CVE-2026-5767

The SlideShowPro SC plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's slideShowProSC shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2026-39664

Missing Authorization vulnerability in leadrebel Leadrebel leadrebel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Leadrebel: from n/a through = 1.0.2...

WordPress plugin UnitechPay 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

WordPress plugin leadlovers forms 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress Hr Press Lite plugin <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Employee Information Exposure vulnerability

Missing Authorization to Authenticated Subscriber+ Sensitive Employee Information Exposure vulnerability discovered by WordFence in WordPress Plugin Hr Press Lite versions = 1.0.2...

EUVD-2026-7457

A vulnerability was detected in horilla-opensource horilla up to 1.0.2. This issue affects the function get of the file horillagenerics/globalsearch.py of the component Query Parameter Handler. The manipulation of the argument prevurl results in open redirect. The attack can be executed remotely...

WordPress Slidorion plugin <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via Slidorion Settings vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Slidorion Settings vulnerability discovered by san6051 - PWC in WordPress Plugin Slidorion versions = 1.0.2...

WordPress A-Mart theme <= 1.0.2 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme A-Mart versions = 1.0.2...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: openssl (UTSA-2026-005350)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005350 advisory. Issue summary: Processing a malformed PKCS12 file can trigger a NULL pointer dereference in the PKCS12itemdecryptd2iex function. Impact summary: A NULL pointer...

CVE-2025-66136

Missing Authorization vulnerability in merkulove Carter for Elementor carter-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Carter for Elementor: from n/a through = 1.0.2...

PT-2025-53870

Name of the Vulnerable Software and Affected Versions WeDesignTech Portfolio versions through 1.0.2 Description An authorization issue exists in WeDesignTech Portfolio, allowing exploitation of incorrectly configured access control security levels. Recommendations Update WeDesignTech Portfolio to...

CVE-2025-68525

CVE-2025-68525 targets the WordPress Category Icon plugin (versions up to and including 1.0.2). The root cause is improper input neutralization during web-page generation, leading to Stored Cross-Site Scripting (XSS). Affected product/component: WordPress Category Icon category-icon feature; impa...

WordPress WH Tweaks plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Nur Ibnu Hubab in WordPress Plugin WH Tweaks versions = 1.0.2...

@abtnode/blocklet-services (>=1.16.6 <=1.17.12-beta-20260422-093007-b389a838), @abtnode/cli (>=1.0.0 <=1.16.34-beta-20241113-102431-65542b84) +445 more potentially affected by unknown CVE via shell-exec (>=1.0.2 <=1.1.2)

shell-exec NPM version =1.0.2, =1.16.6, =1.0.0, =1.16.6, =1.0.0, =0.3.35, =1.5.0, =0.0.0-beta.0, =0.0.0, =2.49.0, =1.0.0, =2.0.0-0, =2.0.0-0, =1.0.16, =1.0.0, =1.2.1, =1.3.16 and more Source cves: unknown CVE Source advisory: SNYK:JS-SHELLEXEC-14103722...

WordPress Responsive iframe GoogleMap plugin <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Responsive iframe GoogleMap versions = 1.0.2...

CVE-2025-61688

Omni manages Kubernetes on bare metal, virtual machines, or in a cloud. Prior to 1.1.5 and 1.0.2, Omni might leak sensitive information via an API...

EUVD-2025-25366

Malicious code in bioql PyPI...

WordPress User Notes plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan in WordPress Plugin User Notes versions = 1.0.2...

CVE-2025-58969

Missing Authorization vulnerability in Greg Winiarski Custom Login URL custom-login-url allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom Login URL: from n/a through = 1.0.2...

WordPress Custom Login URL Plugin <= 1.0.2 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Nabil Irawan in WordPress Plugin Custom Login URL versions = 1.0.2...