245 matches found
PT-2026-34292
Name of the Vulnerable Software and Affected Versions WP Responsive Popup + Optin versions prior to 1.5 Description The WP Responsive Popup + Optin plugin for WordPress is susceptible to Cross-Site Request Forgery. The settings form on the admin page 'wpo admin page.php' fails to implement nonce...
CVE-2026-6711 Website LLMs.txt <= 8.2.6 - Reflected Cross-Site Scripting
The Website LLMs.txt plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 8.2.6. This is due to the use of filterinput without a sanitization filter and insufficient output escaping. This makes it possible for...
CVE-2026-5181
A vulnerability has been found in SourceCodester Simple Doctors Appointment System up to 1.0. This issue affects some unknown processing of the file /doctorsappointment/admin/ajax.php?action=savecategory. Such manipulation of the argument img leads to unrestricted upload. The attack may be...
ALPINE-CVE-2026-24031
Dovecot SQL based authentication can be bypassed when authusernamechars is cleared by admin. This vulnerability allows bypassing authentication for any user and user enumeration. Do not clear authusernamechars. If this is not possible, install latest fixed version. No publicly available exploits...
UBUNTU-CVE-2026-24031
Dovecot SQL based authentication can be bypassed when authusernamechars is cleared by admin. This vulnerability allows bypassing authentication for any user and user enumeration. Do not clear authusernamechars. If this is not possible, install latest fixed version. No publicly available exploits...
CVE-2026-4473
A vulnerability was detected in itsourcecode Online Doctor Appointment System 1.0. This issue affects some unknown processing of the file /admin/appointmentaction.php. The manipulation of the argument appointmentid results in sql injection. The attack can be launched remotely. The exploit is now...
CVE-2026-3981
A vulnerability was found in itsourcecode Online Doctor Appointment System 1.0. Affected is an unknown function of the file /admin/doctoraction.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been made publ...
CVE-2026-3980
A vulnerability has been found in itsourcecode Online Doctor Appointment System 1.0. This impacts an unknown function of the file /admin/patientaction.php. Such manipulation of the argument patientid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to th...
CVE-2026-1935
The Company Posts for LinkedIn plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.0. This is due to a missing capability check on the linkedincompanypostresethandler function hooked to adminpostresetlinkedincompanypost. This makes it possible for...
CVE-2026-2917
The Happy Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.21.0 via the haduplicatething admin action handler. This is due to the canclone method only checking currentusercan'editposts' a general capability without...
CVE-2026-3572 iTracker360 <= 2.2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'itracker_license' Settings Field
The iTracker360 plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Stored Cross-Site Scripting in all versions up to and including 2.2.0. This is due to missing nonce verification on the settings form submission and insufficient input sanitization combined with missing...
CVE-2026-4473
A vulnerability was detected in itsourcecode Online Doctor Appointment System 1.0. This issue affects some unknown processing of the file /admin/appointmentaction.php. The manipulation of the argument appointmentid results in sql injection. The attack can be launched remotely. The exploit is now...
CVE-2026-4473
A vulnerability was detected in itsourcecode Online Doctor Appointment System 1.0. This issue affects some unknown processing of the file /admin/appointmentaction.php. The manipulation of the argument appointmentid results in sql injection. The attack can be launched remotely. The exploit is now...
PT-2026-26566
A vulnerability was detected in itsourcecode Online Doctor Appointment System 1.0. This issue affects some unknown processing of the file /admin/appointment action.php. The manipulation of the argument appointment id results in sql injection. The attack can be launched remotely. The exploit is no...
CVE-2026-2513
Progress Flowmon ADS vulnerable in versions prior to 12.5.5 and 13.0.3. An administrator who clicks a malicious link within an authenticated web session may trigger unintended actions, exposing high-severity risk (CVSS 8.6; Network vector, user interaction required). The advisory does not include...
CVE-2026-3981
A vulnerability was found in itsourcecode Online Doctor Appointment System 1.0. Affected is an unknown function of the file /admin/doctoraction.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been made publ...
CVE-2026-3980
A vulnerability has been found in itsourcecode Online Doctor Appointment System 1.0. This impacts an unknown function of the file /admin/patientaction.php. Such manipulation of the argument patientid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to th...
PT-2026-24920
šØ CVE-2026-3981 A vulnerability was found in itsourcecode Online Doctor Appointment System 1.0. Affected is an unknown function of the file /admin/doctor action.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit h...
CVE-2026-2917 Happy Addons for Elementor <= 3.21.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Post Duplication via 'post_id' Parameter
The Happy Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.21.0 via the haduplicatething admin action handler. This is due to the canclone method only checking currentusercan'editposts' a general capability without...
CVE-2026-2917
CVE-2026-2917 (Happy Addons for Elementor, WordPress) is an Insecure Direct Object Reference vulnerability affecting all versions up to 3.21.0. The root cause is the can_clone() check only enforcing a general capability (current_user_can('edit_posts')) and an action nonce bound to the generic ha_...