Gravity SMTP WordPress Plugin - Sensitive Information Exposure

Gravity SMTP WordPress plugin = 2.1.4 contains a sensitive information exposure caused by an unrestricted REST API endpoint at /wp-json/gravitysmtp/v1/tests/mock-data, letting unauthenticated attackers retrieve detailed system configuration data, exploit requires no authentication. id:...

EUVD-2026-25814

Incorrect Privilege Assignment vulnerability in Directorist Directorist Social Login allows Privilege Escalation.This issue affects Directorist Social Login: from n/a before 2.1.4...

CVE-2026-22337

Incorrect Privilege Assignment vulnerability in Directorist Directorist Social Login allows Privilege Escalation.This issue affects Directorist Social Login: from n/a before 2.1.4...

WordPress plugin Directorist Social Login 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress Gravity SMTP plugin <= 2.1.4 - Missing Authorization to Authenticated (Subscriber+) Plugin Uninstall vulnerability

Missing Authorization to Authenticated Subscriber+ Plugin Uninstall vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin Gravity SMTP versions = 2.1.4...

CVE-2026-4020 Gravity SMTP <= 2.1.4 - Unauthenticated Sensitive Information Exposure via REST API

The Gravity SMTP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4. This is due to a REST API endpoint registered at /wp-json/gravitysmtp/v1/tests/mock-data with a permissioncallback that unconditionally returns true, allowing any...

CVE-2026-23877

Swing Music is a self-hosted music player for local audio files. Prior to version 2.1.4, Swing Music's listfolders function in the /folder/dir-browser endpoint is vulnerable to directory traversal attacks. Any authenticated user including non-admin can browse arbitrary directories on the server...

CVE-2026-23877

Swing Music (self-hosted) exposes a directory traversal flaw in the /folder/dir-browser/list_folders pathway. The github-advisory and CVE notes show that the list_folders() function accepts crafted paths and lacks proper authorization, allowing any authenticated user, including non-admins, to bro...

PT-2026-3505

Name of the Vulnerable Software and Affected Versions Swing Music versions prior to 2.1.4 Description Swing Music is a self-hosted music player for local audio files. The list folders function within the /folder/dir-browser API endpoint is susceptible to directory traversal attacks. Authenticated...

CVE-2025-13504

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in e-plugins Real Estate Pro real-estate-pro allows Reflected XSS.This issue affects Real Estate Pro: from n/a through = 2.1.4...

CVE-2023-25958

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Justin Saad Simple Tooltips plugin = 2.1.4 versions...

CVE-2024-34442

Missing Authorization vulnerability in weDevs weDocs.This issue affects weDocs: from n/a through 2.1.4...

CVE-2025-13504

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in e-plugins Real Estate Pro real-estate-pro allows Reflected XSS.This issue affects Real Estate Pro: from n/a through = 2.1.4...

CVE-2025-13504 WordPress Real Estate Pro plugin <= 2.1.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in e-plugins Real Estate Pro real-estate-pro allows Reflected XSS.This issue affects Real Estate Pro: from n/a through = 2.1.4...

PT-2026-1704

Name of the Vulnerable Software and Affected Versions e-plugins Real Estate Pro versions through 2.1.4 Description The software contains a flaw related to improper input handling during web page generation, specifically a Reflected Cross-site Scripting issue. This allows for the execution of...

CVE-2025-67474

Missing Authorization vulnerability in Ultimate Member ForumWP forumwp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ForumWP: from n/a through = 2.1.4...

EUVD-2025-202130

Missing Authorization vulnerability in Ultimate Member ForumWP forumwp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ForumWP: from n/a through = 2.1.4...

CVE-2025-67474

CVE-2025-67474 is a Missing Authorization / Broken Access Control vulnerability in the WordPress ForumWP plugin (versions up to and including 2.1.4). The Red Hat, NVD/NVD-derived, CVE lists and PatchStack entry confirm that ForumWP 2.1.4). The vulnerability is described as an authorization/config...

EUVD-2025-198439

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in MatrixAddons Easy Invoice easy-invoice allows PHP Local File Inclusion.This issue affects Easy Invoice: from n/a through = 2.1.4...

CVE-2025-66115 WordPress Easy Invoice plugin <= 2.1.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in MatrixAddons Easy Invoice easy-invoice allows PHP Local File Inclusion.This issue affects Easy Invoice: from n/a through = 2.1.4...