WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin <= 2.0.8 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin Unlimited Elements For Elementor Free Widgets, Addons, Templates versions = 2.0.8...

CVE-2026-10214

A weakness has been identified in zhayujie chatgpt-on-wechat up to 2.0.8. This issue affects the function getsafetywarning of the file agent/tools/bash/bash.py of the component Bash Tool. Executing a manipulation can lead to os command injection. The attack can be launched remotely. The exploit h...

CVE-2026-10214 zhayujie chatgpt-on-wechat Bash Tool bash.py _get_safety_warning os command injection

A weakness has been identified in zhayujie chatgpt-on-wechat up to 2.0.8. This issue affects the function getsafetywarning of the file agent/tools/bash/bash.py of the component Bash Tool. Executing a manipulation can lead to os command injection. The attack can be launched remotely. The exploit h...

PT-2026-45246

A weakness has been identified in zhayujie chatgpt-on-wechat up to 2.0.8. This issue affects the function get safety warning of the file agent/tools/bash/bash.py of the component Bash Tool. Executing a manipulation can lead to os command injection. The attack can be launched remotely. The exploit...

CVE-2026-48837

CVE-2026-48837: SQL Injection in WordPress plugin Unlimited Elements For Elementor (Free Widgets, Addons, Templates)

PT-2026-43150

Name of the Vulnerable Software and Affected Versions Unlimited Elements For Elementor versions prior to 2.0.9 Description Improper Neutralization of Special Elements used in an SQL Command allows Blind SQL Injection. Blind SQL Injection is a type of attack where the application does not return...

WordPress plugin Unlimited Elements For Elementor SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, with the ability to host personal blog sites on PHP and MySQL based servers.WordPress...

CVE-2026-7641 Import and export users and customers <= 2.0.8 - Authenticated (Subscriber+) Privilege Escalation via Multisite Capability Meta Fields

The Import and export users and customers plugin for WordPress is vulnerable to Privilege Escalation in all versions up to and including 2.0.8 via the saveextrauserprofilefields function. This is due to an incomplete blocklist that correctly restricts capability meta keys for the primary site e.g...

CVE-2026-39469

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Softaculous PageLayer pagelayer allows Retrieve Embedded Sensitive Data.This issue affects PageLayer: from n/a through = 2.0.8...

@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @kontaa/subgraph (>=1.0.1 <=1.2.3) +27 more potentially affected by CVE-2026-39321 via parse-server (>=2.0.8 <=7.5.4)

parse-server NPM version =2.0.8, =1.0.5, =1.0.1, =1.2.1, =2.4.46, =2.4.8, =1.0.0, =1.0.0, =1.0.1, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.29 - parse-cli-server2 =0.0.30 and more Source cves: CVE-2026-39321 Source advisory: OSV:GHSA-MMPQ-5HCV-HF2V...

EUVD-2026-19295

Fedify affected by resource exhaustion caused by unbounded redirect following during remote key/document resolution...

CVE-2026-34148 Fedify affected by resource exhaustion caused by unbounded redirect following during remote key/document resolution

Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to 1.9.6, 1.10.5, 2.0.8, and 2.1.1, @fedify/fedify follows HTTP redirects recursively in its remote document loader and authenticated document loader without enforcing a maximum redirect count or...

CVE-2026-25013

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WHMCSdes Phox Hosting phox-host allows Reflected XSS.This issue affects Phox Hosting: from n/a through = 2.0.8...

EUVD-2026-15615

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WHMCSdes Phox Hosting phox-host allows Reflected XSS.This issue affects Phox Hosting: from n/a through = 2.0.8...

CVE-2026-32505

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CreativeWS Kiddy kiddy allows PHP Local File Inclusion.This issue affects Kiddy: from n/a through = 2.0.8...

CVE-2026-32505 WordPress Kiddy theme <= 2.0.8 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CreativeWS Kiddy kiddy allows PHP Local File Inclusion.This issue affects Kiddy: from n/a through = 2.0.8...

CVE-2026-25013

CVE-2026-25013 concerns Phox Hosting (Phox - Hosting WordPress & WHMCS Theme) phox-host. A Reflected XSS vulnerability arises from improper neutralization of input during web page generation, with exploitation possible in the affected Phox Hosting: from n/a through &lt;= 2.0.8. The CVE entry is a...

CVE-2026-25013 WordPress Phox Hosting plugin <= 2.0.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WHMCSdes Phox Hosting phox-host allows Reflected XSS.This issue affects Phox Hosting: from n/a through = 2.0.8...

CVE-2026-25013 WordPress Phox Hosting plugin <= 2.0.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WHMCSdes Phox Hosting phox-host allows Reflected XSS.This issue affects Phox Hosting: from n/a through = 2.0.8...

PT-2026-21084

Name of the Vulnerable Software and Affected Versions Shiprocket versions n/a through 2.0.8 Description An authorization bypass exists due to incorrectly configured access control security levels. This allows exploitation through a user-controlled key. Recommendations Update Shiprocket to a versi...