CVE-2026-32346

Missing Authorization vulnerability in raratheme Travel Agency travel-agency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Agency: from n/a through = 1.5.5...

WordPress plugin Travel Agency 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

CVE-2026-24540

Missing Authorization vulnerability in princeahmed Integrate Google Drive integrate-google-drive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integrate Google Drive: from n/a through = 1.5.6...

CVE-2026-24540 WordPress Integrate Google Drive plugin <= 1.5.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in princeahmed Integrate Google Drive integrate-google-drive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integrate Google Drive: from n/a through = 1.5.6...

WordPress plugin “Integrate Google Drive” has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

EUVD-2025-21655

Malicious code in bioql PyPI...

WordPress plugin CM Email Registration Blacklist and Whitelist 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

PT-2025-5940 · Unknown · Smart Countdown Fx

Name of the Vulnerable Software and Affected Versions: Smart Countdown FX versions 1.5.5 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can injec...

PT-2024-35211 · Unknown · Do That Task

Name of the Vulnerable Software and Affected Versions: Do That Task versions 1.5.5 and earlier Description: The issue allows for the unrestricted upload of files with dangerous types, enabling the upload of a web shell to a web server. This can be exploited to gain unauthorized access to the...

PT-2024-38999 · Unknown · Yunke Online School System

Name of the Vulnerable Software and Affected Versions: Yunke Online School System versions up to 1.5.5 Description: A vulnerability was found in the Yunke Online School System, affecting the file /admin/educloud/videobind.html. This issue leads to the inclusion of sensitive information in the...

PT-2024-24913 · Unknown · Skybridge Basic Mb-A130 +1

Name of the Vulnerable Software and Affected Versions: SkyBridge MB-A100/MB-A110 versions 4.2.2 and earlier SkyBridge BASIC MB-A130 versions 1.5.5 and earlier Description: The issue is related to improper neutralization of special elements used in a command, also known as 'Command Injection'. Thi...

CVE-2024-5229

The Primary Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

PT-2024-12238 · WordPress · Sparkle Wp Educenter

Name of the Vulnerable Software and Affected Versions: Sparkle WP Educenter versions 1.5.5 and earlier Description: The issue is related to a Missing Authorization vulnerability in Sparkle WP Educenter. Recommendations: For Sparkle WP Educenter versions 1.5.5 and earlier, update to a version that...

PT-2024-19038 · Unknown · Scribit Shortcodes Finder

Name of the Vulnerable Software and Affected Versions: Scribit Shortcodes Finder versions 1.5.5 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. Recommendations: For versio...

PT-2024-12006 · Beaver Builder · Ultimate Addons For Beaver Builder – Lite

Name of the Vulnerable Software and Affected Versions: Ultimate Addons for Beaver Builder – Lite versions 1.5.5 and earlier Description: The issue is related to a Missing Authorization vulnerability. There is no information provided about the estimated number of potentially affected devices...

PT-2023-31388 · Unknown · Palscode Multi Currency For Woocommerce

Name of the Vulnerable Software and Affected Versions: Palscode Multi Currency For WooCommerce versions 1.5.5 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the software, allowing unauthorized actions to be performed on behalf of a user without their knowledge...

WordPress plugin ARForms Form Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin GN Publisher 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

DEBIAN-CVE-2021-29060

A Regular Expression Denial of Service ReDOS vulnerability was discovered in Color-String version 1.5.5 and below which occurs when the application is provided and checks a crafted invalid HWB string...