WordPress plugin Yoast Duplicate 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability, which stems from an authorization bypass in the Admin API. This vulnerability may lead to information leakage...

PT-2026-7609

WordPress Server Log Viewer 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through unfiltered log file paths. Attackers can add log files with embedded XSS payloads that will execute when viewed in the WordPress admin interface...

Exploit for CVE-2025-70886

CVE-2025-70886 A Proof of Concept PoC exploit f...

PT-2026-6812

Name of the Vulnerable Software and Affected Versions Wing FTP Server versions prior to 6.2.7 Description Wing FTP Server versions prior to 6.2.7 have a cross-site request forgery CSRF issue in the web administration interface. This allows attackers to delete administrative users by crafting a...

PT-2026-6593

Name of the Vulnerable Software and Affected Versions Axigen Mail Server versions prior to 10.5.57 Description Axigen Mail Server contains multiple stored Cross-Site Scripting XSS issues within the WebAdmin interface. These issues exist in three areas: the log file name parameter on the Local...

CVE-2026-25011

Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through = 7.41...

📄 Blesta 5.13.1 Admin Interface PHP Object Injection

Blesta versions 3.0.0 through 5.13.1 suffer from an administrative interface PHP object injection vulnerability. The vulnerabilities exist because user input passed through the vars and orderinfo POST parameters when dispatching the /app/controllers/adminclients.php script, and through the...

📄 Monstra CMS 3.0.4 Shell Upload

Monstra CMS version 3.0.4 proof of concept remote shell upload exploit. ============================================================================================================================================= | Title : Monstra CMS 3.0.4 shell upload Vulnerability | | Author : indoushka | |...

CVE-2026-24434

Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior does not implement CSRF protections for administrative functions in the web management interface. The interface does not enforce anti-CSRF tokens or robust origin validation, which can allow an attacker to induce a logged-in administrat...

EUVD-2026-5154

Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior does not implement CSRF protections for administrative functions in the web management interface. The interface does not enforce anti-CSRF tokens or robust origin validation, which can allow an attacker to induce a logged-in administrat...

alertwise (=1.0.0), cjkcms-seo (=2.4.0) +19 more potentially affected by CVE-2026-25517 via wagtail (>=6.0.0 <=6.3.1)

wagtail PYPI version =6.0.0, =6.0.0, =2.1.0, =0.1.1, =1.9.0, =2.8.0, =0.0.9, =0.14.0, =0.6.0, =0.1.0, =0.2.0 - wagtail-sb-codefield =0.4.0 and more Source cves: CVE-2026-25517 Source advisory: SNYK:PYTHON-WAGTAIL-15189141...

Missing Authorization

Overview wagtail is an open source content management system built on Django. Affected versions of this package are vulnerable to Missing Authorization via the preview endpoints in the admin interface. An attacker can obtain unauthorized preview renderings of pages, snippets, or site settings by...

CVE-2026-25485

Craft Commerce (for Craft CMS) contains a stored XSS vulnerability in the Shipping Categories fields (Name & Description) in the admin Store Management panel. Affected versions: 4.0.0-RC1 through 4.10.0 and 5.0.0 through 5.5.1. The issue arises from insufficient sanitization before rendering in t...

CVE-2026-25011

Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through = 7.41...

CVE-2026-25011

Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through = 7.41...

EUVD-2026-5296

Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through = 7.41...

CVE-2026-25011 WordPress WP Custom Admin Interface plugin <= 7.41 - Broken Access Control vulnerability

Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through = 7.41...

CVE-2026-25011

CVE-2026-25011: The WP Custom Admin Interface plugin (wp-custom-admin-interface) has Missing Authorization (Broken Access Control) affecting versions up to and including 7.41. Root cause: misconfigured access control security levels enabling unauthorized access. Impact: potential privilege-relate...

CVE-2026-25011 WordPress WP Custom Admin Interface plugin <= 7.41 - Broken Access Control vulnerability

Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through = 7.41...