FoxCMS 授权问题漏洞

FoxCMS is a content management system provided by FoxCMS Company in China, available for free commercial use and open source. Versions of FoxCMS 1.2.6 and earlier have a licensing issue vulnerability, which stems from a weak password recovery vulnerability in the Edit function of the Admin.php fi...

EUVD-2026-15515

Deserialization of Untrusted Data vulnerability in AncoraThemes Beelove beelove allows Object Injection.This issue affects Beelove: from n/a through = 1.2.6...

EUVD-2025-208918

The Invelity Product Feeds plugin for WordPress is vulnerable to arbitrary file deletion via path traversal in all versions up to, and including, 1.2.6. This is due to missing validation and sanitization in the 'createManageFeedPage' function. This makes it possible for authenticated...

WordPress Ratatouille theme <= 1.2.6 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Ratatouille versions = 1.2.6...

CVE-2026-27611

FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to versions 1.1.3-stable and 1.2.6-beta, when users share password-protected files, the recipient can completely bypass the password and still download the file. This happens because the API returns a direct download link i...

PT-2026-21839

Name of the Vulnerable Software and Affected Versions FileBrowser Quantum versions prior to 1.1.3-stable FileBrowser Quantum versions prior to 1.2.6-beta Description FileBrowser Quantum is a self-hosted, web-based file manager. Prior to versions 1.1.3-stable and 1.2.6-beta, a flaw existed where...

CVE-2023-47232

Vulnerability in mojofywp WP Affiliate Disclosure wp-affiliate-disclosure.This issue affects WP Affiliate Disclosure: from n/a through 1.2.6...

WordPress plugin Automattic Developer 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

MoneyPrinterTurbo 路径遍历漏洞

MoneyPrinterTurbo is a software by Harry's personal developer that generates short HD videos using AI macromodels. A path traversal vulnerability exists in MoneyPrinterTurbo 1.2.6 and earlier versions, which stems from a misuse of the parameter filepath in the file app/controllers/v1/video.py,...

CVE-2025-58644

Deserialization of Untrusted Data vulnerability in enituretechnology LTL Freight Quotes - TQL Edition ltl-freight-quotes-tql-edition allows Object Injection.This issue affects LTL Freight Quotes - TQL Edition: from n/a through = 1.2.6...

CVE-2025-58836 WordPress FW Anker Plugin <= 1.2.6 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Franz Wieser FW Anker fw-anker allows Stored XSS.This issue affects FW Anker: from n/a through = 1.2.6...

WordPress LTL Freight Quotes - TQL Edition Plugin <= 1.2.6 - PHP Object Injection Vulnerability

WordPress LTL Freight Quotes - TQL Edition Plugin = 1.2.6 - PHP Object Injection Vulnerability discovered by mcdruid in WordPress Plugin LTL Freight Quotes - TQL Edition versions = 1.2.6...

WordPress Countdown Timer block plugin <= 1.2.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Logan Cote Patchstack Alliance in WordPress Plugin Countdown Timer versions = 1.2.6...

PT-2025-2645 · Unknown · Themeglow Jobboard

Name of the Vulnerable Software and Affected Versions: ThemeGlow JobBoard Job listing versions 1.2.6 and earlier Description: The issue allows for the unrestricted upload of files with dangerous types, enabling the upload of a web shell to a web server. This can be exploited by uploading a...

WordPress JobBoard Job listing plugin <= 1.2.6 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Muhamad Agil Fachrian Patchstack Alliance in WordPress Plugin JobBoard Job listing versions = 1.2.6...

CVE-2023-41875

Missing Authorization vulnerability in wpdirectorykit.com WP Directory Kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Directory Kit: from n/a through 1.2.6...

PT-2024-13005 · WordPress · Wp Directory Kit

Name of the Vulnerable Software and Affected Versions: WP Directory Kit versions 1.2.6 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For WP Directory Kit...

PT-2024-25481 · Lunary · Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary versions 1.2.2 through 1.2.6 Description: The issue allows unprivileged users to re-generate the private key for projects they do not have access to. Specifically, a user with a 'Member' role can issue a request to regenerate...

WordPress plugin myCred Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2023-32141 · WordPress · Imagemapper

Name of the Vulnerable Software and Affected Versions: ImageMapper plugin for WordPress versions up to, and including, 1.2.6 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the 'imagemap' shortcode, allowing authenticated...