23 matches found
CVE-2026-57031
An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine PFE of Juniper Networks Junos OS on MX Series allows adjacent subscribers to bypass configured firewall filters. On MX Series devices with MPC10/11, LC4800/9600, and MX304 with subscribers...
CVE-2026-57335 WordPress Ads by WPQuads plugin <= 3.0.3 - Broken Access Control vulnerability
Subscriber Broken Access Control in Ads by WPQuads = 3.0.3 versions...
CVE-2026-57328
CVE-2026-57328 is a Subscriber XSS vulnerability in the WordPress Business Directory plugin, affecting versions
CVE-2026-57646
CVE-2026-57646 affects the WordPress Majestic Support plugin (versions
CVE-2026-56064
CVE-2026-56064 describes a Subscriber SQL Injection in the WordPress Tourfic plugin versions ≤ 2.22.5. The connected sources confirm the vulnerability type and affected product; no concrete exploit path, mitigation, or fixed version is provided in the supplied documents. CVSSv3.1 metrics show a b...
CVE-2026-56032 WordPress Buddyboss Platform plugin <= 3.0.4 - PHP Object Injection vulnerability
Subscriber PHP Object Injection in Buddyboss Platform = 3.0.4 versions...
CVE-2026-56005 WordPress WP Activity Log plugin <= 5.6.3.1 - Cross Site Scripting (XSS) vulnerability
Subscriber Cross Site Scripting XSS in WP Activity Log = 5.6.3.1 versions...
CVE-2026-45436 WordPress WPBakery Page Builder plugin <= 8.7.2 - Broken Access Control vulnerability
Subscriber Broken Access Control in WPBakery Page Builder = 8.7.2 versions...
CVE-2025-60223
CVE-2025-60223 affects the WordPress plugin WPBot Pro Wordpress Chatbot (versions
EUVD-2026-37061
The WP Review Slider Pro plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 12.6.8. This is due to missing authorization checks on the wpfbhidereview and wprpsavereviewadmin AJAX handlers combined with insufficient path validation in the wpfbhidereviewaj...
CVE-2026-48964 WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin <= 3.3.6 - SQL Injection vulnerability
Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System = 3.3.6 versions...
CVE-2026-40794
The CVE concerns WordPress plugin myCred ≤ 3.0.3 with a Broken Access Control vulnerability. Affected software: WordPress plugin myCred (versions up to 3.0.3). The provided sources identify the issue but do not disclose the exact root cause, affected functions/files, or concrete impact details be...
CVE-2026-40788
CVE-2026-40788 affects WordPress ChatBot plugin versions
CVE-2026-40788 WordPress ChatBot plugin <= 7.9.7 - Broken Access Control vulnerability
Subscriber Broken Access Control in ChatBot = 7.9.7 versions...
CVE-2026-33904 Ella Core has a Denial of Service via SCTP connection cleanup deadlock
Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, a deadlock in the AMF's SCTP notification handler causes the entire AMF control plane to hang until the process is restarted. An attacker with access to the N2 interface can cause Ella Core to hang, resulting in a denia...
CVE-2025-13110 HUSKY – Products Filter Professional for WooCommerce <= 1.3.7.3 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'woof_add_subscr'
The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.7.3 via the "woofaddsubscr" function due to missing validation on a user controlled key. This makes it possible for authenticat...
CVE-2023-0336
The OoohBoi Steroids for Elementor WordPress plugin before 2.1.5 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber to delete attachment...
CVE-2023-1169
The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to missing authorization due to a missing capability check on the 'fileuploadercallback' function in versions up to, and including, 2.1.4. This makes it possible for subscriber-level attackers to upload image attachments to the...
WordPress Order Attachments for WooCommerce plugin 2.0 - 2.4.1 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary File Upload vulnerability
WordPress Order Attachments for WooCommerce plugin 2.0 - 2.4.1 - Missing Authorization to Authenticated Subscriber+ Limited Arbitrary File Upload vulnerability discovered by luckynoob in WordPress Plugin Order Attachments for WooCommerce versions 2.0 - 2.4.1...
VulnCheck KEV: CVE-2021-24164
In the Ninja Forms Contact Form WordPress plugin before 3.4.34.1, low-level users, such as subscribers, were able to trigger the action, wpajaxnfoauth, and retrieve the connection url needed to establish a connection. They could also retrieve the clientid for an already established OAuth...