CVE-2026-39607

Missing Authorization vulnerability in Wpbens Filter Plus filter-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filter Plus: from n/a through = 1.1.17...

CVE-2026-39607

Missing Authorization vulnerability in Wpbens Filter Plus filter-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filter Plus: from n/a through = 1.1.17...

CVE-2026-39607

Missing Authorization vulnerability in Wpbens Filter Plus filter-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filter Plus: from n/a through = 1.1.17...

CVE-2026-39607 WordPress Filter Plus plugin <= 1.1.17 - Broken Access Control vulnerability

Missing Authorization vulnerability in Wpbens Filter Plus filter-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filter Plus: from n/a through = 1.1.17...

CVE-2026-39607

CVE-2026-39607 relates to the WordPress Filter Plus plugin (versions up to 1.1.17) and represents a Missing Authorization vulnerability due to incorrectly configured access control security levels. Multiple connected sources indicate a broken access control vulnerability that could enable unautho...

WordPress plugin Filter Plus 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

CVE-2025-68023

Missing Authorization vulnerability in Addonify Addonify – Compare Products For WooCommerce addonify-compare-products allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Addonify – Compare Products For WooCommerce: from n/a through = 1.1.17...

WordPress plugin Addonify – Compare Products For WooCommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

CVE-2026-25957

Cube is a semantic layer for building data applications. From 1.1.17 to before 1.5.13 and 1.4.2, it is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. This vulnerability is fixed in 1.5.13 and 1.4.2...

GHSA-9VPH-2HVM-X66G Cube Core is vulnerable to Denial of Service (DoS) via crafted request

Impact It is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. Affected Versions: = 1.1.17 Mitigation: Upgrade to a patched version: - 1.5.13 and later regular release - 1.4.2 active LTS release References The issue was reported by...

CVE-2026-25957 Cube Denial of Service (DoS) - An authenticated attacker can crash the server by sending a specially crafted request

Cube is a semantic layer for building data applications. From 1.1.17 to before 1.5.13 and 1.4.2, it is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. This vulnerability is fixed in 1.5.13 and 1.4.2...

WordPress Custom Made Theme <= 1.1.17 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Tran Nguyen Bao Khanh in WordPress Theme Custom Made versions = 1.1.17...

CVE-2024-27989

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in I Thirteen Web Solution WP Responsive Tabs horizontal vertical and accordion Tabs allows Stored XSS.This issue affects WP Responsive Tabs horizontal vertical and accordion Tabs: from n/a through...

CVE-2025-39548

Cross-Site Request Forgery CSRF vulnerability in A WP Life Right Click Disable OR Ban right-click-disable-or-ban allows Stored XSS.This issue affects Right Click Disable OR Ban: from n/a through = 1.1.17...

CVE-2025-39548 WordPress Right Click Disable OR Ban plugin <= 1.1.17 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in A WP Life Right Click Disable OR Ban right-click-disable-or-ban allows Stored XSS.This issue affects Right Click Disable OR Ban: from n/a through = 1.1.17...

CVE-2025-39548

CVE-2025-39548 corresponds to a CSRF-to-Stored XSS vulnerability in the WordPress plugin Right Click Disable OR Ban (versions up to and including 1.1.17). The connected sources confirm the vulnerability can be triggered via CSRF and leads to stored XSS, affecting the plugin’s behavior. A fix is a...

CVE-2024-30497

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in I Thirteen Web Solution WP Responsive Tabs horizontal vertical and accordion Tabs.This issue affects WP Responsive Tabs horizontal vertical and accordion Tabs: from n/a through 1.1.17...

PT-2024-23423 · WordPress · Wp Responsive Tabs Horizontal Vertical/Accordion Tabs

Name of the Vulnerable Software and Affected Versions: WP Responsive Tabs horizontal vertical and accordion Tabs versions 1.1.17 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows f...

WordPress Travelpayouts Plugin <= 1.1.16 is vulnerable to Open Redirection

Software Travelpayouts Type Plugin Vulnerable versions = 1.1.16 Fixed in 1.1.17 OWASP Top 10 A1: Injection Classification Open Redirection CVE CVE-2024-0337 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 22ec7383525a Credits Krzysztof Zając CERT PL Required privilege...

CVE-2023-49152

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Labs64 Credit Tracker allows Stored XSS.This issue affects Credit Tracker: from n/a through 1.1.17...