CVE-2026-25444

Missing Authorization vulnerability in Magepeople inc. WpBookingly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpBookingly: from n/a through 1.2.9...

EUVD-2026-31097

Missing Authorization vulnerability in Magepeople inc. WpBookingly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpBookingly: from n/a through 1.2.9...

WordPress WpBookingly plugin <= 1.2.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jitlada in WordPress Plugin WpBookingly versions = 1.2.9...

PT-2026-25223

CVE-2026-32376 Missing Authorization vulnerability in raratheme Kalon kalon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kalon: from n/… https://t.co/C7Eff3273H...

WordPress Image Hotspot by DevVN plugin <= 1.2.9 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Field Meta vulnerability

Authenticated Author+ Stored Cross-Site Scripting via Custom Field Meta vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Image Hotspot by DevVN versions = 1.2.9...

CVE-2026-25895 FUXA Unauthenticated Remote Code Execution via Arbitrary File Write in Upload API

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. A path traversal vulnerability in FUXA allows an unauthenticated, remote attacker to write arbitrary files to arbitrary locations on the server filesystem. This affects FUXA through version 1.2.9. This issue has been patched ...

CVE-2026-25938 FUXA Unauthenticated Remote Code Execution in Node-RED Integration

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. From 1.2.8 through 1.2.10, an authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to execute arbitrary code on the server when the Node-RED plugin is enabled. This has been patched in FUXA...

FUXA 访问控制错误漏洞

FUXA is a web-based process visualization software developed by frangoteam. Versions of FUXA 1.2.9 and earlier contained a security vulnerability related to access control. This vulnerability was caused by path traversal attacks, which could allow unverified remote attackers to write arbitrary...

EUVD-2026-5620

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. An authorization bypass vulnerability in FUXA allows an unauthenticated, remote attacker to modify device tags via WebSockets. Exploitation allows an unauthenticated, remote attacker to bypass role-based access controls and...

FUXA 安全漏洞

FUXA is a web-based process visualization software developed by frangoteam. Versions of FUXA 1.2.9 and earlier contain security vulnerabilities. These vulnerabilities stem from authorization bypasses, which could allow unverified remote attackers to modify device labels...

GHSA-VWCG-C828-9822 FUXA Unauthenticated Remote Code Execution via Admin JWT Minting

Note GitHub incorrectly stated this vulnerability is identical to CVE-2025-69970, which describes the fact that authentication is disabled by default. This advisory describes an exploit chain that enables authentication bypass via the heartbeat refresh endpoint when authentication is enabled. Thi...

WordPress Responsive Block Control plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Plugin Responsive Block Control versions = 1.3.0...

WordPress plugin Kirim.Email WooCommerce Integration 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

CVE-2025-30785

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in WP Shuffle Subscribe to Download Lite subscribe-to-download-lite allows PHP Local File Inclusion.This issue affects Subscribe to Download Lite: from n/a through = 1.2.9...

WordPress WP Responsive Tabs plugin <= 1.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin WP Responsive Tabs versions = 1.2.9...

WordPress AI for SEO plugin <= 1.2.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin AI for SEO versions = 1.2.9...

CVE-2024-37505

Missing Authorization vulnerability in Rara Themes Business One Page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business One Page: from n/a through 1.2.9...

WordPress 10Web Social Post Feed plugin <= 1.2.9 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin 10Web Social Post Feed versions = 1.2.9...

WordPress Cron Jobs plugin <= 1.2.9 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Cron Jobs versions = 1.2.9...

WordPress Qi Blocks plugin <= 1.2.9 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by wesley wcraft in WordPress Plugin Qi Blocks versions = 1.2.9...