PT-2026-20743

Cross-Site Request Forgery CSRF vulnerability in Themes4WP Popularis Extra popularis-extra allows Cross Site Request Forgery.This issue affects Popularis Extra: from n/a through = 1.2.10...

CVE-2026-25938

CVE-2026-25938 affects FUXA (web-based Process Visualization) versions 1.2.8–1.2.10. A vulnerability in the Node-RED plugin allows an unauthenticated attacker to bypass authentication and execute arbitrary code on the server. The issue has been fixed in version 1.2.11. The CVSS v4.0 base score is...

CVE-2026-25938 FUXA Unauthenticated Remote Code Execution in Node-RED Integration

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. From 1.2.8 through 1.2.10, an authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to execute arbitrary code on the server when the Node-RED plugin is enabled. This has been patched in FUXA...

CVE-2026-25938 FUXA Unauthenticated Remote Code Execution in Node-RED Integration

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. From 1.2.8 through 1.2.10, an authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to execute arbitrary code on the server when the Node-RED plugin is enabled. This has been patched in FUXA...

repository-manager (>=1.2.10 <=1.2.15) potentially affected by CVE-2026-25904 via mcp-run-python (=0.0.22)

mcp-run-python PYPI version =0.0.22 is affected by a known vulnerability. The following packages have a transitive dependency on mcp-run-python and may be impacted: - repository-manager =1.2.10, =1.2.15 Source cves: CVE-2026-25904 Source advisory: SNYK:PYTHON-MCPRUNPYTHON-15250607...

repository-manager (>=1.2.10 <=1.2.15) potentially affected by CVE-2026-25905 via mcp-run-python (=0.0.22)

mcp-run-python PYPI version =0.0.22 is affected by a known vulnerability. The following packages have a transitive dependency on mcp-run-python and may be impacted: - repository-manager =1.2.10, =1.2.15 Source cves: CVE-2026-25905 Source advisory: SNYK:PYTHON-MCPRUNPYTHON-15250553...

WordPress Shown Connector plugin <= 1.2.10 - Settings Change vulnerability

Settings Change vulnerability discovered by Legion Hunter in WordPress Plugin Shown Connector versions = 1.2.10...

CVE-2025-5483

The LC Wizard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check in the ghl-wizard/inc/wpuser.php file in versions 1.2.10 to 1.3.0. This makes it possible for unauthenticated attackers to create new user accounts with the administrator role when the PRO...

CVE-2025-5483

The WordPress plugin affected is the LC Wizard (WordPress LC Wizard plugin). The root cause is a missing capability check in ghl-wizard/inc/wp_user.php, affecting versions 1.2.10 to 1.3.0. The vulnerability allows unauthenticated attackers to create new user accounts with Administrator privileges...

WordPress LC Wizard plugin 1.2.10 - 1.3.0 - Missing Authorization to Unauthenticated Privilege Escalation vulnerability

WordPress LC Wizard plugin 1.2.10 - 1.3.0 - Missing Authorization to Unauthenticated Privilege Escalation vulnerability discovered by kr0d in WordPress Plugin LC Wizard versions 1.2.10-1.3.0...

WordPress Conditional Cart Messages for WooCommerce – YourPlugins.com Plugin <= 1.2.10 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Conditional Cart Messages for WooCommerce YourPlugins.com versions = 1.2.10...

PT-2025-39332

Name of the Vulnerable Software and Affected Versions magix-combine-ex versions through 1.2.10 Description A Prototype Pollution issue exists in the util-deps.addFileDepend function. This allows attackers to inject properties onto Object.prototype by providing a crafted payload, potentially leadi...

CVE-2025-58048 Paymenter Vulnerable to Remote Code Execution via Public File Uploads

Paymenter is a free and open-source webshop solution for hostings. Prior to version 1.2.11, the ticket attachments functionality in Paymenter allows a malicious authenticated user to upload arbitrary files. This could result in sensitive data extraction from the database, credentials being read...

WordPress 17TRACK for WooCommerce Plugin <= 1.2.10 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin 17TRACK for WooCommerce versions = 1.2.10...

CVE-2024-43157

Missing Authorization vulnerability in nCrafts FormCraft allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FormCraft: from n/a through 1.2.10...

PT-2023-19114 · WordPress · Team Heateor Fancy Comments

Name of the Vulnerable Software and Affected Versions: Team Heateor Fancy Comments WordPress plugin versions 1.2.10 and earlier Description: The issue is related to an Authenticated Cross-Site Scripting XSS vulnerability. This means that an attacker with contributor or higher privileges can injec...