18 matches found
CVE-2026-39688
Missing Authorization vulnerability in Glowlogix WP Frontend Profile wp-front-end-profile allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Frontend Profile: from n/a through = 1.3.9...
CVE-2026-32486
Missing Authorization vulnerability in wptravelengine Travel Booking travel-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Booking: from n/a through = 1.3.9...
CVE-2026-32341
Missing Authorization vulnerability in raratheme Benevolent benevolent allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Benevolent: from n/a through = 1.3.9...
EUVD-2026-10278
A security vulnerability has been detected in Bytedesk up to 1.3.9. This impacts the function getModels of the file source-code/src/main/java/com/bytedesk/ai/springai/providers/openrouter/SpringAIOpenrouterRestService.java of the component SpringAIOpenrouterRestController. Such manipulation of th...
CVE-2026-3748 Bytedesk SVG File UploadRestController.java uploadFile unrestricted upload
A security flaw has been discovered in Bytedesk up to 1.3.9. This affects the function uploadFile of the file source-code/src/main/java/com/bytedesk/core/upload/UploadRestController.java of the component SVG File Handler. Performing a manipulation results in unrestricted upload. Remote exploitati...
CVE-2026-28104
Missing Authorization vulnerability in Aryan Shirani Bid Abadi Site Suggest site-suggest allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Site Suggest: from n/a through = 1.3.9...
CVE-2025-69186
Missing Authorization vulnerability in e-plugins Hospital Doctor Directory hospital-doctor-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hospital Doctor Directory: from n/a through = 1.3.9...
CVE-2025-68057
Missing Authorization vulnerability in e-plugins Hospital Doctor Directory hospital-doctor-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hospital Doctor Directory: from n/a through = 1.3.9...
CVE-2025-69186 WordPress Hospital Doctor Directory plugin <= 1.3.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in e-plugins Hospital Doctor Directory hospital-doctor-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hospital Doctor Directory: from n/a through = 1.3.9...
WordPress Hospital Doctor Directory plugin <= 1.3.9 - Privilege Escalation vulnerability
Privilege Escalation vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Hospital Doctor Directory versions = 1.3.9...
EUVD-2025-26491
Malicious code in bioql PyPI...
WordPress ApplicantPro Plugin <= 1.3.9 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin ApplicantPro versions = 1.3.9...
WordPress Elementor Button Plus plugin <= 1.3.9 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Elementor Button Plus versions = 1.3.9...
WordPress Kenta Gutenberg Blocks plugin <= 1.3.9 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by 4rCanJ0x! Patchstack Alliance in WordPress Plugin Kenta Gutenberg Blocks Responsive Blocks and block templates library for Gutenberg Editor versions = 1.3.9...
WordPress Media Slider plugin <= 1.3.9 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Steven Julian Patchstack Alliance in WordPress Plugin Media Slider – Photo Sleder, Video Slider, Link Slider, Carousal Slideshow versions = 1.3.9...
WordPress Integrate Google Drive plugin <= 1.3.9 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Steven Julian Patchstack Alliance in WordPress Plugin Integrate Google Drive versions = 1.3.9...
WordPress Attesa Extra plugin <= 1.3.9 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Abu Hurayra Patchstack Alliance in WordPress Plugin Attesa Extra versions = 1.3.9...
CVE-2023-25453
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Ian Sadovy WordPress Tables plugin = 1.3.9 versions...