11ty-starter-json (=1.0.0), @0xshariq/package-installer (>=2.1.0 <=3.1.1) +1352 more potentially affected by CVE-2026-11572 via degit (>=2.1.3 <=2.8.5)

degit NPM version =2.1.3, =2.1.0, =0.0.1, =1.0.8, =1.0.0, =1.0.4, =1.0.7, =1.0.0, =1.0.0, =1.0.0, =2.0.0, =1.0.0, =1.0.5, =0.1.0-alpha.0, =0.2.0-alpha.0 and more Source cves: CVE-2026-11572 Source advisory: SNYK:JS-DEGIT-17116207...

WordPress Master Addons for Elementor plugin <= 2.1.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by blank in WordPress Plugin Master Addons for Elementor versions = 2.1.3...

CVE-2026-24563

Missing Authorization vulnerability in Ashan Perera LifePress lifepress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LifePress: from n/a through = 2.2.1...

WordPress Biagiotti Core plugin <= 2.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by István Márton in WordPress Plugin Biagiotti Core versions = 2.1.3...

Security Bulletin: Logrus is vulnerable to a denial of service, caused by a flaw in the bufio.Scanner log writer., which affects IBM watsonx.data

Summary Logrus is vulnerable to a denial of service, caused by a flaw in the bufio.Scanner log writer. By logging more than 64kb of data in a single entry without newlines, a local attacker could exploit this vulnerability to cause a denial of service. These can affect watsonx.data. Vulnerability...

PT-2025-35059

Name of the Vulnerable Software and Affected Versions: LifePress versions through 2.1.3 Description: A missing authorization issue exists in LifePress due to incorrectly configured access control security levels. This allows for potential exploitation. Recommendations: Update LifePress to a versi...

PT-2025-33500 · Drupal · Drupal Authenticator Login

Name of the Vulnerable Software and Affected Versions: Drupal Authenticator Login versions 0.0.0 through 2.1.3 Description: An Authentication Bypass Using an Alternate Path or Channel issue exists in Drupal Authenticator Login, allowing for Authentication Bypass. Recommendations: Update to versio...

WordPress Time Sheets plugin <= 2.1.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin Time Sheets versions = 2.1.3...

CVE-2024-29913

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeum Tutor LMS Elementor Addons allows Stored XSS.This issue affects Tutor LMS Elementor Addons: from n/a through 2.1.3...

CVE-2024-35695

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Fahad Mahmood WP Docs allows Stored XSS.This issue affects WP Docs: from n/a through 2.1.3...

CVE-2023-51362

Missing Authorization vulnerability in Premio My Sticky Elements mystickyelements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Sticky Elements: from n/a through = 2.1.3...

WordPress Chat by Chatwee plugin <= 2.1.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mika in WordPress Plugin Chat by Chatwee versions = 2.1.3...

PT-2025-1505 · Unknown · Freesoul Deactivate Plugins

Name of the Vulnerable Software and Affected Versions: Freesoul Deactivate Plugins – Plugin manager and cleanup versions 2.1.3 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Thi...

WordPress plugin Social Media Feather 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-13825 · Unknown · Social Media Feather

Name of the Vulnerable Software and Affected Versions: Social Media Feather versions 2.1.3 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For Social Media Feath...

PT-2024-33467 · Unknown · Vasilis Kerasiotis Affiliator

Name of the Vulnerable Software and Affected Versions: Vasilis Kerasiotis Affiliator versions 2.1.3 and earlier Description: The issue allows an attacker to upload a web shell to a web server due to an unrestricted file upload vulnerability. This enables the attacker to execute malicious code on...

WordPress Affiliator plugin <= 2.1.3 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Affiliator versions = 2.1.3...

CVE-2024-4374

The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

WordPress Plugin Ultimate Member Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...

Apache Superset SQL injection vulnerability

A wherein JINJA macro allows users to specify a quote, which combined with a carefully crafted statement would allow for SQL injection in Apache Superset.This issue affects Apache Superset: before 2.1.3, from 3.0.0 before 3.0.2. Users are recommended to upgrade to version 2.1.3 or 3.0.2, which...