CVE-2026-2924

CVE-2026-2924 affects the Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress. The vulnerability is a Stored Cross-Site Scripting flaw via the imageLoad parameter in versions up to and including 3.4.6, caused by insufficient input sanitization and output escaping. A...

PT-2026-29622

Name of the Vulnerable Software and Affected Versions OpenEXR versions 3.4.0 through 3.4.6 Description OpenEXR, a specification and reference implementation of the EXR file format used in the motion picture industry, contains a flaw. A crafted .exr file utilizing HTJ2K compression and a channel...

CVE-2026-23511 ZITADEL has a user enumeration vulnerability in Login UIs

ZITADEL is an open source identity management platform. Prior to 4.9.1 and 3.4.6, a user enumeration vulnerability has been discovered in Zitadel's login interfaces. An unauthenticated attacker can exploit this flaw to confirm the existence of valid user accounts by iterating through usernames an...

CVE-2025-58794

Cross-Site Request Forgery CSRF vulnerability in rainafarai Notification for Telegram notification-for-telegram allows Cross Site Request Forgery.This issue affects Notification for Telegram: from n/a through = 3.5.1...

PT-2025-36134

Name of the Vulnerable Software and Affected Versions: rainafarai Notification for Telegram versions n/a through 3.4.6 Description: A Cross-Site Request Forgery CSRF vulnerability exists in rainafarai Notification for Telegram, allowing attackers to perform actions on behalf of an unsuspecting...

PT-2024-39602 · WordPress · Terms Descriptions Plugin

Name of the Vulnerable Software and Affected Versions: Terms descriptions plugin for WordPress versions up to, and including, 3.4.6 Description: The issue arises from the use of add query arg without proper escaping on the URL, leading to Reflected Cross-Site Scripting. This allows unauthenticate...

PT-2024-32550 · Unknown · Vladimir Statsenko Terms Descriptions

Name of the Vulnerable Software and Affected Versions: Vladimir Statsenko Terms descriptions versions n/a through 3.4.6 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS, where an...

PT-2024-37895 · Funnelkit · The Funnel Builder For Wordpress

Name of the Vulnerable Software and Affected Versions: The Funnel Builder for WordPress by FunnelKit versions up to, and including, 3.4.6 Description: The issue allows authenticated attackers with Contributor-level access and above to update multiple settings due to a missing capability check on...

WordPress Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce plugin <= 3.4.6 - Improper Authorization vulnerability

Improper Authorization vulnerability discovered by Lucio Sá in WordPress Plugin Print Barcode Labels for your WooCommerce products/orders versions = 3.4.6...

WordPress Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce plugin <= 3.4.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Templates vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via Templates vulnerability discovered by Lucio Sá in WordPress Plugin Print Barcode Labels for your WooCommerce products/orders versions = 3.4.6...

WordPress plugin WPForms Google Sheet Connector 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...