CVE-2026-7651 User Registration & Membership <= 5.1.5 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Media Deletion via 'profile-pic-url' Parameter

The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.5. This is due to missing...

WordPress plugin User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

WordPress User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin <= 5.1.5 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Media Deletion vulnerability

Authenticated Subscriber+ Insecure Direct Object Reference to Arbitrary Media Deletion vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin User Registration versions = 5.1.5...

Exploit for CVE-2026-6145

CVE-2026-6145 — User Registration & Membership for WordPress:...

CVE-2026-6145

The User Registration & Membership plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.1.5. This is due to the isadmincreationprocess method relying solely on the presence of action=createuser in the $REQUEST superglobal without performing any...

PT-2026-36994

Name of the Vulnerable Software and Affected Versions User Registration & Membership plugin for WordPress versions prior to 5.1.5 Description A missing capability check in the embed form action function allows authenticated attackers with Contributor-level access or higher to perform unauthorized...

CVE-2026-42652

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpeverest User Registration user-registration allows Reflected XSS.This issue affects User Registration: from n/a through = 5.1.5...

DEBIAN-CVE-2026-29063

Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Pollution is possible in immutable via the mergeDeep, mergeDeepWith, merge, Map.toJS, and Map.toObject APIs. This issue has been patched in versions 3.8.3, 4.3.7, and 5.1.5...

UBUNTU-CVE-2026-29063

Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Pollution is possible in immutable via the mergeDeep, mergeDeepWith, merge, Map.toJS, and Map.toObject APIs. This issue has been patched in versions 3.8.3, 4.3.7, and 5.1.5...

CVE-2026-29063 Immutable.js: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in immutable

Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Pollution is possible in immutable via the mergeDeep, mergeDeepWith, merge, Map.toJS, and Map.toObject APIs. This issue has been patched in versions 3.8.3, 4.3.7, and 5.1.5...

GHSA-WF6X-7X77-MVGW Immutable is vulnerable to Prototype Pollution

Impact What kind of vulnerability is it? Who is impacted? A Prototype Pollution is possible in immutable via the mergeDeep, mergeDeepWith, merge, Map.toJS, and Map.toObject APIs. Affected APIs | API | Notes | | --------------------------------------- |...

CVE-2022-31202

The export function in SoftGuard Web SGW before 5.1.5 allows directory traversal to read an arbitrary local file via export or man.tcl...

EUVD-2021-21012

Malware in sbrugna...

EUVD-2017-9719

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2019-12379

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in coninsertunipair in drivers/tty/vt/consolemap.c in the Linux kernel through 5.1.5. There is a memory leak in a certain case of an...

CVE-2024-54382

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in BoldThemes Bold Page Builder allows Path Traversal.This issue affects Bold Page Builder: from n/a through 5.1.5...

CVE-2024-54382

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in boldthemes Bold Page Builder bold-page-builder allows Path Traversal.This issue affects Bold Page Builder: from n/a through = 5.1.5...

CVE-2024-54382 WordPress Bold Page Builder plugin <= 5.1.5 - Path Traversal vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in boldthemes Bold Page Builder bold-page-builder allows Path Traversal.This issue affects Bold Page Builder: from n/a through = 5.1.5...

WordPress plugin Bold Page Builder 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

PT-2024-33393 · Unknown · Daniele Alessandra Da Reactions

Name of the Vulnerable Software and Affected Versions: Daniele Alessandra Da Reactions versions through 5.1.5 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS, where an attacker can...