839 matches found
CVE-2026-7526 PDF Embedder <= 4.9.3 - Authenticated (Contributor+) Information Exposure via Block Editor Page
The PDF Embedder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.9.3 via the enqueueblockassets. This makes it possible for authenticated attackers, with contributor-level access and above, to extract configuration data. License key...
CVE-2026-7526 PDF Embedder <= 4.9.3 - Authenticated (Contributor+) Information Exposure via Block Editor Page
The PDF Embedder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.9.3 via the enqueueblockassets. This makes it possible for authenticated attackers, with contributor-level access and above, to extract configuration data. License key...
CVE-2026-7526
The CVE-2026-7526 entry concerns the WordPress PDF Embedder plugin (versions up to and including 4.9.3). The vulnerability is a Sensitive Information Exposure via enqueue_block_assets, allowing authenticated attackers with contributor-level access and above to extract configuration data. License ...
CVE-2026-7526
The PDF Embedder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.9.3 via the enqueueblockassets. This makes it possible for authenticated attackers, with contributor-level access and above, to extract configuration data. License key...
PT-2026-44218
The PDF Embedder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.9.3 via the enqueue block assets. This makes it possible for authenticated attackers, with contributor-level access and above, to extract configuration data. License key...
EUVD-2026-32060
The auto making JSON-LD plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the amJLcertification function. This makes it possible for unauthenticated attackers to update the plugin's...
CVE-2026-8938 auto making JSON-LD <= 4.5.3 - Cross-Site Request Forgery to Plugin Certification Settings via Nonce Validation Bypass
The auto making JSON-LD plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the amJLcertification function. This makes it possible for unauthenticated attackers to update the plugin's...
CVE-2026-8938
The CVE-2026-8938 entry concerns the WordPress plugin “auto making JSON-LD” (versions
CVE-2026-8938 auto making JSON-LD <= 4.5.3 - Cross-Site Request Forgery to Plugin Certification Settings via Nonce Validation Bypass
The auto making JSON-LD plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the amJLcertification function. This makes it possible for unauthenticated attackers to update the plugin's...
PT-2026-43534
The auto making JSON-LD plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the amJL certification function. This makes it possible for unauthenticated attackers to update the plugin'...
Malicious code in hpsetup (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16ed0c34d69e1ea3c5052e3eed20b87fc47e8d4bf1393f7117d34b847347e12c When npx hpsetup runs, the tool fetches a tarball from https://hpsetup-cdn.932324.xyz/api/tarball//?key= and extracts it directly into...
MAL-2026-4579 Malicious code in hpsetup (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16ed0c34d69e1ea3c5052e3eed20b87fc47e8d4bf1393f7117d34b847347e12c When npx hpsetup runs, the tool fetches a tarball from https://hpsetup-cdn.932324.xyz/api/tarball//?key= and extracts it directly into...
CVE-2026-1631
The Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4 is vulnerable to unauthorized modification of the Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4's license key due to a missing capability check on the...
CVE-2026-1631
The CVE-2026-1631 entry affects the Feeds for YouTube WordPress plugin prior to version 2.6.4. The root cause is a missing capability check in the 'actions' function, allowing subscribers and higher roles to perform unauthorized modifications to the plugin’s license key. The impact is license key...
CVE-2026-1631 Feeds for YouTube < 2.6.4 - Subscriber+ License Data Deletion
The Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4 is vulnerable to unauthorized modification of the Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4's license key due to a missing capability check on the...
CVE-2026-1631 Feeds for YouTube < 2.6.4 - Subscriber+ License Data Deletion
The Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4 is vulnerable to unauthorized modification of the Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4's license key due to a missing capability check on the...
CVE-2026-1631
The Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4 is vulnerable to unauthorized modification of the Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4's license key due to a missing capability check on the...
EUVD-2026-30735
The Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4 is vulnerable to unauthorized modification of the Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4's license key due to a missing capability check on the...
PT-2026-41635
The Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4 is vulnerable to unauthorized modification of the Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4's license key due to a missing capability check on the...
MINI-J3W9-VJGC-V5RF
Bulletin has no description...