Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit - Broken Access Control

The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the installoractivateaddonplugins function and a weak nonce hash in all...

WHMpress <= 6.3-revision-0 - Unauthenticated Local File Inclusion to Arbitrary Options Update

The WHMpress - WHMCS WordPress Integration Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 6.3-revision-0 via the whmpressdomainsearchajaxextendedresults function. This makes it possible for unauthenticated attackers to include and execute...

Easy WP SMTP <= 1.3.9 - Missing Authorization to Arbitrary Options Update

The Easy WP SMTP plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.3.9. This is due to missing capability checks on the admininit function, in addition to insufficient input validation. This makes it possible for unauthenticated attackers to modify the...

Chartify – WordPress Chart Plugin < 2.9.6 - Local File Inclusion

The Chartify – WordPress Chart Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.5 via the 'source' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the executio...

JoomlaUX JUX Real Estate 3.4.0 - Reflected XSS

A vulnerability was found in JoomlaUX JUX Real Estate 3.4.0 on Joomla. It has been classified as problematic. Affected is an unknown function of the file /extensions/realestate/index.php/properties/list/list-with-sidebar/realties. The manipulation of the argument Itemid/jpyearbuilt leads to cross...

WordPress Burst Statistics 3.4.0-3.4.1.1 - Authentication Bypass

Burst Statistics – Privacy-Friendly WordPress Analytics plugin 3.4.0 to 3.4.1.1 contains an authentication bypass caused by incorrect return-value handling in ismainwpauthenticated function, letting unauthenticated attackers impersonate administrators, exploit requires knowledge of an administrat...

The Opal Estate Pro – Property Management <= 1.7.5 - Unauthenticated Privilege Escalation

The Opal Estate Pro plugin ≤ 1.7.5 is vulnerable to privilege escalation. Due to missing role restrictions in the onregisteruser function, users can register with any role. This allows unauthenticated attackers to create administrator accounts. id: CVE-2025-6934 info: name: The Opal Estate Pro –...

Flexible Checkout Fields for WooCommerce <= 2.3.1 - Unauthenticated Arbitrary Plugin Settings Update

The Flexible Checkout Fields for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Arbitrary Plugin Settings update, in addition to Stored Cross-Site Scripting in versions up to, and including, 2.3.1. This is due to missing authorization checks on the updateSettingsAction function...

Arcserve Unified Data Protection - Authentication Bypass

An authentication bypass vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in the edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.EdgeLoginServiceImpl.doLogin function within wizardLogin. id: CVE-2024-0799 info: name: Arcserve Unified Data Protection -...

WordPress AudioIgniter <= 2.0.2 - Unauthenticated IDOR

The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. The handleplaylistendpoint function accepted a user-controlled playlist ID and returned track data without authentication. id: CVE-2026-8679 info: name: WordPress...

Ads Pro Plugin <= 4.89 - Local File Inclusion

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.89 via the 'bsatemplate' parameter of the bsapreviewcallback function. This makes it possible for unauthenticated attackers to includ...

WordPress Broken Link Notifier < 1.3.1 - Unauthenticated SSRF

The Broken Link Notifier plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3.0 via the ajaxblinks function which ultimately calls the checkurlstatuscode function. This makes it possible for unauthenticated attackers to make web requests to...

WPBookit <= 1.0.4 - Unauthenticated Arbitrary File Upload

The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the imageuploadhandle function hooked via the 'addbookingtype' route in all versions up to, and including, 1.0.4. id: CVE-2025-6058 info: name: WPBookit "; ifisset$GET"cmd" echo "";...

WordPress WPvivid Backup & Migration Plugin <= 0.9.116 - Authenticated Arbitrary File Upload

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpvividuploadimportfiles' function in all versions up to, and including, 0.9.116. id: CVE-2025-5961 info: name: WordPress WPvivid...

Post SMTP <= 3.6.0 - Email Log Disclosure

Post SMTP WordPress plugin = 3.6.0 contains an unauthorized data access vulnerability caused by missing capability check in construct function, letting unauthenticated attackers read arbitrary logged emails, exploit requires no authentication. id: CVE-2025-11833 info: name: Post SMTP = 3.6.0 -...

ChanCMS <= 3.3.0 - SQL Injection

yanyutao0402 ChanCMS = 3.3.0 contains a SQL injection caused by manipulation of the "key" argument in app/modules/api/service/Api.js Search function, letting remote attackers execute arbitrary SQL commands, exploit requires crafted request. id: CVE-2025-10210 info: name: ChanCMS = 3.3.0 - SQL...

HT Mega – Absolute Addons for Elementor <= 2.2.0 - Missing Authorization to Privilege Escalation

The HT Mega plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.2.0. This is due to missing validation of the regrole parameter on the htmegaajaxregister function. This makes it possible for unauthenticated attackers to create administrator accounts. id...

React Server Components - Remote Code Execution

React Server Components 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack contain a remote code execution caused by unsafe deserialization of payloads from HTTP requests to Server Function endpoints, letting...

WordPress Keydatas ≤ 2.5.2 - Arbitrary File Upload

The Keydatas plugin for WordPress known in Chinese as "简数采集器" is vulnerable to unrestricted file uploads due to missing file-type validation in the keydatasdownloadImages function in all versions up to and including 2.5.2. An unauthenticated attacker can upload arbitrary files to the server —...

WordPress Simple Job Board - Unauthorized Data Access

The Simple Job Board plugin for WordPress is vulnerable to unauthorized data access due to insufficient authorization checking in the fetchquickjob function in all versions up to and including 2.10.8. This makes it possible for unauthenticated attackers to fetch arbitrary posts, which can be...