PT-2026-34317

The Emailchef plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the page options ajax disconnect function in all versions up to, and including, 3.5.1. This makes it possible for authenticated attackers, with Subscriber-level access and...

EUVD-2026-9628

Insertion of Sensitive Information Into Sent Data vulnerability in Premio Chaty chaty allows Retrieve Embedded Sensitive Data.This issue affects Chaty: from n/a through = 3.5.1...

WordPress plugin Kama Thumbnail has a cross-site request forgeing vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

CVE-2026-21409

Improper authorization vulnerability exists in RICOH Streamline NX 3.5.1 to 24R3. If a man-in-the-middle attack is conducted on the communication between the affected product and its user, and some crafted request is processed by the product, the user's registration information and/or OIDC OpenID...

PT-2026-2058

Name of the Vulnerable Software and Affected Versions RICOH Streamline NX versions 3.5.1 through 24R3 Description An improper authorization issue exists in the software. If a man-in-the-middle attack is performed on communication between the product and a user, and a specially crafted request is...

CVE-2025-62102

Cross-Site Request Forgery CSRF vulnerability in apasionados DoFollow Case by Case dofollow-case-by-case allows Cross Site Request Forgery.This issue affects DoFollow Case by Case: from n/a through = 3.5.1...

PT-2025-46800

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aman Popup addon for Ninja Forms popup-addon-for-ninja-forms allows Stored XSS.This issue affects Popup addon for Ninja Forms: from n/a through = 3.5.1...

WordPress Fast Velocity Minify plugin <= 3.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Cody Sixteen in WordPress Plugin Fast Velocity Minify versions = 3.5.1...

CVE-2025-58783

Missing Authorization vulnerability in gutentor Gutentor gutentor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutentor: from n/a through = 3.5.5...

CVE-2025-54731

Improper Control of Generation of Code 'Code Injection' vulnerability in emarket-design YouTube Showcase youtube-showcase allows Object Injection.This issue affects YouTube Showcase: from n/a through = 3.5.1...

WordPress YouTube Showcase Plugin <= 3.5.1 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by astra.r3verii in WordPress Plugin YouTube Showcase versions = 3.5.1...

WordPress plugin Additional Custom Emails & Recipients for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

PT-2025-14546 · Vipshop · Saturn

Name of the Vulnerable Software and Affected Versions: vipshop Saturn versions 3.5.1 and earlier Description: The issue allows a remote attacker to execute arbitrary code. This can be achieved via the "/console/dashboard/executorCount" API endpoint, specifically by manipulating the zkClusterKey...

WordPress AliNext plugin <= 3.5.1 - Open Redirection vulnerability

Open Redirection vulnerability discovered by Le Ngoc Anh in WordPress Plugin AliNext versions = 3.5.1...

Chatwoot 跨站脚本漏洞

Chatwoot is a Chatwoot open source application. Customer Engagement Suite, an open source alternative to Intercom, Zendesk, Salesforce Service Cloud, and more. A cross-site scripting vulnerability exists in Chatwoot versions 3.0.0 through 3.5.1. An attacker can exploit this vulnerability to injec...

WordPress plugin InWave Jobs 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-4455 · Unknown · Hide Login+

Name of the Vulnerable Software and Affected Versions: Hide Login+ versions 3.5.1 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. Recommendations: For Hide Login+ versions 3.5...

PT-2024-30449 · WordPress · Wp Travel Gutenberg Blocks

Name of the Vulnerable Software and Affected Versions: WP Travel Gutenberg Blocks versions through 3.5.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations: F...

CVE-2024-43128

Improper Control of Generation of Code 'Code Injection' vulnerability in WC Product Table WooCommerce Product Table Lite allows Code Injection.This issue affects WooCommerce Product Table Lite: from n/a through 3.5.1...

PT-2024-23409 · Unknown · Simple Sponsorships Sponsors

Name of the Vulnerable Software and Affected Versions: Simple Sponsorships Sponsors versions 3.5.1 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker...