CVE-2026-27611

FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to versions 1.1.3-stable and 1.2.6-beta, when users share password-protected files, the recipient can completely bypass the password and still download the file. This happens because the API returns a direct download link i...

CVE-2026-27611

FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to versions 1.1.3-stable and 1.2.6-beta, when users share password-protected files, the recipient can completely bypass the password and still download the file. This happens because the API returns a direct download link i...

PT-2026-21839

Name of the Vulnerable Software and Affected Versions FileBrowser Quantum versions prior to 1.1.3-stable FileBrowser Quantum versions prior to 1.2.6-beta Description FileBrowser Quantum is a self-hosted, web-based file manager. Prior to versions 1.1.3-stable and 1.2.6-beta, a flaw existed where...

CVE-2025-68882

Missing Authorization vulnerability in Scalenut Scalenut scalenut allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Scalenut: from n/a through = 1.1.3...

WordPress plugin Felan Framework 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

WordPress plugin Felan Framework 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

CVE-2025-62147 WordPress Realbig plugin <= 1.1.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in nikmelnik Realbig realbig-media allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Realbig: from n/a through = 1.1.3...

CVE-2025-62021

Missing Authorization vulnerability in Made Neat Acknowledgify acknowledgify.This issue affects Acknowledgify: from n/a through = 1.1.3...

WordPress plugin Simple Youtube Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin... A cross-site scripti...

PT-2025-39575

Name of the Vulnerable Software and Affected Versions WP Delicious Delisho versions through 1.1.3 Description An authorization issue exists in WP Delicious Delisho, allowing exploitation of incorrectly configured access control security levels. Recommendations Update WP Delicious Delisho to a...

CVE-2025-57905

Cross-Site Request Forgery CSRF vulnerability in Amin Y AgreeMe Checkboxes For WooCommerce agreeme-checkboxes-for-woocommerce allows Cross Site Request Forgery.This issue affects AgreeMe Checkboxes For WooCommerce: from n/a through = 1.1.3...

WordPress Simple Login Log plugin <= 1.1.3 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by mcdruid in WordPress Plugin Simple Login Log versions = 1.1.3...

WordPress Sala theme <= 1.1.3 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Rau má đậu xanh in WordPress Theme Sala versions = 1.1.3...

CVE-2010-0345

Cross-site scripting XSS vulnerability in the Majordomo extension 1.1.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

PT-2025-5431 · Bplugins · Bplugins All Embed – Elementor Addons

Name of the Vulnerable Software and Affected Versions: bPlugins All Embed – Elementor Addons versions 1.1.3 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for Stored Cross-site Scripting XSS. This means an attacker can...

PT-2025-5462 · WordPress · Orbisius Simple Notice

Name of the Vulnerable Software and Affected Versions: Orbisius Simple Notice versions 1.1.3 and earlier Description: The issue affects the Orbisius Simple Notice plugin, allowing Stored XSS due to improper neutralization of input during web page generation. This can lead to cross-site scripting...

PT-2024-12673 · Miniorange · Miniorange Yourmembership Single Sign On

Name of the Vulnerable Software and Affected Versions: miniOrange YourMembership Single Sign On versions 1.1.3 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows the exploitation of incorrectly configured access control security levels...

WordPress plugin Addressbook 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request...

PT-2024-34833 · Unknown · Huly Platform

Name of the Vulnerable Software and Affected Versions: Platform.Ly Official versions 1.1.3 and earlier Description: A Cross-Site Request Forgery CSRF issue allows Stored Cross Site Scripting XSS in the affected software. This means an attacker could potentially trick a user into performing...

WordPress theme Financio 跨站请求伪造漏洞

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blog sites on PHP and MySQL servers.WordPress theme is a theme for WordPress. A cross-site request forgery vulnerability exists in WordPress theme Financio version 1.1.3 and earlier...