Masteriyo LMS <= 1.7.2 - Unauthenticated Privilege Escalation

The Masteriyo LMS – eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the updateloggedinuser function in all versions up to, and including, 1.7.2. This makes it possible for unauthenticated attackers t...

CVE-2026-39617

Cross-Site Request Forgery CSRF vulnerability in priyanshumittal Bluestreet bluestreet allows Cross Site Request Forgery.This issue affects Bluestreet: from n/a through = 1.7.3...

EUVD-2026-20257

Cross-Site Request Forgery CSRF vulnerability in priyanshumittal Bluestreet bluestreet allows Cross Site Request Forgery.This issue affects Bluestreet: from n/a through = 1.7.3...

CVE-2026-39617

Cross-Site Request Forgery CSRF vulnerability in priyanshumittal Bluestreet bluestreet allows Cross Site Request Forgery.This issue affects Bluestreet: from n/a through = 1.7.3...

CVE-2026-39617

Cross-Site Request Forgery CSRF vulnerability in priyanshumittal Bluestreet bluestreet allows Cross Site Request Forgery.This issue affects Bluestreet: from n/a through = 1.7.3...

CVE-2026-39617

CVE-2026-39617 is a CSRF vulnerability in the WordPress Bluestreet theme (

CVE-2026-39617 WordPress Bluestreet theme <= 1.7.3 - Cross Site Request Forgery (CSRF) to Arbitrary Plugin Installation vulnerability

Cross-Site Request Forgery CSRF vulnerability in priyanshumittal Bluestreet bluestreet allows Cross Site Request Forgery.This issue affects Bluestreet: from n/a through = 1.7.3...

PT-2026-31182

CVE-2026-39617 Cross-Site Request Forgery CSRF vulnerability in priyanshumittal Bluestreet bluestreet allows Cross Site Request Forgery.This issue affects Bluestreet: from n/a thr… https://t.co/knb648iPTF...

EUVD-2025-208860

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tagDiv tagDiv Opt-In Builder allows Reflected XSS.This issue affects tagDiv Opt-In Builder: from n/a through 1.7.3...

CVE-2025-53222 WordPress tagDiv Opt-In Builder plugin <= 1.7.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tagDiv tagDiv Opt-In Builder td-subscription allows Reflected XSS.This issue affects tagDiv Opt-In Builder: from n/a through = 1.7.3...

CVE-2025-53222

CVE-2025-53222 affects tagDiv Opt-In Builder (td-subscription) and is a Reflected XSS in input that is generated into web pages. Affected versions are from unspecified starting point up to and including 1.7.3. The issue has a CVSS v3.1 base score of 7.1 ( HIGH ), with network attack vector, low t...

CVE-2025-53222 WordPress tagDiv Opt-In Builder plugin <= 1.7.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tagDiv tagDiv Opt-In Builder td-subscription allows Reflected XSS.This issue affects tagDiv Opt-In Builder: from n/a through = 1.7.3...

WordPress plugin tagDiv Opt-In Builder 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

Albert Health 安全漏洞

Albert Health is a health management application developed by Albert Health Corporation. Versions of Albert Health prior to 1.7.3 contain security vulnerabilities. These vulnerabilities stem from improper handling of the resources/assets/service-account.json file associated with the Google Cloud...

CVE-2026-30942

A flaw was found in Flare, a file sharing platform. An authenticated path traversal vulnerability exists in the /api/avatars/filename endpoint, allowing a logged-in user to read arbitrary files from the application container. This occurs because the filename parameter is not properly sanitized,...

CVE-2026-30942

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to 1.7.3, an authenticated path traversal vulnerability in /api/avatars/filename allows any logged-in user to read arbitrary files from within the application container. The filename URL...

CVE-2026-30942 Flare has a Path Traversal in /api/avatars/[filename]

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to 1.7.3, an authenticated path traversal vulnerability in /api/avatars/filename allows any logged-in user to read arbitrary files from within the application container. The filename URL...

EUVD-2026-10553

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to 1.7.3, an authenticated path traversal vulnerability in /api/avatars/filename allows any logged-in user to read arbitrary files from within the application container. The filename URL...

CVE-2026-30942

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to 1.7.3, an authenticated path traversal vulnerability in /api/avatars/filename allows any logged-in user to read arbitrary files from within the application container. The filename URL...

PT-2026-24251

Name of the Vulnerable Software and Affected Versions Flare versions prior to 1.7.3 Description Flare is a Next.js-based, self-hostable file sharing platform. A path traversal issue exists in the /api/avatars/filename endpoint, allowing authenticated users to read arbitrary files within the...