6 matches found
CVE-2026-4758
The WP Job Portal plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'WPJOBPORTALcustomfields::removeFileCustom' function in all versions up to, and including, 2.4.9. This makes it possible for authenticated attackers, with Subscriber-lev...
CVE-2026-22490 WordPress Bulk Landing Page Creator for WordPress LPagery plugin <= 2.4.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in niklaslindemann Bulk Landing Page Creator for WordPress LPagery lpagery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk Landing Page Creator for WordPress LPagery: from n/a through = 2.4.9...
PT-2025-48681
Name of the Vulnerable Software and Affected Versions Argus Technology Inc. BILGER versions prior to 2.4.9 Description A flaw exists in Argus Technology Inc. BILGER that allows for the insertion of sensitive information into sent data through the manipulation of message identifiers. The issue...
PT-2025-35344
Name of the Vulnerable Software and Affected Versions: Ocean Extra plugin for WordPress versions through 2.4.9 Description: The Ocean Extra plugin for WordPress is susceptible to Stored Cross-Site Scripting via the oceanwp library shortcode due to insufficient input sanitization and output escapi...
WordPress Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation plugin <= 2.4.9 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation versions = 2.4.9...
httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications
It has been discovered that the modsession module of Apache HTTP Server httpd, through version 2.4.29, has an improper input validation flaw in the way it handles HTTP session headers in some configurations. A remote attacker may influence their content by using a "Session" header...