1840 matches found
CVE-2026-45210
Broadstreet Ads WordPress plugin
CVE-2026-45210 WordPress Broadstreet Ads plugin <= 1.52.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in Broadstreet Broadstreet Ads broadstreet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Broadstreet Ads: from n/a through = 1.52.2...
CVE-2026-45210
Missing Authorization vulnerability in Broadstreet Broadstreet Ads broadstreet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Broadstreet Ads: from n/a through = 1.52.2...
WordPress plugin MonsterInsights – Google Analytics Dashboard for WordPress 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
WordPress plugin Broadstreet Ads 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
PT-2026-40465
Name of the Vulnerable Software and Affected Versions MonsterInsights – Google Analytics Dashboard for WordPress versions prior to 10.1.3 Description Missing capability checks in the get ads access token and reset experience functions allow authenticated attackers with Subscriber-level access or...
PT-2026-40010
Missing Authorization vulnerability in Broadstreet Broadstreet Ads broadstreet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Broadstreet Ads: from n/a through = 1.52.2...
EUVD-2026-27826
Cross Site Scripting vulnerability in Juzaweb CMS v.5.0.0 allows a remote attacker via execute arbitrary code via a crafted script to the Add Banner Ads function...
CVE-2026-36358
Cross Site Scripting vulnerability in Juzaweb CMS v.5.0.0 allows a remote attacker via execute arbitrary code via a crafted script to the Add Banner Ads function...
CVE-2026-36358
CVE-2026-36358 is a Cross Site Scripting vulnerability in Juzaweb CMS v5.0.0. The issue allows a remote attacker to execute arbitrary code via a crafted script submitted to the Add Banner Ads function. Connected documents confirm the same description across NVD, CVE List, and related feeds; no ex...
CVE-2026-36358
Cross Site Scripting vulnerability in Juzaweb CMS v.5.0.0 allows a remote attacker via execute arbitrary code via a crafted script to the Add Banner Ads function...
CVE-2026-36358
Cross Site Scripting vulnerability in Juzaweb CMS v.5.0.0 allows a remote attacker via execute arbitrary code via a crafted script to the Add Banner Ads function...
CVE-2026-36358
Cross Site Scripting vulnerability in Juzaweb CMS v.5.0.0 allows a remote attacker via execute arbitrary code via a crafted script to the Add Banner Ads function...
PT-2026-37629
Cross Site Scripting vulnerability in Juzaweb CMS v.5.0.0 allows a remote attacker via execute arbitrary code via a crafted script to the Add Banner Ads function...
Juzaweb CMS 跨站脚本漏洞
Juzaweb CMS is a content management system developed by Juzaweb’s individual developers, based on the Laravel framework and web platform. Version 5.0.0 of Juzaweb CMS has a cross-site scripting vulnerability. This vulnerability stems from the Add Banner Ads feature, which contains cross-site...
Thousands of Facebook accounts stolen by phishing emails sent through Google
Researchers have uncovered a long-running phishing operation that abuses trusted Google services to hijack tens of thousands of Facebook accounts. The compromised Facebook accounts are mainly business and advertiser profiles, which criminals can monetize after gaining access and control. The...
VulnCheck KEV: CVE-2025-5339
The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘bsaproid’ parameter in all versions up to, and including, 4.89 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...
CVE-2026-5488
The ExactMetrics – Google Analytics Dashboard for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 9.1.2. This is due to missing capability checks in the getadsaccesstoken and resetexperience AJAX handlers. While the mi-admin-nonce is localized...
EUVD-2026-25393
The ExactMetrics – Google Analytics Dashboard for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 9.1.2. This is due to missing capability checks in the getadsaccesstoken and resetexperience AJAX handlers. While the mi-admin-nonce is localized...
CVE-2026-5488
The CVE-2026-5488 issue affects the ExactMetrics – Google Analytics Dashboard for WordPress plugin (WordPress). It stems from missing capability checks in two AJAX handlers (get_ads_access_token() and reset_experience()), allowing authenticated users with subscriber-level access or higher to retr...