319 matches found
CVE-2026-3892
The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.4.107. This is due to insufficient file path validation in the become-dealer logo upload flow. The plugin allows any authenticated user to...
CVE-2026-3892
The Motors – Car Dealership & Classified Listings Plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to 1.4.107 due to insufficient file path validation in the become-dealer logo upload flow. An authenticated user with subscriber+ access can set an arbitrary filesyst...
CVE-2026-3892 Motors – Car Dealer, Classifieds & Listing <= 1.4.107 - Authenticated (Subscriber+) Arbitrary File Deletion via 'stm_dealer_logo_path' Parameter
The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.4.107. This is due to insufficient file path validation in the become-dealer logo upload flow. The plugin allows any authenticated user to...
CVE-2026-42562 Plainpad: Privilege Escalation via Writable Admin Field in Profile Update (Access Control)
Plainpad is a self hosted note taking app. Prior to version 1.1.1, Plainpad allows a low-privilege authenticated user to self-escalate to administrator by submitting admin=true in PUT /api.php/v1/users/id. The endpoint directly persists the admin attribute from user input, and the escalated accou...
CVE-2026-42562 Plainpad: Privilege Escalation via Writable Admin Field in Profile Update (Access Control)
Plainpad is a self hosted note taking app. Prior to version 1.1.1, Plainpad allows a low-privilege authenticated user to self-escalate to administrator by submitting admin=true in PUT /api.php/v1/users/id. The endpoint directly persists the admin attribute from user input, and the escalated accou...
CVE-2026-42562
Plainpad (self-hosted note-taking app) is affected prior to version 1.1.1. A low-privilege, authenticated user can escalate to administrator by submitting admin=true in PUT /api.php/v1/users/{id}; the endpoint stores the admin attribute from user input, allowing immediate access to admin-only rou...
CVE-2026-7457
The CVE-2026-7457 entry concerns the WordPress LatePoint plugin (versions up to 5.5.0). The root cause is insufficient input sanitization on the customer cabinet profile update endpoint: raw POST fields (first_name, last_name, phone, notes) bypass sanitization because OsCustomerModel does not ove...
CVE-2026-7457 LatePoint <= 5.5.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Customer Cabinet Profile Update
The LatePoint plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to and including 5.5.0. This is due to insufficient input sanitization on the customer cabinet profile update endpoint — where raw POST parameters firstname, lastname, phone, notes bypass sanitizati...
CVE-2026-7457 LatePoint <= 5.5.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Customer Cabinet Profile Update
The LatePoint plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to and including 5.5.0. This is due to insufficient input sanitization on the customer cabinet profile update endpoint — where raw POST parameters firstname, lastname, phone, notes bypass sanitizati...
CVE-2026-7457
The LatePoint plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to and including 5.5.0. This is due to insufficient input sanitization on the customer cabinet profile update endpoint — where raw POST parameters firstname, lastname, phone, notes bypass sanitizati...
PT-2026-37353
The LatePoint plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to and including 5.5.0. This is due to insufficient input sanitization on the customer cabinet profile update endpoint — where raw POST parameters first name, last name, phone, notes bypass...
CVE-2026-7641 Import and export users and customers <= 2.0.8 - Authenticated (Subscriber+) Privilege Escalation via Multisite Capability Meta Fields
The Import and export users and customers plugin for WordPress is vulnerable to Privilege Escalation in all versions up to and including 2.0.8 via the saveextrauserprofilefields function. This is due to an incomplete blocklist that correctly restricts capability meta keys for the primary site e.g...
EUVD-2026-26740
The Import and export users and customers plugin for WordPress is vulnerable to Privilege Escalation in all versions up to and including 2.0.8 via the saveextrauserprofilefields function. This is due to an incomplete blocklist that correctly restricts capability meta keys for the primary site e.g...
CVE-2026-7641
The WordPress plugin Import and export users and customers (versions ≤ 2.0.8) is vulnerable to Privilege Escalation. The root cause is an incomplete blocklist for multisite capability meta keys: primary-site keys (e.g., wp_capabilities, wp_user_level) are blocked, but multisite keys (e.g., wp_2_c...
CVE-2026-7106
The Highland Software Custom Role Manager plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 1.0.0. This is due to insufficient authorization checks in the hscrmsaveuserroles function, which is hooked to the personaloptionsupdate action accessible by any...
CVE-2026-7106
The vulnerability CVE-2026-7106 affects the Highland Software Custom Role Manager plugin for WordPress (versions up to and including 1.0.0). The root cause is insufficient authorization checks in the hscrm_save_user_roles() function, hooked to the personal_options_update action. This action is ac...
Camaleon CMS 2.9.1 Automated Admin Login, Version Detection, and Profile Update Script
This is a version detection and profile updating script for Camaleon CMS. It does not exploit any issue but can be useful for security testing to see if a vulnerable version is in use...
CVE-2026-5465
The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.3. This is due to the UpdateProviderCommandHandler failing to validate changes to the externalId field when a Provider Employe...
CVE-2026-5465
Summary (technical): The Amelia Booking for Appointments and Events Calendar WordPress plugin (versions ≤ 2.1.3) is affected by an Insecure Direct Object Reference (IDOR) in the UpdateProviderCommandHandler. The handler does not validate ownership when a Provider (Employee) user updates their pro...
CVE-2026-5465
The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.3. This is due to the UpdateProviderCommandHandler failing to validate changes to the externalId field when a Provider Employe...