CVE-2026-4029 Database Backup for WordPress <= 2.5.2 - Missing Authorization to Unauthenticated Database Export

The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized database export in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorization check. This makes it possible for unauthenticated attackers to...

CVE-2026-4987

The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up to, and including, 2.5.2. This is due to the createpaymentintent function performing a payment validation solely based on the value of a...

EUVD-2025-208757

SQL Injection vulnerability in Chyrp v.2.5.2 and before allows a remote attacker to obtain sensitive information via the Admin.php component...

n8n Node.js Package < 1.123.17 / 2.x < 2.5.2 Expression Escape Leading to RCE (CVE-2026-25049)

The version of the n8n Node.js Package installed on the remote host is prior to 1.123.17, or 2.x prior to 2.5.2. It is, therefore, affected by a remote code execution vulnerability: - An authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow...

EUVD-2026-5421

n8n is an open source workflow automation platform. Prior to versions 1.123.17 and 2.5.2, an authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on the host running n8n. This issue h...

CVE-2026-25049 n8n Has an Expression Escape Vulnerability Leading to RCE

n8n is an open source workflow automation platform. Prior to versions 1.123.17 and 2.5.2, an authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on the host running n8n. This issue h...

WordPress plugin Modular DS modular-connector has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Mogu blog 路径遍历漏洞

Mogu blog is a micro-architecture based front-end and back-end shared blog system by individual developers in Streamlet, China. A path traversal vulnerability exists in Mogu blog v2 5.2 and earlier versions, which stems from the improper handling of the fileUrl parameter in the FileOperation.unzi...

WordPress Ultimate Blogroll plugin <= 2.5.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin Ultimate Blogroll versions = 2.5.2...

PT-2025-4735 · WordPress · Wp Joomag

Name of the Vulnerable Software and Affected Versions: WP Joomag versions n/a through 2.5.2 Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting'. Specifically, WP Joomag allows DOM-Based XSS, which can be exploited...

PT-2024-13482

Name of the Vulnerable Software and Affected Versions WPDeveloper BetterDocs versions through 2.5.2 Description The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations For versions through 2.5.2,...

WordPress BLAZE Retail Widget plugin <= 2.5.2 - Malicious Polyfill.io Embed vulnerability

Malicious Polyfill.io Embed vulnerability discovered by Sansec.io in WordPress Plugin BLAZE Retail Widget versions = 2.5.2...

WordPress HT Mega plugin <= 2.5.2 - Missing Authorization to Options Update vulnerability

Missing Authorization to Options Update vulnerability discovered by 1337Wannabe in WordPress Plugin HT Mega versions = 2.5.2...

PT-2024-23418 · WordPress · Webtoffee Import Export Wordpress Users

Name of the Vulnerable Software and Affected Versions: WebToffee Import Export WordPress Users versions through 2.5.2 Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as a 'Path Traversal' vulnerability. This vulnerability affects the...

PT-2023-29672 · Spider Teams · Spider Teams Applyonline

Name of the Vulnerable Software and Affected Versions: Spider Teams ApplyOnline – Application Form Builder and Manager plugin versions = 2.5.2 Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This type of vulnerability allows an attacker to inject...

PT-2023-8462 · Ibm +4 · Ibm Spectrum Fusion Hci +4

Name of the Vulnerable Software and Affected Versions: IBM Spectrum Fusion HCI versions 2.5.2 through 2.7.2 Description: The issue is related to improper bucket access in the RGW service of the Ceph data storage system. It allows an attacker to perform unauthorized actions by exploiting the lack ...

125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4815 more potentially affected by CVE-2022-23566 via tensorflow (>=1.0.1 <=2.5.2)

tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.6.0, =0.1.6, =1.0.0, =2.0.0, =1.0.0, =0.0.1, =0.0.7 and more Source cves: CVE-2022-23566 Source advisory: OSV:GHSA-5QW5-89MW-WCG2...

125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4815 more potentially affected by CVE-2022-23573 via tensorflow (>=1.0.1 <=2.5.2)

tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.6.0, =0.1.6, =1.0.0, =2.0.0, =1.0.0, =0.0.1, =0.0.7 and more Source cves: CVE-2022-23573 Source advisory: OSV:GHSA-Q85F-69Q7-55H2...

PYSEC-2021-822

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for DeserializeSparse can trigger a null pointer dereference. This is because the shape inference function assumes that the serializesparse tensor is a tensor with positive rank and having 3 ...

CVE-2021-21616

Jenkins Active Choices Plugin 2.5.2 and earlier does not escape reference parameter values, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...