.13.3 Description Invoice Ninja allows for the execution of stored cross-site scripting XSS payloads through invoice line item descriptions in versions 5.13.0 through 5.13.3. The line item description fie...

CVE-2026-25003

Missing Authorization vulnerability in madalin.ungureanu Client Portal client-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Portal: from n/a through = 1.2.1...

CVE-2026-25003

Missing Authorization vulnerability in madalin.ungureanu Client Portal client-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Portal: from n/a through = 1.2.1...

CVE-2026-25003 WordPress Client Portal plugin <= 1.2.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in madalin.ungureanu Client Portal client-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Portal: from n/a through = 1.2.1...

CVE-2026-25003

CVE-2026-25003 affects the WordPress Client Portal plugin (madalin.ungureanu) for WordPress, with versions up to and including 1.2.1. The issue is a Missing Authorization vulnerability arising from incorrectly configured access control security levels, effectively a broken access control defect. ...

CVE-2026-25003

Missing Authorization vulnerability in madalin.ungureanu Client Portal client-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Portal: from n/a through = 1.2.1...

CVE-2026-25003 WordPress Client Portal plugin <= 1.2.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in madalin.ungureanu Client Portal client-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Portal: from n/a through = 1.2.1...

PT-2026-20674

Missing Authorization vulnerability in madalin.ungureanu Client Portal client-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Portal: from n/a through = 1.2.1...

WordPress plugin Client Portal 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. The WordPre...

WordPress Client Portal plugin <= 1.2.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Client Portal versions = 1.2.1...

CVE-2023-25968

Cross-Site Request Forgery CSRF vulnerability in Cozmoslabs, Madalin Ungureanu, Antohe Cristian Client Portal – Private user pages and login plugin = 1.1.8 versions...

EUVD-2014-3296

Malware in sbrugna...

EUVD-2025-11706

Malicious code in bioql PyPI...

EUVD-2023-29855

Malicious code in bioql PyPI...

EUVD-2024-50934

Malicious code in bioql PyPI...

EUVD-2023-42292

Malicious code in bioql PyPI...

CVE-2024-12524

The Clinked Client Portal plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'clinked-login-button' shortcode in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...

CVE-2023-0588

The Catalyst Connect Zoho CRM Client Portal WordPress plugin before 2.1.0 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admin...