CVE-2026-3481

The WP Blockade plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shortcode' parameter in all versions up to and including 0.9.14. This is due to insufficient input sanitization and output escaping in the rendershortcodepreview function. The function receives user inpu...

CVE-2026-3481 WP Blockade <= 0.9.14 - Reflected Cross-Site Scripting via 'shortcode' Parameter

The WP Blockade plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shortcode' parameter in all versions up to and including 0.9.14. This is due to insufficient input sanitization and output escaping in the rendershortcodepreview function. The function receives user inpu...

PT-2026-42723

Name of the Vulnerable Software and Affected Versions WP Blockade versions prior to 0.9.15 Description The plugin is subject to Reflected Cross-Site Scripting, a flaw where an application includes untrusted data in a web page without proper validation, allowing attackers to execute scripts in the...

CVE-2026-4119

CVE-2026-4119 affects the WordPress plugin Create DB Tables (versions up to and including 1.2.1). The vulnerability arises from missing capability checks and nonce verification in admin_post hooks for creating and deleting tables, allowing any authenticated user (including Subscribers) to execute...

CVE-2019-25404

CVE-2019-25404 affects Comodo Dome Firewall 2.7.0. The vulnerability is a stored XSS in the admin interface, exploitable by an authenticated attacker who submits crafted input to /korugan/admins via POST, injecting scripts into admin_name, name, or surname. The payload is stored and executed when...

PT-2022-27476 · Yith · Yith Woocommerce Gift Cards

Name of the Vulnerable Software and Affected Versions: YITH WooCommerce Gift Cards premium plugin versions 3.19.0 and earlier Description: The issue is related to an Unauth. Arbitrary File Upload vulnerability in the YITH WooCommerce Gift Cards premium plugin on WordPress, which allows unauthoriz...

PT-2019-7738 · Pagelines +1 · Pagelines +1

Name of the Vulnerable Software and Affected Versions: PageLines theme version 1.1.4 Description: The issue concerns a CSRF vulnerability in the PageLines theme for WordPress. It affects the "wp-admin/admin-post.php?page=pagelines" endpoint. Recommendations: For PageLines theme version 1.1.4,...

PT-2019-13831 · WordPress · Rank Math Seo

Name of the Vulnerable Software and Affected Versions: Rank Math SEO plugin version 1.0.27 Description: The issue allows non-admin users to reset settings. This is achieved via the wp-admin/admin-post.php endpoint, specifically through the reset-cmb parameter. Recommendations: For Rank Math SEO...