WP Hotel Booking <= 2.0.7 - SQL Injection

WP Hotel Booking WordPress plugin before 2.0.8 contains a SQL injection caused by lack of authorization, CSRF checks, and input escaping in a function hooked to admininit, letting unauthenticated users perform SQL injections, exploit requires no authentication. id: CVE-2023-5652 info: name: WP...

CVE-2026-9236 CM Ad Changer <= 2.0.7 - Cross-Site Request Forgery to Campaign Deletion via Campaign Management

The CM Ad Changer – A simple tool to control and optimize your site's banners plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.7. This is due to missing or incorrect nonce validation on the cmaccampaignsaction function. This makes it...

WordPress CM Ad Changer – A simple tool to control and optimize your site's banners plugin <= 2.0.7 - Cross-Site Request Forgery to Campaign Deletion vulnerability

Cross-Site Request Forgery to Campaign Deletion vulnerability discovered by jamaal in WordPress Plugin CM Ad Changer versions = 2.0.7...

Astra Linux - уязвимость в python-urllib3

urllib3 is a user-friendly HTTP client library for Python. Previously, urllib3 would not remove the HTTP request body when an HTTP redirect response was received using status 301, 302, or 303 after the request’s method changed from one that could accept a request body such as POST to GET, as...

WordPress Unlimited Elements For Elementor plugin <= 2.0.7 - Authenticated (Contributor+) SQL Injection vulnerability

Authenticated Contributor+ SQL Injection vulnerability discovered by Nguyen Truong Roll in WordPress Plugin Unlimited Elements For Elementor Free Widgets, Addons, Templates versions = 2.0.7...

CVE-2026-39561

Missing Authorization vulnerability in WP Chill Revive.so revive-so allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Revive.so: from n/a through = 2.0.7...

CVE-2026-4120

The Info Cards – Add Text and Media in Card Layouts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'btnUrl' parameter within the Info Cards block in all versions up to, and including, 2.0.7. This is due to insufficient input validation on URL schemes, specifically the...

WordPress plugin Medilink-Core 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...

GHSA-6W48-2G9J-V9Q5 Apache IoTDB has an Improper Input Validation vulnerability

Improper Input Validation vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue...

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements used in an Expression Language Statement 'Expression Language Injection' via JEXL dependency. An attacker can execute arbitrary commands, access sensitive data, or disrupt service by submittin...

Apache IoTDB has an Improper Input Validation vulnerability

Improper Input Validation vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue...

Binding to an Unrestricted IP Address

Overview org.apache.iotdb:iotdb-server is a data management system for time series data, which can provide users specific services, such as, data collection, storage and analysis. Affected versions of this package are vulnerable to Binding to an Unrestricted IP Address in the default configuratio...

CVE-2026-24015

A vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue...

CVE-2026-24713 Apache IoTDB: JEXL Expression Injection Vulnerability

Improper Input Validation vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue...

EUVD-2026-8788

dottie is vulnerable to Prototype Pollution bypass via non-first path segments in set and transform...

CVE-2026-27837 Dottie vulnerable to prototype pollution bypass via non-first path segments in set() and transform()

Dottie provides nested object access and manipulation in JavaScript. Versions 2.0.4 through 2.0.6 contain an incomplete fix for CVE-2023-26132. The prototype pollution guard introduced in commit 7d3aee1 only validates the first segment of a dot-separated path, allowing an attacker to bypass the...

CVE-2025-14339

The weMail - Email Marketing, Lead Generation, Optin Forms, Email Newsletters, A/B Testing, and Automation plugin for WordPress is vulnerable to unauthorized form deletion in all versions up to, and including, 2.0.7. This is due to the Forms::permission callback only validating the X-WP-Nonce...

CVE-2025-67998 WordPress Miraculous Elementor plugin <= 2.0.7 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in kamleshyadav Miraculous Elementor miraculous-el allows Authentication Abuse.This issue affects Miraculous Elementor: from n/a through = 2.0.7...

PT-2026-21066

Name of the Vulnerable Software and Affected Versions Miraculous Elementor versions through 2.0.7 Description An authentication bypass issue exists in Miraculous Elementor, potentially allowing authentication abuse through an alternate path or channel. Recommendations Update Miraculous Elementor ...

CVE-2026-27328

Missing Authorization vulnerability in DevsBlink EduBlink edublink allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EduBlink: from n/a through = 2.0.7...