CVE-2026-43892

AntSword is a cross-platform website management toolkit. Prior to 2.1.16, incomplete noxss sanitization leads to 1-click RCE via jquery.terminal format code injection. This vulnerability is fixed in 2.1.16...

CVE-2026-43892 AntSword: Incomplete noxss() sanitization leads to 1-click RCE via jquery.terminal format code injection

AntSword is a cross-platform website management toolkit. Prior to 2.1.16, incomplete noxss sanitization leads to 1-click RCE via jquery.terminal format code injection. This vulnerability is fixed in 2.1.16...

EUVD-2026-29721

AntSword is a cross-platform website management toolkit. Prior to 2.1.16, incomplete noxss sanitization leads to 1-click RCE via jquery.terminal format code injection. This vulnerability is fixed in 2.1.16...

CVE-2025-68911

Missing Authorization vulnerability in solacewp Solace solace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Solace: from n/a through = 2.1.16...

CVE-2025-13921

The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to unauthorized modification or loss of data due to a missing capability check on the 'wedocsuserdocumentationhandlingcapabilities' function in all versions up to, and including, 2.1.1...

CVE-2025-13921

CVE-2025-13921 (weDocs for WordPress) : Wordfence and related feeds confirm that weDocs versions up to 2.1.16 expose an unauthenticated ability to modify or lose documentation data due to a missing capability check in wedocs_user_documentation_handling_capabilities. An authenticated attacker with...

WordPress weDocs plugin <= 2.1.16 - Missing Authorization to Authenticated (Subscriber+) Documentation Post Update vulnerability

Missing Authorization to Authenticated Subscriber+ Documentation Post Update vulnerability discovered by blue0x1 in WordPress Plugin weDocs versions = 2.1.16...

CVE-2025-68911

Missing Authorization vulnerability in solacewp Solace solace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Solace: from n/a through = 2.1.16...

CVE-2025-14351

The Custom Fonts – Host Your Fonts Locally plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'BCFGoogleFontsCompatibility' class constructor function in all versions up to, and including, 2.1.16. This makes it possible for unauthenticated...

WordPress Solace theme <= 2.1.16 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Denver Jackson in WordPress Theme Solace versions = 2.1.16...

PT-2026-1746

Name of the Vulnerable Software and Affected Versions weDocs plugin for WordPress versions prior to 2.1.16 Description The weDocs plugin for WordPress is susceptible to sensitive information disclosure. Unauthenticated attackers can extract sensitive data, including API keys for third-party...

EUVD-2025-28117

Malicious code in bioql PyPI...

CVE-2025-9849

The Html Social share buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'zmshbtn' shortcode in all versions up to, and including, 2.1.16 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress Html Social share buttons plugin <= 2.1.16 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin Html Social share buttons versions = 2.1.16...

GHSA-8J7C-682X-R9F2 Magento RCE,XSS and other vulnerabilities

Magento Commerce and Open Source 2.3.0, 2.2.7 and 2.1.16 contain multiple security enhancements that help close Remote Code Execution RCE, Cross-Site Scripting XSS and other vulnerabilities...

ASUS DSL-N10S Cross-Site Request Forgery Vulnerability

ASUS DSL-N10S is a wireless router product from ASUS. A cross-site request forgery vulnerability exists in ASUS DSL-N10S version V2.1.16APAC. A remote attacker can exploit this vulnerability to perform unauthorized operations...

ASUS DSL-N10S Elevation of Privilege Vulnerability

ASUS DSL-N10S is a wireless router product from ASUS. A privilege extraction vulnerability exists in ASUS DSL-N10S version V2.1.16APAC. An attacker can exploit this vulnerability to gain privileges and perform administrative operations...

ASUS DSL-N10S Cross-Site Scripting Vulnerability

ASUS DSL-N10S is a wireless router product from ASUS. A cross-site scripting vulnerability exists in ASUS DSL-N10S version V2.1.16APAC. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...