WordPress plugin Coinbase Commerce for Contact Form 7 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

CVE-2026-3773

The Accessibility Suite by Ability, Inc plugin for WordPress is vulnerable to SQL Injection via the 'scanid' parameter in all versions up to, and including, 4.20. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

WordPress plugin Accessibility Suite by Ability, Inc 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. The WordPre...

WordPress plugin AcyMailing 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

ABB Ability Symphony Plus Engineering

SUMMARY ABB became aware of vulnerability in the products versions listed as affected in the advisory. The ABB S+ Engineering product versions are affected by vulnerabilities in PostgreSQL version 13.11 and earlier versions. If an attacker gains access to a site’s S+ Client Server network, they...

WordPress plugin Hustle 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress plugin MDJM Event Management 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

WordPress plugin WP Recipe Maker 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

WordPress plugin PDF Invoices & Packing Slips for WooCommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

WordPress plugin Activity Log for WordPress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

CVE-2026-1774

CASL Ability, versions 2.4.0 through 6.7.4, contains a prototype pollution vulnerability...

@abip/scp-common (=1.0.1-alpha.0), @akemona-org/strapi-admin (>=3.7.0 <=3.18.2) +401 more potentially affected by CVE-2026-1774 via @casl/ability (>=2.4.2 <=6.7.3)

@casl/ability NPM version =2.4.2, =3.7.0, =0.2.0, =0.3.1, =4.25.19-patch.1, =0.0.1, =0.0.1, =0.1.0, =1.7.0, =0.7.1, =0.13.85 and more Source cves: CVE-2026-1774 Source advisory: OSV:GHSA-X9VF-53Q3-CVX6...

Prototype Pollution

Overview @casl/ability is a CASL is an isomorphic authorization JavaScript library which restricts what resources a given user is allowed to access Affected versions of this package are vulnerable to Prototype Pollution via the rulesToFields which handles object properties. An attacker can inject...

@abip/scp-common (=1.0.1-alpha.0), @akemona-org/strapi-admin (>=3.7.0 <=3.18.2) +401 more potentially affected by CVE-2026-1774 via @casl/ability (>=2.4.2 <=6.7.3)

@casl/ability NPM version =2.4.2, =3.7.0, =0.2.0, =0.3.1, =4.25.19-patch.1, =0.0.1, =0.0.1, =0.1.0, =1.7.0, =0.7.1, =0.13.85 and more Source cves: CVE-2026-1774 Source advisory: SNYK:JS-CASLABILITY-15268419...

CVE-2026-1774

CASL Ability, versions 2.4.0 through 6.7.4, contains a prototype pollution vulnerability...

CVE-2026-1774 CASL Ability, versions 2.4.0 through 6.7.4, contains a prototype pollution vulnerability.

CASL Ability, versions 2.4.0 through 6.7.4, contains a prototype pollution vulnerability...

CVE-2026-1774 CASL Ability, versions 2.4.0 through 6.7.4, contains a prototype pollution vulnerability.

CASL Ability, versions 2.4.0 through 6.7.4, contains a prototype pollution vulnerability...

CVE-2026-1774

Technical details about CVE-2026-1774 are not provided in the supplied documents; no affected versions, impact, or remediation details are listed. Monitor for updates.

CASL Ability contains a prototype pollution vulnerability

Overview A prototype pollution vulnerability present in CASL Ability versions 2.4.0 through 6.7.4 is triggered through the rulesToFields function in the extra module. The program’s library contains a method called setByPath that does not properly sanitize property names, allowing attackers to add...

PT-2026-7279

Name of the Vulnerable Software and Affected Versions CASL Ability versions 2.4.0 through 6.7.4 Description CASL Ability contains a prototype pollution vulnerability. This issue affects versions 2.4.0 through 6.7.4. Prototype pollution occurs when an attacker manipulates the properties of...