CVE-2026-1910 UpMenu <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'upmenu-menu' Shortcode 'lang' Attribute

The UpMenu – Online ordering for restaurants plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lang' attribute of the 'upmenu-menu' shortcode in all versions up to, and including, 3.1. This is due to insufficient input sanitization and output escaping on user supplied...

CVE-2019-25314 Duplicate-Post 3.2.3 - Persistent Cross-Site Scripting

Yoast Duplicate-Post WordPress Plugin 3.2.3 contains a persistent cross-site scripting vulnerability in plugin settings parameters. Attackers can inject malicious scripts into title prefix, suffix, menu order, and blacklist fields to execute arbitrary JavaScript in admin interfaces...

CVE-2019-25314

The CVE describes a persistent cross-site scripting (XSS) flaw in the Duplicate-Post WordPress Plugin version 3.2.3, affecting plugin settings parameters. An attacker can inject JavaScript into fields such as title prefix, suffix, menu order, and blacklist, causing code execution in admin interfa...

CVE-2026-1786

The Twitter posts to Blog plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'dgtwoptions' function in all versions up to, and including, 1.11.25. This makes it possible for unauthenticated attackers to update plugin settings including...

WordPress Master Addons plugin <= 2.0.6.1 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting via Navigation Menu Widget vulnerability

Missing Authorization to Unauthenticated Stored Cross-Site Scripting via Navigation Menu Widget vulnerability discovered by Webbernaut in WordPress Plugin Master Addons for Elementor versions = 2.0.6.1...

CVE-2026-1786 Twitter posts to Blog <= 1.11.25 - Missing Authorization to Unauthenticated Plugin Settings Update

The Twitter posts to Blog plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'dgtwoptions' function in all versions up to, and including, 1.11.25. This makes it possible for unauthenticated attackers to update plugin settings including...

PT-2026-7608

Duplicate-Post WordPress Plugin 3.2.3 contains a persistent cross-site scripting vulnerability in plugin settings parameters. Attackers can inject malicious scripts into title prefix, suffix, menu order, and blacklist fields to execute arbitrary JavaScript in admin interfaces...

CVE-2026-2079

A flaw has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This vulnerability affects the function addMenu/updateMenu/deleteMenu of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\MenuController.java of the component Menu Management. Executi...

CVE-2026-2079

A flaw has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This vulnerability affects the function addMenu/updateMenu/deleteMenu of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\MenuController.java of the component Menu Management. Executi...

CVE-2026-2079

A flaw has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This vulnerability affects the function addMenu/updateMenu/deleteMenu of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\MenuController.java of the component Menu Management. Executi...

CVE-2026-2079 yeqifu warehouse Menu Management MenuController.java deleteMenu improper authorization

A flaw has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This vulnerability affects the function addMenu/updateMenu/deleteMenu of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\MenuController.java of the component Menu Management. Executi...

CVE-2026-2079 yeqifu warehouse Menu Management MenuController.java deleteMenu improper authorization

A flaw has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This vulnerability affects the function addMenu/updateMenu/deleteMenu of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\MenuController.java of the component Menu Management. Executi...

CVE-2026-2079

A flaw has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This vulnerability affects the function addMenu/updateMenu/deleteMenu of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\MenuController.java of the component Menu Management. Executi...

EUVD-2026-5734

A flaw has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This vulnerability affects the function addMenu/updateMenu/deleteMenu of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\MenuController.java of the component Menu Management. Executi...

CVE-2026-2079

The CVE-2026-2079 entries identify yeqifu warehouse as affected, specifically the Menu Management component. Affected code paths are the functions addMenu, updateMenu, and deleteMenu in MenuController.java under dataset/repos/warehouse/src/main/java/com/yeqifu/sys/controller, where a manipulation...

warehouse 授权问题漏洞

Warehouse is a small-scale warehouse logistics management system developed by Yeqifu, based on Spring Boot. There are authorization issues in Warehouse; these issues stem from improper authorization in menu management...

PT-2026-6897

Name of the Vulnerable Software and Affected Versions yeqifu warehouse affected versions not specified Description A flaw exists that can lead to improper authorization. The issue affects the addMenu, updateMenu, and deleteMenu functions within the MenuController.java file located in the...

CVE-2026-0867 Essential Widgets <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes

The Essential Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ew-author, ew-archive, ew-category, ew-page, and ew-menu shortcodes in all versions up to, and including, 3.0 due to insufficient input sanitization and output escaping on user supplied...

PT-2026-6024

Name of the Vulnerable Software and Affected Versions Essential Widgets plugin for WordPress versions up to and including 3.0 Description The Essential Widgets plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to insufficient input sanitization and output escaping on...

openSUSE 16 : Recommended update for gimp (SUSE-SU-openSUSE-RU-2026:20168-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-openSUSE-RU-2026:20168-1 advisory. Changes in gimp: - Update to 3.0.8 - Font Loading Performance - Improvements in start-up time for users with a large number of fonts was...