PT-2026-42033

Impact This is a significant Denial of Service DoS vulnerability. Any application that uses FPDI to process user-supplied PDF files is at risk. An attacker can upload a small, malicious PDF file that will cause the server-side script to crash due to memory exhaustion or a script time-out. Repeate...

WordPress plugin Conditional Fields for Contact Form 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

CVE-2025-15453

A security vulnerability has been detected in milvus up to 2.6.7. This vulnerability affects the function expr.Exec of the file pkg/util/expr/expr.go of the component HTTP Endpoint. The manipulation of the argument code leads to deserialization. Remote exploitation of the attack is possible. The...

CVE-2025-64382

Missing Authorization vulnerability in WebToffee Order Export & Order Import for WooCommerce order-import-export-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Export & Order Import for WooCommerce: from n/a through = 2.6.7...

EUVD-2025-163766

Missing Authorization vulnerability in WebToffee Order Export & Order Import for WooCommerce order-import-export-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Export & Order Import for WooCommerce: from n/a through = 2.6.7...

CVE-2025-64382

CVE-2025-64382 affects the WordPress plugin Order Export & Order Import for WooCommerce (versions through 2.6.7). The issue is Missing Authorization/Broken Access Control due to incorrectly configured access control security levels, enabling unauthorized access to the plugin’s order-export/import...

WordPress Order Export & Order Import for WooCommerce plugin <= 2.6.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Order Export & Order Import for WooCommerce versions = 2.6.7...

EUVD-2023-50330

Malicious code in bioql PyPI...

EUVD-2023-39081

Malicious code in bioql PyPI...

CVE-2025-54041 WordPress Wallet System for WooCommerce plugin <= 2.6.7 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in WP Swings Wallet System for WooCommerce allows Cross Site Request Forgery. This issue affects Wallet System for WooCommerce: from n/a through 2.6.7...

CVE-2023-46069

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Osmansorkar Ajax Archive Calendar plugin = 2.6.7 versions...

CVE-2025-30837

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Cristiano Zanca WooCommerce Fattureincloud woo-fattureincloud allows Reflected XSS.This issue affects WooCommerce Fattureincloud: from n/a through = 2.6.7...

CVE-2025-30837 WordPress WooCommerce Fattureincloud plugin <= 2.6.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Cristiano Zanca WooCommerce Fattureincloud woo-fattureincloud allows Reflected XSS.This issue affects WooCommerce Fattureincloud: from n/a through = 2.6.7...

CVE-2025-31590

CVE-2025-31590 is a Stored XSS affecting the WordPress plugin WP Date and Time Shortcode . The vulnerability arises from improper neutralization of input during web page generation, allowing stored cross-site scripting via authenticated access. Affected versions are listed as from n/a up to 2.6.7...

CVE-2025-31590 WordPress WP Date and Time Shortcode plugin <= 2.6.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Denra.com WP Date and Time Shortcode wp-date-and-time-shortcode allows Stored XSS.This issue affects WP Date and Time Shortcode: from n/a through = 2.6.7...

WordPress plugin Kraken.io Image Optimizer 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

WordPress plugin WP JobSearch 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

WordPress WP JobSearch plugin <= 2.6.7 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by Tonn in WordPress Plugin JobSearch versions = 2.6.7...

WordPress WP JobSearch plugin <= 2.6.7 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Tonn in WordPress Plugin JobSearch versions = 2.6.7...

WordPress JobSearch Plugin <= 2.6.7 is vulnerable to Arbitrary File Upload

Software JobSearch Type Plugin Vulnerable versions = 2.6.7 Fixed in 2.6.8 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-8614 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID d16b486be3a5 Credits Tonn Required privilege Subscriber Published 5...