CVE-2026-8598 Unauthenticated Export Service in ZKTeco CCTV Cameras

An undocumented configuration export port is accessible on some models of ZKTeco CCTV cameras. This port does not require authentication and exposes critical information about the camera such as open services and camera account credentials...

CVE-2026-4029 Database Backup for WordPress <= 2.5.2 - Missing Authorization to Unauthenticated Database Export

The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized database export in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorization check. This makes it possible for unauthenticated attackers to...

CVE-2026-4029

The Database Backup for WordPress plugin (WordPress) is affected by unauthorized database export in all versions up to 2.5.2 due to improper enforcement of the authorization check return value. This enables unauthenticated attackers to export database tables, causing Sensitive Information Exposur...

EUVD-2026-30272

The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized database export in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorization check. This makes it possible for unauthenticated attackers to...

PT-2026-40909

The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized database export in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorization check. This makes it possible for unauthenticated attackers to...

CVE-2026-40595 Chartbrew: Incorrect Access Control in public chart and export routes via missing onReport and SharePolicy checks

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes public chart retrieval and export routes that only verify project-level public access and, for exports, a team-level export toggle. Th...

CVE-2026-1867

The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.6 allows passing a URL parameter to regenerate a .json file based on demo data that it initially creates. If an administrator modifies the demo form and enables admin notifications in the Guest posting / Frontend...

PT-2026-24585

🚨 CVE-2026-1867 The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.6 allows passing a URL parameter to regenerate a .json file based on demo data that it initially creates. If an administrator modifies the demo form and enables admin notifications in the Guest posting...

WordPress Relevanssi Premium plugin <= 2.25.0 - Missing Authorization to Unauthenticated Query Log Export vulnerability

Missing Authorization to Unauthenticated Query Log Export vulnerability discovered by Krzysztof Zając - CERT PL in WordPress Plugin Relevanssi Premium versions = 2.25.0...

EUVD-2025-206597

The NEX-Forms – Ultimate Forms Plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the NF5ExportForms class constructor in all versions up to, and including, 9.1.8. This makes it possible for unauthenticated attackers to export form configuration...

CVE-2025-15510

CVE-2025-15510 affects NEX-Forms – Ultimate Forms Plugin for WordPress. The underlying issue is a missing capability check in the NF5_Export_Forms class constructor, allowing unauthenticated users to export form configurations by enumerating nex_forms_Id in all versions up to and including 9.1.8....

PT-2026-5500

The NEX-Forms – Ultimate Forms Plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the NF5 Export Forms class constructor in all versions up to, and including, 9.1.8. This makes it possible for unauthenticated attackers to export form...

PT-2026-4750

The web interface offers a functionality to export the internal SQLite database. After executing the database export, an automatic download is started and the device reboots. After rebooting, the exported database is deleted and cannot be accessed anymore. However, it was noticed that sometimes t...

CVE-2026-22850 Koko Analytics vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import

Koko Analytics is an open-source analytics plugin for WordPress. Versions prior to 2.1.3 are vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import. Unauthenticated visitors can submit arbitrary path pa and referrer r values to the public...

CVE-2026-22850 Koko Analytics vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import

Koko Analytics is an open-source analytics plugin for WordPress. Versions prior to 2.1.3 are vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import. Unauthenticated visitors can submit arbitrary path pa and referrer r values to the public...

CVE-2025-13493

The Latest Registered Users plugin for WordPress is vulnerable to unauthorized user data export in all versions up to, and including, 1.4. This is due to missing authorization and nonce validation in the rndhandleformsubmit function hooked to both adminpostmysimpleform and...

WordPress plugin Contact Form vCard Generator 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

Notification Bar for WordPress <= 1.1.8 – Unauthenticated Subscriber Data Disclosure

Description The plugin exposes an unauthenticated CSV export script that discloses all stored subscriber emails. PoC https://example.com/wp-content/plugins/8-degree-notification-bar/inc/backend/blocks/export-csv.php...

CVE-2025-13493 Latest Registered Users <= 1.4 - Missing Authorization to Unauthenticated Sensitive Information Exposure via User Data Export

The Latest Registered Users plugin for WordPress is vulnerable to unauthorized user data export in all versions up to, and including, 1.4. This is due to missing authorization and nonce validation in the rndhandleformsubmit function hooked to both adminpostmysimpleform and...

WordPress Course Booking System plugin <= 6.1.5 - Missing Authorization to Unauthenticated Booking Data Export vulnerability

Missing Authorization to Unauthenticated Booking Data Export vulnerability discovered by Powpy in WordPress Plugin Course Booking System versions = 6.1.5...