CVE-2026-25425

Unauthenticated Broken Access Control in User Registration = 5.1.2 versions...

CVE-2026-25425 WordPress User Registration plugin <= 5.1.2 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in User Registration = 5.1.2 versions...

CVE-2026-25425

CVE-2026-25425 concerns the WordPress plugin User Registration (versions ≤ 5.1.2). The connected sources confirm an Unauthenticated Broken Access Control vulnerability in this plugin, affecting its ability to restrict access to certain functions or data. The CVE entry explicitly lists the issue a...

PT-2026-49356

Unauthenticated Broken Access Control in User Registration = 5.1.2 versions...

CVE-2026-1865

The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to SQL Injection via the ‘membershipids’ parameter in all versions up to, and including, 5.1.2 due to...

GHSA-JXX9-PX88-PJ69 n8n-MCP: Multi-tenant MCP requests fall back to process-level n8n credentials when tenant headers are absent or incomplete

Summary When ENABLEMULTITENANT=true, the HTTP transport documents that the target n8n instance is selected per-request from x-n8n-url / x-n8n-key headers. Requests that omitted those headers — or supplied only one of them — silently fell back to the process-level N8NAPIURL / N8NAPIKEY credentials...

WordPress InfusedWoo Pro plugin <= 5.1.2 - Unauthenticated Missing Authorization to Privilege Escalation vulnerability

Unauthenticated Missing Authorization to Privilege Escalation vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin InfusedWoo Pro versions = 5.1.2...

CVE-2026-6512 InfusedWoo Pro <= 5.1.2 - Unauthenticated Missing Authorization to Arbitrary Post Deletion via Multiple Parameters

The InfusedWoo Pro plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.1.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to permanently delete...

CVE-2026-6206

The MW WP Form plugin for WordPress (versions

CVE-2026-6206

The MW WP Form plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 5.1.2 via the getpostpropertyfromquerystring function due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract da...

WordPress plugin MW WP Form 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress MW WP Form plugin <= 5.1.2 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure vulnerability

Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure vulnerability discovered by Kirasec in WordPress Plugin MW WP Form versions = 5.1.2...

CVE-2026-3120 RCE in Profelis Informatics' SambaBox

Improper Control of Generation of Code 'Code Injection' vulnerability in Profelis Information and Consulting Trade and Industry Limited Company SambaBox allows OS Command Injection. This issue affects SambaBox: from 5.1 before 5.3...

PT-2026-31996

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.5.128 Description PraisonAI’s Model Context Protocol MCP integration allows spawning background servers via stdio using user-supplied command strings, such as MCP"npx -y @smithery/cli ...". These commands are...

PraisonAI 参数注入漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.5.128 contained a parameter injection vulnerability. This vulnerability stemmed from the deploy.py script, which did not validate the values containing commas when constructin...

CVE-2026-32356

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in robosoft Robo Gallery robo-gallery allows DOM-Based XSS.This issue affects Robo Gallery: from n/a through = 5.1.2...

CVE-2025-13616

IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used in further attacks against the system...

PT-2026-22816

IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the job subroutine component...

EUVD-2026-8824

The User Registration & Membership plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.2. This is due to incorrect authentication in the 'registermember' function. This makes it possible for unauthenticated attackers to log in a newly registered user ...

CVE-2026-3100

The FTP Backup on the ADM will not properly strictly enforce TLS certificate verification while connecting to an FTP server using FTPES/FTPS. An improper validated TLS/SSL certificates allows a remote attacker can intercept network traffic to perform a Man-in-the-Middle MitM attack, which may...