WordPress GamiPress plugin <= 7.6.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by bosz in WordPress Plugin GamiPress versions = 7.6.3...

PT-2026-43104

Missing Authorization vulnerability in Ruben Garcia GamiPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GamiPress: from n/a through 7.6.3...

EUVD-2026-15748

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in TieLabs Jannah jannah allows PHP Local File Inclusion.This issue affects Jannah: from n/a through = 7.6.3...

CVE-2026-25464

CVE-2026-25464 affects the WordPress plugin Jannah (Jannah – Newspaper Magazine News BuddyPress AMP). The Wordfence and NVD entries describe an "Imporper Control of Filename for Include/Require Statement" vulnerability that enables PHP Local File Inclusion via manipulated include/require targets....

CVE-2026-25464 WordPress Jannah theme <= 7.6.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in TieLabs Jannah jannah allows PHP Local File Inclusion.This issue affects Jannah: from n/a through = 7.6.4...

Fortra GoAnywhere MFT License Servlet Deserialization Vulnerability

Fortra GoAnywhere MFT is a Managed File Transfer MFT solution helping organizations build both internal and external data transfer exchanges. GoAnyWhere MFT versions before 7.8.4 and before 7.6.3 suffer from a deserialization vulnerabilty. By crafting a specific payload, a remote and...

EUVD-2023-50532

Malicious code in bioql PyPI...

Fortinet FortiWeb CLI 安全漏洞

Fortinet FortiWeb CLI is a command line interface from Fortinet, Inc. A security vulnerability exists in Fortinet FortiWeb CLI versions 7.6.0 through 7.6.3 and prior to 7.4.8, which originates from a stack buffer overflow and could lead to the execution of arbitrary code...

CVE-2024-52423

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themifyme Themify Builder themify-builder allows Stored XSS.This issue affects Themify Builder: from n/a through = 7.6.5...

CVE-2024-56216

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in themifyme Themify Builder themify-builder allows PHP Local File Inclusion.This issue affects Themify Builder: from n/a through = 7.6.3...

CVE-2024-35687

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Yannick Lefebvre Link Library link-library allows Reflected XSS.This issue affects Link Library: from n/a through 7.6.3...

CVE-2024-56216

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in themifyme Themify Builder themify-builder allows PHP Local File Inclusion.This issue affects Themify Builder: from n/a through = 7.6.3...

CVE-2024-56216 WordPress Themify Builder plugin <= 7.6.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Themify Themify Builder allows PHP Local File Inclusion.This issue affects Themify Builder: from n/a through 7.6.3...

WordPress plugin Themify Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Themify Builder plugin <= 7.6.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Themify Builder versions = 7.6.3...

CVE-2024-52423

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Themify Themify Builder allows Stored XSS.This issue affects Themify Builder: from n/a through 7.6.3...

WordPress plugin Themify Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2023-46311

Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team Comments – wpDiscuz.This issue affects Comments – wpDiscuz: from n/a through 7.6.3...

WordPress wpDiscuz Plugin <= 7.6.3 is vulnerable to Insecure Direct Object References (IDOR)

Software wpDiscuz Type Plugin Vulnerable versions = 7.6.3 Fixed in 7.6.4 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-46311 Patch priority Low CVSS severity Low 2.7 Developer Claim ownership PSID 05932cb617e2 Credits Revan Arifio Requir...

CVE-2023-3869

The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the voteOnComment function in versions up to, and including, 7.6.3. This makes it possible for unauthenticated attackers to increase or decrease the rating of a comment...