CVE-2026-25444

Missing Authorization vulnerability in Magepeople inc. WpBookingly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpBookingly: from n/a through 1.2.9...

Linux Distros Unpatched Vulnerability : CVE-2026-48696

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FastNetMon Community Edition through 1.2.9 has a buffer overflow, a different vulnerability than CVE-2026-48686 and CVE-2026-48689. CVE-2026-48696 Note that...

CVE-2026-25444

CVE-2026-25444 concerns the WordPress plugin WordPress WpBookingly (Magepeople Inc.), affected versions:

CVE-2026-27405 WordPress WpBookingly plugin <= 1.2.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Magepeople inc. WpBookingly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpBookingly: from n/a through 1.2.9...

CVE-2026-32374

The CVE-2026-32374 entry concerns the WordPress theme The Minimal (the_minimal) up to version 1.2.9, with a Missing Authorization vulnerability that allows exploitation due to incorrectly configured access control security levels. The flaw affects The Minimal: from n/a through

CVE-2026-2965 07FLYCMS/07FLY-CMS/07FlyCRM System Extension edit.html cross site scripting

A security flaw has been discovered in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.9. The affected element is an unknown function of the file /admin/SysModule/edit.html of the component System Extension Module. Performing a manipulation of the argument Title results in cross site scripting. The...

WordPress Registration & Login with Mobile Phone Number for WooCommerce plugin <= 1.3.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Registration & Login with Mobile Phone Number for WooCommerce versions = 1.3.1...

CVE-2025-60091 WordPress WP Gravity Forms Zoho CRM and Bigin plugin <= 1.2.9 - Deserialization of untrusted data vulnerability

Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Zoho CRM and Bigin gf-zoho allows Object Injection.This issue affects WP Gravity Forms Zoho CRM and Bigin: from n/a through = 1.2.9...

CVE-2025-62024 WordPress Pie Calendar plugin <= 1.2.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jonathan Jernigan Pie Calendar pie-calendar.This issue affects Pie Calendar: from n/a through = 1.2.9...

CVE-2025-58198

Missing Authorization vulnerability in Xpro Xpro Theme Builder xpro-theme-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Xpro Theme Builder: from n/a through = 1.2.9...

CVE-2025-48308 WordPress Newsletter subscription optin module plugin <= 1.2.9 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in nonletter Newsletter subscription optin module newsletter-subscription-widget-for-sendblaster allows Stored XSS.This issue affects Newsletter subscription optin module: from n/a through = 1.2.9...

WordPress Xpro Theme Builder Plugin <= 1.2.9 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Denver Jackson in WordPress Plugin Xpro Theme Builder versions = 1.2.9...

CVE-2023-33313

Cross-Site Request Forgery CSRF vulnerability in ThemeinProgress WIP Custom Login plugin = 1.2.9 versions...

WordPress Subscribe to Download Lite plugin <= 1.2.9 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Subscribe to Download Lite versions = 1.2.9...

CVE-2023-34375

Unauth. Reflected Cross-Site Scripting XSS vulnerability in 10Web SEO by 10Web plugin = 1.2.9 versions...