WordPress plugin Integration with Hubspot Forms 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

WordPress Bit SMTP plugin <= 1.2.2 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by johska in WordPress Plugin Bit SMTP versions = 1.2.2...

WordPress Product Rearrange for WooCommerce plugin <= 1.2.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by hivesec in WordPress Plugin Product Rearrange for WooCommerce versions = 1.2.2...

CVE-2026-32381

Missing Authorization vulnerability in raratheme App Landing Page app-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects App Landing Page: from n/a through = 1.2.2...

CVE-2026-32377

Missing Authorization vulnerability in raratheme Pranayama Yoga pranayama-yoga allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pranayama Yoga: from n/a through = 1.2.2...

CVE-2026-32377

CVE-2026-32377 affects the WordPress Pranayama Yoga theme (pranayama-yoga) up to version 1.2.2. Root cause: missing Authorization / broken access control enabling exploitation of incorrectly configured access control security levels. Impact: potential unauthorized access or actions due to access-...

PT-2026-25226

Missing Authorization vulnerability in raratheme Rara Academic rara-academic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rara Academic: from n/a through = 1.2.2...

WordPress plugin App Landing Page 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. WordPress...

CVE-2026-28356 ReDoS in multipart 1.3.0 - `parse_options_header()`

multipart is a fast multipart/form-data parser for python. Prior to 1.2.2, 1.3.1 and 1.4.0-dev, the parseoptionsheader function in multipart.py uses a regular expression with an ambiguous alternation, which can cause exponential backtracking ReDoS when parsing maliciously crafted HTTP or multipar...

CVE-2026-28356

multipart is a fast multipart/form-data parser for python. Prior to 1.2.2, 1.3.1 and 1.4.0-dev, the parseoptionsheader function in multipart.py uses a regular expression with an ambiguous alternation, which can cause exponential backtracking ReDoS when parsing maliciously crafted HTTP or multipar...

python-multipart 安全漏洞

python-multipart is a Python-based streaming multipart parser developed by Marcelo Trylesinski. Versions prior to 1.2.2, 1.3.1, and 1.4.0-dev contained security vulnerabilities. These vulnerabilities stemmed from the use of ambiguous regular expressions in the parseoptionsheader function, which...

WordPress plugin Au Pair Agency 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

WordPress plugin Gustavo 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

AZL-76295 CVE-2026-25068 affecting package alsa-lib for versions less than 1.2.6.1-3

alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap-based buffer overflow in the topology mixer control decoder. The tplgdecodecontrolmixer1 function reads the numchannels field from untrusted .tplg data and uses it as a loop bound without validating it...

CVE-2026-25068

alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap-based buffer overflow in the topology mixer control decoder. The tplgdecodecontrolmixer1 function reads the numchannels field from untrusted .tplg data and uses it as a loop bound without validating it...

WordPress Star Review Manager plugin <= 1.2.2 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Star Review Manager versions = 1.2.2...

WordPress Smart Auto Upload Images plugin <= 1.2.2 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by lilmingwa13 in WordPress Plugin Smart Auto Upload Images versions = 1.2.2...

PT-2025-47282

Name of the Vulnerable Software and Affected Versions wModes – Catalog Mode, Product Pricing, Enquiry Forms & Promotions plugin for WordPress versions up to and including 1.2.2 Description The plugin does not properly verify user authorization when accessing sensitive information through an AJAX...

EUVD-2025-35409

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in ypromo PT Luxa Addons pt-luxa-addons allows Path Traversal.This issue affects PT Luxa Addons: from n/a through = 1.2.2...

CVE-2025-60217 WordPress PT Luxa Addons Plugin <= 1.2.2 - Arbitrary File Deletion Vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in ypromo PT Luxa Addons pt-luxa-addons allows Path Traversal.This issue affects PT Luxa Addons: from n/a through = 1.2.2...