📄 WordPress EventPrime 4.2.8.1 Arbitrary File Upload

WordPress EventPrime plugin versions 4.2.8.1 and below suffer from an unauthenticated arbitrary file upload vulnerability. CVE-2026-1657: Unauthenticated Arbitrary File Upload in EventPrime Plugin Disclaimer: This repository is created for educational purposes and ethical disclosure only. The...

PT-2026-30315

The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.3. This is due to the plugin not properly verifying that a user has the upload files capability in the process pattern REST API...

CVE-2026-2633

Summary (CVE-2026-2633) The Gutenberg Blocks with AI by Kadence WP plugin for WordPress (Kadence Blocks) is affected up to version 3.6.1. The vulnerability arises from a missing capability check in the AJAX handler kadence_import_process_image_data, where authorization relies only on edit_posts a...

Cross-site Scripting (XSS)

Overview Kentico.Xperience.Libraries is a package for libraries and applications that use Kentico Xperience API. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the media library file upload feature. An attacker can distribute malicious content by uploading...

Enable SVG < 1.4.0 - Author+ Stored Cross Site Scripting via SVG

The plugin does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads As an author or above, upload the below SVG file via the Media library: alert/XSS/; The XSS will be triggered when accessing the file directly, e...