46 matches found
CVE-2026-41302
OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functionality that allows remote attackers to make arbitrary network requests. Attackers can exploit unguarded fetch calls to access internal resources or interact with external...
CVE-2026-41302 OpenClaw < 2026.3.31 - Server-Side Request Forgery via Unguarded fetch() in Marketplace Plugin Download
OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functionality that allows remote attackers to make arbitrary network requests. Attackers can exploit unguarded fetch calls to access internal resources or interact with external...
CVE-2026-41302 OpenClaw < 2026.3.31 - Server-Side Request Forgery via Unguarded fetch() in Marketplace Plugin Download
OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functionality that allows remote attackers to make arbitrary network requests. Attackers can exploit unguarded fetch calls to access internal resources or interact with external...
EUVD-2026-24012
OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functionality that allows remote attackers to make arbitrary network requests. Attackers can exploit unguarded fetch calls to access internal resources or interact with external...
CVE-2026-41302
OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functionality that allows remote attackers to make arbitrary network requests. Attackers can exploit unguarded fetch calls to access internal resources or interact with external...
CVE-2026-41297
OpenClaw Open Source project is affected by a server-side request forgery (SSRF) in the marketplace plugin download flow. The marketplace.ts module fails to restrict redirect destinations during archive downloads, allowing an attacker to cause steering of requests to arbitrary internal or externa...
CVE-2026-41297 OpenClaw < 2026.3.31 - Server-Side Request Forgery via Marketplace Plugin Download Redirect
OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functionality that allows attackers to access internal resources by following unvalidated redirects. The marketplace.ts module fails to restrict redirect destinations during archive...
EUVD-2026-24002
OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functionality that allows attackers to access internal resources by following unvalidated redirects. The marketplace.ts module fails to restrict redirect destinations during archive...
CVE-2026-41297 OpenClaw < 2026.3.31 - Server-Side Request Forgery via Marketplace Plugin Download Redirect
OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functionality that allows attackers to access internal resources by following unvalidated redirects. The marketplace.ts module fails to restrict redirect destinations during archive...
PT-2026-33869
OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functionality that allows remote attackers to make arbitrary network requests. Attackers can exploit unguarded fetch calls to access internal resources or interact with external...
PT-2026-33864
OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functionality that allows attackers to access internal resources by following unvalidated redirects. The marketplace.ts module fails to restrict redirect destinations during archive...
CVE-2025-63029 WordPress WCFM Marketplace plugin <= 3.7.1 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WC Lovers WCFM Marketplace wc-multivendor-marketplace allows SQL Injection.This issue affects WCFM Marketplace: from n/a through = 3.7.1...
WordPress WCFM Marketplace plugin <= 3.7.1 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Martino Spagnuolo r3verii in WordPress Plugin WCFM Marketplace versions = 3.7.1...
WordPress plugin WCFM Marketplace 安全漏洞
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin WCFM Marketplace suffers from a SQL injection vulnerability that stems from th...
GHSA-VJX8-8P7H-82GR OpenClaw: Marketplace Plugin Download Follows Redirects Without SSRF Protection
Summary Marketplace Plugin Download Follows Redirects Without SSRF Protection Current Maintainer Triage - Status: open - Normalized severity: medium - Assessment: v2026.3.28 still uses bare redirect-following fetch in src/plugins/marketplace.ts for marketplace archives, and fixed-on-main only doe...
Server-side Request Forgery (SSRF)
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetch process in the marketplace plugin. An attacker can access internal network resources or sensitive information by supplying crafted URLs that...
Server-side Request Forgery (SSRF)
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetch function in the Marketplace Plugin Download process. An attacker can access internal network resources or sensitive endpoints by supplying...
GHSA-9Q7V-8MR7-G23P OpenClaw: SSRF via Unguarded `fetch()` in Marketplace Plugin Download and Ollama Model Discovery
Summary SSRF via Unguarded fetch in Marketplace Plugin Download and Ollama Model Discovery Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: Keep the shipped marketplace archive-fetch SSRF, but narrow out the Ollama half because it is operator-configured and...
OpenClaw: SSRF via Unguarded `fetch()` in Marketplace Plugin Download and Ollama Model Discovery
Summary SSRF via Unguarded fetch in Marketplace Plugin Download and Ollama Model Discovery Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: Keep the shipped marketplace archive-fetch SSRF, but narrow out the Ollama half because it is operator-configured and...
EUVD-2026-14012
The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 5.5.10. This is due to the verifyrole function in AuthTrails.php explicitly whitelisting the wcfmvendor role alongside subscriber and...