WordPress plugin Auto Affiliate Links 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

PT-2026-43109

Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions 1.6.0 through 1.6.15 Roundcube Webmail versions 1.7.0 through 1.7.0 Description The remote image blocking feature can be bypassed using a crafted CSS var value within an e-mail message. This bypass may result in...

WordPress plugin GamiPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

PT-2026-43141

Name of the Vulnerable Software and Affected Versions WP Chill RSVP and Event Management versions prior to 2.7.17 Description A missing authorization issue exists due to incorrectly configured access control security levels, which allows for broken access control. Recommendations Update to a...

PT-2026-43127

Missing Authorization vulnerability in Nikki Blight QR Redirector allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects QR Redirector: from n/a through 2.0.3...

PT-2026-43145

Name of the Vulnerable Software and Affected Versions MyCryptoCheckout versions prior to 2.162 Description A missing authorization issue in the MyCryptoCheckout plugin allows for the exploitation of incorrectly configured access control security levels, resulting in broken access control...

WordPress plugin Sunshine Photo Cart 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

PT-2026-43104

Missing Authorization vulnerability in Ruben Garcia GamiPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GamiPress: from n/a through 7.6.3...

PT-2026-43156

Name of the Vulnerable Software and Affected Versions Sunshine Photo Cart versions prior to 3.6.8 Description A missing authorization issue in the WP Sunshine Sunshine Photo Cart plugin allows for the exploitation of incorrectly configured access control security levels. This is a broken access...

WordPress plugin MyCryptoCheckout 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

PT-2026-43140

Name of the Vulnerable Software and Affected Versions WP Search Analytics versions prior to 1.5.0 Description A missing authorization issue in the plugin allows for the exploitation of incorrectly configured access control security levels, resulting in broken access control. Recommendations Updat...

WordPress plugin QR Redirector 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

WordPress plugin Newses 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

Broken Object Level Authorization in the Wild: An Empirical Taxonomy from 100+ Bug Bounty Disclosures

Broken Object Level Authorization BOLA is consistently ranked the most critical API security vulnerability, yet the existing literature remains almost entirely conceptual. This paper presents one of the first large-scale empirical analyses of BOLA in publicly disclosed bug bounty reports. We...

PT-2026-43133

Missing Authorization vulnerability in WPPOOL FlexTable allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects FlexTable: from n/a through 3.24.0...

PT-2026-43137

Name of the Vulnerable Software and Affected Versions Autoship Cloud for WooCommerce Subscription Products versions prior to 2.14.1 Description A missing authorization issue exists in the Autoship Cloud for WooCommerce Subscription Products plugin, which allows for the exploitation of incorrectly...

PT-2026-43149

Name of the Vulnerable Software and Affected Versions Smart Coupons for WooCommerce versions prior to 2.3.0 Description A missing authorization issue in WebToffee Smart Coupons for WooCommerce allows for the exploitation of incorrectly configured access control security levels. This is a broken...

PT-2026-43143

Name of the Vulnerable Software and Affected Versions Broadcast Live Video versions prior to 7.1.3 Description Improper Control of Generation of Code allows for Code Injection, which can lead to Remote Code Execution RCE, a state where an attacker can execute arbitrary commands on the target...

PT-2026-43153

Name of the Vulnerable Software and Affected Versions NanoCare versions prior to 1.2.2 Description A missing authorization issue in Linethemes NanoCare allows for the exploitation of incorrectly configured access control security levels, resulting in broken access control. Recommendations Update ...

Linux Distros Unpatched Vulnerability : CVE-2026-32175

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could writ...