CVE-2026-1801 Libsoup: libsoup: http request smuggling via malformed chunk headers

A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling vulnerability arises from non-RFC-compliant parsing in the soupfilterinputstreamreadline logic, where libsoup accepts malformed chunk headers, such as lone line feed LF characters instead of the required...

WordPress NP Quote Request for WooCommerce plugin <= 1.9.179 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure vulnerability

Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure vulnerability discovered by Tim Coen in WordPress Plugin NP Quote Request for WooCommerce versions = 1.9.179...

PT-2023-23634 · WordPress · Wp Mail Smtp Pro

Name of the Vulnerable Software and Affected Versions: WP Mail SMTP Pro plugin for WordPress versions up to, and including, 3.8.0 Description: The issue is related to a missing capability check on the is print page function, which allows unauthorized access to data. This makes it possible for...

Authorization

The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.1 does not have proper authorization or nonce values for some POST requests, leading to unauthenticated data disclosure...

CVE-2023-0812 Active Directory Integration / LDAP Integration < 4.1.1 - Unauthenticated Data Disclosure

The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.1 does not have proper authorization or nonce values for some POST requests, leading to unauthenticated data disclosure...

CVE-2023-0812

CVE-2023-0812 affects the WordPress plugin Active Directory Integration / LDAP Integration (pre-4.1.1). The issue is unauthenticated data disclosure due to improper authorization or nonce handling on certain POST requests. A fix exists in version 4.1.1; affected users should upgrade to 4.1.1 or l...

Active Directory Integration / LDAP Integration < 4.1.1 - Unauthenticated Data Disclosure

The plugin does not have proper authorization or nonce values for some POST requests, leading to unauthenticated data disclosure. In version 4.1.0 a nonce check was added to the request, but it still lacked authorization. PoC The admininit hook calls MoLdapLocalLogin class loginwidgetsaveoptions...

CVE-2020-13772

In /ldclient/ldprov.cgi in Ivanti Endpoint Manager through 2020.1.1, an attacker is able to disclose information about the server operating system, local pathnames, and environment variables with no authentication required...