WordPress MimeTypes Link Icons plugin <= 3.2.20 - Authenticated (Contributor+) Server-Side Request Forgery via Crafted Links in Post Content vulnerability

Authenticated Contributor+ Server-Side Request Forgery via Crafted Links in Post Content vulnerability discovered by Kai Aizen in WordPress Plugin MimeTypes Link Icons versions = 3.2.20...

CVE-2026-1313 MimeTypes Link Icons <= 3.2.20 - Authenticated (Contributor+) Server-Side Request Forgery via Crafted Links in Post Content

The MimeTypes Link Icons plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.2.20. This is due to the plugin making outbound HTTP requests to user-controlled URLs without proper validation when the "Show file size" option is enabled. This make...

CVE-2026-1313 MimeTypes Link Icons <= 3.2.20 - Authenticated (Contributor+) Server-Side Request Forgery via Crafted Links in Post Content

The MimeTypes Link Icons plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.2.20. This is due to the plugin making outbound HTTP requests to user-controlled URLs without proper validation when the "Show file size" option is enabled. This make...

CVE-2026-1321

The CVE-2026-1321 entry affects the WordPress plugin “Membership Plugin – Restrict Content” (Restrict Content) and describes an unauthenticated privilege-escalation in all versions up to 3.2.20. The root cause is that rcp_setup_registration_init() accepts any membership level ID via the rcp_level...

WordPress Membership plugin - Restrict Content plugin <= 3.2.20 - Unauthenticated Privilege Escalation via 'rcp_level' vulnerability

WordPress Membership plugin - Restrict Content plugin = 3.2.20 - Unauthenticated Privilege Escalation via 'rcplevel' vulnerability discovered by shark3y in WordPress Plugin Restrict Content versions = 3.2.20...

CVE-2026-24957

Missing Authorization vulnerability in WP Chill Strong Testimonials strong-testimonials allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Strong Testimonials: from n/a through = 3.2.20...

EUVD-2026-5221

Missing Authorization vulnerability in WP Chill Strong Testimonials strong-testimonials allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Strong Testimonials: from n/a through = 3.2.20...

CVE-2026-24957 WordPress Strong Testimonials plugin <= 3.2.20 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Chill Strong Testimonials strong-testimonials allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Strong Testimonials: from n/a through = 3.2.20...

CVE-2026-24957 WordPress Strong Testimonials plugin <= 3.2.20 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Chill Strong Testimonials strong-testimonials allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Strong Testimonials: from n/a through = 3.2.20...

CVE-2026-24957

Missing Authorization vulnerability in WP Chill Strong Testimonials strong-testimonials allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Strong Testimonials: from n/a through = 3.2.20...

PT-2026-6224

Name of the Vulnerable Software and Affected Versions WP Chill Strong Testimonials versions through 3.2.20 Description A missing authorization issue exists in WP Chill Strong Testimonials, allowing exploitation of incorrectly configured access control security levels. Recommendations Update WP...

WordPress plugin Strong Testimonials 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2025-58957

Missing Authorization vulnerability in Vikas Ratudi VPSUForm v-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VPSUForm: from n/a through = 3.2.20...

CVE-2025-58957 WordPress VPSUForm Plugin <= 3.2.20 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Vikas Ratudi VPSUForm v-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VPSUForm: from n/a through = 3.2.20...

CVE-2025-58957 WordPress VPSUForm Plugin <= 3.2.20 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Vikas Ratudi VPSUForm v-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VPSUForm: from n/a through = 3.2.20...

CVE-2025-58957

Technical details about CVE-2025-58957 are not provided in the connected documents. The description mentions a Missing Authorization issue in VPSUForm

WordPress plugin VPSUForm 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

BIT-DJANGO-2023-36053

In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS regular expression denial of service attack via a very large number of domain name labels of emails and URLs...

PYSEC-2023-100

In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS regular expression denial of service attack via a very large number of domain name labels of emails and URLs...

DEBIAN-CVE-2014-0405

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core, a different vulnerability than...