WordPress plugin Themebox - Digital Products Ecommerce 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2025-62104

Missing Authorization vulnerability in Navneil Naicker ACF Galerie 4 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ACF Galerie 4: from n/a through 1.4.2...

CVE-2025-62104

Technical details about CVE-2025-62104 are not publicly available in the provided documents; monitor for updates.

WordPress Royal MCP plugin <= 1.4.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Alexis Lafontaine in WordPress Plugin Royal MCP versions = 1.4.2...

CVE-2026-39699

Missing Authorization vulnerability in massiveshift AI Workflow Automation ai-workflow-automation-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Workflow Automation: from n/a through = 1.4.2...

CLEANSTART-2026-GK29346 Security fixes for CVE-2025-15558, CVE-2025-47907, CVE-2025-66564, CVE-2026-1229, CVE-2026-22039, CVE-2026-22703, CVE-2026-22772, CVE-2026-23831, CVE-2026-23881, CVE-2026-24051, CVE-2026-24117, CVE-2026-24137, CVE-2026-25679, CVE-2026-26958, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, ghsa-2464-8j7c-4cjm, ghsa-29wx-vh33-7x7r, ghsa-2x5j-vhc8-9cwm, ghsa-459x-q9hg-4gpq, ghsa-4qg8-fj49-pxjh, ghsa-4vq8-7jfc-9cvp, ghsa-6m8w-jc87-6cr7, ghsa-88jx-383q-w4qc, ghsa-95pr-fxf5-86gv, ghsa-c5q2-7r4c-mv6g, ghsa-c6gw-w398-hv78, ghsa-c77r-fh37-x2px, ghsa-f83f-xpx7-ffpw, ghsa-fv92-fjc5-jj9h, ghsa-jrr2-x33p-6hvc, ghsa-mh63-6h87-95cp, ghsa-mqqf-5wvp-8fh8, ghsa-p77j-4mvh-x3m3, ghsa-qjvc-p88j-j9rm, ghsa-r5p3-955p-5ggq, ghsa-v23v-6jw2-98fq, ghsa-v6v8-xj6m-xwqh, ghsa-xw73-rw38-6vjc applied in versions: 1.4.2-r2, 1.4.2-r4, 1.4.2-r6, 1.4.2-r7

Multiple security vulnerabilities affect the kyverno-policy-reporter-kyverno-plugin-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

WordPress plugin Isida 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

CVE-2026-25416 WordPress News Kit Elementor Addons plugin <= 1.4.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in blazethemes News Kit Elementor Addons news-kit-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects News Kit Elementor Addons: from n/a through = 1.4.2...

Cube Core is vulnerable to Denial of Service (DoS) via crafted request

Impact It is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. Affected Versions: = 1.1.17 Mitigation: Upgrade to a patched version: - 1.5.13 and later regular release - 1.4.2 active LTS release References The issue was reported by...

CVE-2026-25957

CVE-2026-25957 affects Cube versions from 1.1.17 up to (but not including) 1.5.13 and 1.4.2, where a specially crafted request can make the entire Cube API unavailable. The issue is fixed in 1.5.13 and 1.4.2. Impact is availability disruption; no confidentiality or integrity impact is indicated. ...

PT-2026-3321

Name of the Vulnerable Software and Affected Versions MCPJam inspector versions prior to 1.4.3 Description MCPJam inspector, a local-first development platform for MCP servers, contains a flaw that allows remote code execution RCE. The software by default listens on 0.0.0.0 instead of 127.0.0.1,...

CVE-2025-66558

The issue affects Nextcloud Twofactor WebAuthn (WebAuthn Two-Factor Provider). Before versions 1.4.2 and 2.4.1, a missing ownership check allowed an attacker to remove a victim’s WebAuthn 2FA device by correctly guessing an 80–128 character random string. After a successful guess, the victim was ...

PT-2025-45351

Name of the Vulnerable Software and Affected Versions linshenkx prompt-optimizer versions 1.3.0 through 1.4.2 Description A Server-Side Request Forgery SSRF exists in the /api/proxy/ component. This allows attackers to scan internal resources by sending a specially crafted request. The api/proxy...

EUVD-2025-30503

Malicious code in bioql PyPI...

PT-2025-39048

Name of the Vulnerable Software and Affected Versions WP Travel Engine versions through 1.4.2 Description The software contains a flaw related to improper input handling during web page generation, which allows for Cross-site Scripting XSS. This specific instance is a Stored XSS issue, meaning...

PT-2025-34469 · Unknown · Anji-Plus Aj-Report

Name of the Vulnerable Software and Affected Versions: anji-plus AJ-Report versions up to 1.4.2 Description: An authentication bypass allows unauthenticated attackers to execute arbitrary code via a crafted URL. Recommendations: Update anji-plus AJ-Report to a version later than 1.4.2...

CVE-2025-48267

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in ThimPress WP Pipes allows Path Traversal. This issue affects WP Pipes: from n/a through 1.4.2...

CVE-2025-39518

CVE-2025-39518 describes an SQL Injection in the WordPress plugin BMA Lite – Appointment Booking and Scheduling . The vulnerability affects versions

PT-2025-14207 · Unknown · Easyappointments

Name of the Vulnerable Software and Affected Versions: Easy!Appointments versions 1.4.2 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows an attacker to perform unauthorized actions on a user's account. Recommendations: For versions 1.4.2 and...

PT-2025-3849 · Nec · Aterm Wx3600Hp +1

Name of the Vulnerable Software and Affected Versions: NEC Corporation Aterm WX1500HP versions 1.4.2 and earlier NEC Corporation Aterm WX3600HP versions 1.5.3 and earlier Description: The issue allows an attacker to execute arbitrary OS commands via the network. This can be done through the...