CVE-2026-47784 affecting package memcached for versions less than 1.6.27-5

CVE-2026-47784 affecting package memcached for versions less than 1.6.27-5. A patched version of the package is available...

WordPress MapGeo – Interactive Geo Maps plugin <= 1.6.27 - Interactive Geo Maps <= 1.6.27 - Reflected Cross-Site Scripting vulnerability

Interactive Geo Maps plugin = 1.6.27 - Interactive Geo Maps = 1.6.27 - Reflected Cross-Site Scripting vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Interactive Geo Maps versions = 1.6.27...

EUVD-2025-209837

The MapGeo – Interactive Geo Maps plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'map' parameter in the display-map shortcode in all versions up to, and including, 1.6.27 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-15345 MapGeo - Interactive Geo Maps <= 1.6.27 - Reflected Cross-Site Scripting via 'map' Parameter

The MapGeo – Interactive Geo Maps plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'map' parameter in the display-map shortcode in all versions up to, and including, 1.6.27 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-15345 MapGeo - Interactive Geo Maps <= 1.6.27 - Reflected Cross-Site Scripting via 'map' Parameter

The MapGeo – Interactive Geo Maps plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'map' parameter in the display-map shortcode in all versions up to, and including, 1.6.27 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2026-29828

DooTask v1.6.27 has a Cross-Site Scripting XSS vulnerability in the /manage/project/ page via the input field projectDesc...

CVE-2026-29828

DooTask v1.6.27 has a Cross-Site Scripting XSS vulnerability in the /manage/project/ page via the input field projectDesc...

CVE-2026-29828

DooTask v1.6.27 has a Cross-Site Scripting XSS vulnerability in the /manage/project/ page via the input field projectDesc...

DooTask 安全漏洞

DooTask is a task management tool developed by Kuaifan’s individual developers. Version 1.6.27 of DooTask contains a security vulnerability. This vulnerability stems from improper handling of the projectDesc input field in the /manage/project/ page, which may lead to cross-site scripting attacks...

CVE-2026-3013 Path Traversal in Coppermine Photo Gallery

Coppermine Photo Gallery in versions 1.6.09 through 1.6.27 is vulnerable to path traversal. Unauthenticated remote attacker is able to exploit a vulnerable endpoint and construct payloads that allow to read content of any file accessible by the the web server process.This issue was fixed in versi...

CVE-2026-3013

CVE-2026-3013 affects Coppermine Photo Gallery versions 1.6.09–1.6.27. A path traversal flaw on a vulnerable endpoint allows an unauthenticated attacker to read arbitrary files accessible by the web server process. The underlying issue is a directory/file path handling weakness that exposes sensi...

WordPress weForms plugin <= 1.6.27 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Hidden Field Value via REST API vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via Hidden Field Value via REST API vulnerability discovered by Muhammad Sharief in WordPress Plugin weForms versions = 1.6.27...

CVE-2026-2707

The weForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API entry submission endpoint in all versions up to, and including, 1.6.27. This is due to inconsistent input sanitization between the frontend AJAX handler and the REST API endpoint. When entries are...

EUVD-2026-11100

The weForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API entry submission endpoint in all versions up to, and including, 1.6.27. This is due to inconsistent input sanitization between the frontend AJAX handler and the REST API endpoint. When entries are...

Coppermine Photo Gallery（CPG） 路径遍历漏洞

Coppermine Photo Gallery CPG is a web-based album management system developed by the Coppermine team using PHP. This system offers features such as user management, password-based access to albums, and automatic thumbnail generation. Versions of Coppermine Photo Gallery prior to 1.6.27 had a path...

WordPress plugin weForms 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

PT-2026-1296

Name of the Vulnerable Software and Affected Versions SaasProject Booking Package versions through 1.6.27 Description An issue exists in SaasProject Booking Package related to improper validation of specified quantity in input, potentially allowing access to functionality not properly constrained...

WordPress plugin Booking Package 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

CVE-2024-3609

The ReviewX – Multi-criteria Rating & Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the reviewxremoveguestimage function in all versions up to, and including, 1.6.27. This makes it possible for authenticated...

WordPress ReviewX – Multi-criteria Rating & Reviews for WooCommerce plugin <= 1.6.27 - Missing Authorization vulnerability

Missing Authorization vulnerability discovered by Lucio Sá in WordPress Plugin ReviewX versions = 1.6.27...