PT-2026-26965

The 'The Ultimate WordPress Toolkit – WP Extended' plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.2.4. This is due to the isDashboardOrProfileRequest method in the Menu Editor module using an insecure strpos check against $ SERVER'REQUEST URI' t...

WordPress Ultimate Gift Cards For WooCommerce plugin <= 3.2.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by PPzzAArr in WordPress Plugin Ultimate Gift Cards For WooCommerce versions = 3.2.4...

WordPress WP Coupons and Deals plugin <= 3.2.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin WP Coupons and Deals versions = 3.2.4...

EUVD-2025-3903

Malicious code in bioql PyPI...

WordPress plugin Redirection for Contact Form 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress Redirection for Contact Form 7 plugin <= 3.2.4 - Unauthenticated PHP Object Injection via PHAR Deserialization vulnerability

Unauthenticated PHP Object Injection via PHAR Deserialization vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Redirection for Contact Form 7 versions = 3.2.4...

CVE-2023-27601

OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.7 and 3.2.4, OpenSIPS crashes when a malformed SDP body is received and is processed by the deletesdpline function in the sipmsgops module. This issue can be reproduced by calling the function with an SDP...

WordPress plugin Houzez 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2024-13642 · Crocoblock · Crocoblock Jetengine

Name of the Vulnerable Software and Affected Versions: Crocoblock JetEngine versions 3.2.4 and earlier Description: The issue is related to Improper Privilege Management, which allows Privilege Escalation in Crocoblock JetEngine. Recommendations: For versions 3.2.4 and earlier, update to a versio...

PT-2024-1831 · Vitalpbx · Vitalpbx

Name of the Vulnerable Software and Affected Versions: VitalPBX versions 3.2.4 through 3.2.5 Description: The issue is related to insufficient protection of service data when processing a script from the /var/lib/vitalpbx directory, allowing an attacker to execute arbitrary code via a crafted...

CVE-2023-28095 OpenSIPS has vulnerability in the building the local negative replies

OpenSIPS is a Session Initiation Protocol SIP server implementation. Versions prior to 3.1.7 and 3.2.4 have a potential issue in msgtranslator.c:2628 which might lead to a server crash. This issue was found while fuzzing the function buildresbuffromsipreq but could not be reproduced against a...

PT-2023-15917 · Nuxsmin · Syspass

Name of the Vulnerable Software and Affected Versions: nuxsmin sysPass versions up to 3.2.4 Description: A problematic vulnerability was found in the URL Handler component, leading to cross-site scripting. The attack can be launched remotely. Recommendations: For versions up to 3.2.4, upgrade to...

SUSE CVE-2010-4262

Stack-based buffer overflow in Xfig 3.2.4 and 3.2.5 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a FIG image with a crafted color definition...

PT-2022-6109 · Jenkins · Jenkins Tuleap Git Branch Source Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Tuleap Git Branch Source Plugin versions 3.2.4 and earlier Description: The issue is related to a missing permission check in the Jenkins Tuleap Git Branch Source Plugin, allowing unauthenticated attackers to trigger Tuleap projects...

@pl-test/c (>=1.1.0 <=1.1.1), @pl-test/e (=1.1.0) +6 more potentially affected by CVE-2020-28494 via total.js (>=3.2.4 <=3.4.13)

total.js NPM version =3.2.4, =1.1.0, =0.3.0, =4.0.0, =1.0.0, =0.0.1, =0.0.4 Source cves: CVE-2020-28494 Source advisory: SNYK:JS-TOTALJS-1046672...