CVE-2026-25026

Missing Authorization vulnerability in RadiusTheme Team tlp-team allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team: from n/a through = 5.0.11...

EUVD-2026-15623

Missing Authorization vulnerability in RadiusTheme Team tlp-team allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team: from n/a through = 5.0.11...

CVE-2026-25026

CVE-2026-25026 affects the WordPress Plugin Team (RadiusTheme Team tlp-team) with versions n/a through 5.0.11, described as a Missing Authorization / Broken Access Control vulnerability. The underlying issue is improper access-control configuration that could allow exploitation without privileges...

PT-2026-27887

Name of the Vulnerable Software and Affected Versions RadiusTheme Team versions n/a through 5.0.11 Description A missing authorization issue exists in RadiusTheme Team tlp-team. This allows exploitation of incorrectly configured access control security levels. Recommendations Update RadiusTheme...

WordPress plugin Team 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. There is a...

CVE-2026-2433 RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging <= 5.0.11 - Unauthenticated DOM-Based Reflected Cross-Site Scripting via postMessage

The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via postMessage in all versions up to, and including, 5.0.11. This is due to the plugin's admin-shell.js registering a global message event listener...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000373)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000373 advisory. An issue was discovered in the Linux kernel before 5.0.11. fm10kinitmodule in drivers/net/ethernet/intel/fm10k/fm10kmain.c has a NULL pointer dereference because the...

WordPress Team plugin < 5.0.11 - Unauthenticated SQLi vulnerability

Unauthenticated SQLi vulnerability discovered by Alex Tselevich nos3curity in WordPress Plugin Team versions 5.0.11...

CVE-2025-14124

CVE-2025-14124 affects WordPress Team Plugin versions prior to 5.0.11. An unauthenticated attacker can trigger a SQL injection via an AJAX action due to insufficient sanitization/escaping of a parameter used in a SQL statement. The associated exploit/example on GitHub demonstrates an unauthentica...

CVE-2025-14124 Team < 5.0.11 - Unauthenticated SQLi

The Team WordPress plugin before 5.0.11 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

WordPress Newsup Theme <= 5.0.10 is vulnerable to Broken Access Control

Software Newsup Type Theme Vulnerable versions = 5.0.10 Fixed in 5.0.11 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2025-8682 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 9037492b67e8 Credits Dmitrii Ignatyev Required privilege...

CVE-2024-47793

Stored cross-site scripting vulnerability exists in Exment v6.1.4 and earlier and Exment v5.0.11 and earlier. When accessing the edit screen containing custom columns column type: images or files, an arbitrary script may be executed on the web browser of the user...

VulnCheck KEV: CVE-2024-8911

The LatePoint plugin for WordPress is vulnerable to Arbitrary User Password Change via SQL Injection in versions up to, and including, 5.0.11. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

CVE-2023-32065

OroCommerce is an open-source Business to Business Commerce application built with flexibility in mind. Detailed Order totals information may be received by Order ID. This issue is patched in version 5.0.11 and 5.1.1...

CVE-2023-32065 OroCommerce get-totals-for-checkout API endpoint returns unwanted data

OroCommerce is an open-source Business to Business Commerce application built with flexibility in mind. Detailed Order totals information may be received by Order ID. This issue is patched in version 5.0.11 and 5.1.1...

CVE-2023-32065 OroCommerce get-totals-for-checkout API endpoint returns unwanted data

OroCommerce is an open-source Business to Business Commerce application built with flexibility in mind. Detailed Order totals information may be received by Order ID. This issue is patched in version 5.0.11 and 5.1.1...

CVE-2023-32064 OroCommerce Customer Portal Incorrect Customer and Customer Group Frontend Menus pages visibility

OroCommerce package with customer portal and non authenticated visitor website base features. Back-office users can access information about Customer and Customer User menus, bypassing ACL security restrictions due to insufficient security checks. This issue has been patched in version 5.0.11 and...

CVE-2023-45651

Cross-Site Request Forgery CSRF vulnerability in Marco Milesi WP Attachments allows Cross Site Request Forgery.This issue affects WP Attachments: from n/a through 5.0.11...

PT-2023-29627 · WordPress · Wp Attachments

Name of the Vulnerable Software and Affected Versions: WP Attachments versions 5.0.11 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the software, allowing unauthorized requests. This can lead to various security issues, as an attacker could potentially perform actions o...

Cross site scripting

A Cross Site Scripting XSS vulnerabililty exists in enhanced-github v5.0.11 via the file name parameter...