WordPress Video Conferencing with Zoom API plugin < 4.6.6 - Unauthenticated SDK Signature Generation vulnerability

Unauthenticated SDK Signature Generation vulnerability discovered by yiğit ibrahim sağlam in WordPress Plugin Video Conferencing with Zoom versions 4.6.6...

CVE-2026-1831

The YayMail - WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized plugin installation and activation due to missing capability checks on the 'yaymailinstallyaysmtp' AJAX action and /yaymail/v1/addons/activate REST endpoint in all versions up to, and including, 4.3.2...

CVE-2026-1857

The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.6.1. This is due to insufficient validation of the endpoint parameter in the getitems function of the GetResponse REST API handler. The endpoint's...

CVE-2026-1938

The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized license key deletion due to a missing authorization check on the /yaymail-license/v1/license/delete REST endpoint in versions up to, and including, 4.3.2. This makes it possible for authenticated...

CVE-2026-2692

A vulnerability was found in CoCoTeaNet CyreneAdmin up to 1.3.0. This affects an unknown part of the file /api/system/user/getAvatar of the component Image Handler. Performing a manipulation of the argument Avatar results in path traversal. The attack can be initiated remotely. The exploit has be...

CVE-2026-1043

The PostmarkApp Email Integrator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in versions up to, and including, 2.4. This is due to insufficient input sanitization and output escaping on the pmaapikey and pmasenderaddress parameters. This makes it...

CVE-2025-12375

The Printful Integration for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.11 via the advanced size chart REST API endpoint. This is due to insufficient validation of user-supplied URLs before passing them to the downloadur...

CVE-2025-13851

CVE-2025-13851 concerns Buyent Theme with Buyent Classified Plugin (

CVE-2025-13864 Breeze – WordPress Cache Plugin <= 2.2.21 - Missing Authorization to Cache Deletion

The Breeze - WordPress Cache Plugin plugin for WordPress is vulnerable to unauthorized cache clearing in all versions up to, and including, 2.2.21. This is due to the REST API endpoint /wp-json/breeze/v1/clear-all-cache being registered with permissioncallback = 'returntrue' and authentication...

CVE-2025-13864

The Breeze WordPress Cache Plugin (WordPress) is vulnerable in all versions up to 2.2.21 due to the REST endpoint /wp-json/breeze/v1/clear-all-cache being registered with permission_callback =&gt; '__return_true' and authentication disabled by default when the API is enabled. This allows unauthen...

CVE-2025-12375

CVE-2025-12375 refers to a Server-Side Request Forgery in the Printful Integration for WooCommerce plugin for WordPress. The vulnerability exists in all versions up to and including 2.2.11 and is triggered via the advanced size chart REST API endpoint, due to insufficient validation of user-suppl...

CVE-2025-12375 Printful Integration for WooCommerce <= 2.2.11 - Authenticated (Contributor+) Server-Side Request Forgery

The Printful Integration for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.11 via the advanced size chart REST API endpoint. This is due to insufficient validation of user-supplied URLs before passing them to the downloadur...

CVE-2025-11754 Cookie Banner, Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) : WP Cookie Consent <= 4.1.2 - Missing Authorization to Sensitive Information Exposure

The GDPR Cookie Consent plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'gdpr/v1/settings' REST API endpoint in all versions up to, and including, 4.1.2. This makes it possible for unauthenticated attackers to retrieve sensitive plugin...

CVE-2026-2629

A weakness has been identified in jishi node-sonos-http-api up to 3776f0ee2261c924c7b7204de121a38100a08ca7. Affected is the function Promise of the file lib/tts-providers/mac-os.js of the component TTS Provider. This manipulation of the argument phrase causes os command injection. It is possible ...

CVE-2026-23598

Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow an unauthenticated remote attacker to obtain sensitive information. Successful exploitation could allow an attacker to access details such as user accounts, roles, and system configuration, as well...

WordPress plugin GDPR Cookie Consent 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

SmarterMail 16.3.6989.16341 Path Traversal

This PHP proof of concept is a detection-only artifact generator for CVE-2025-52691 affecting SmarterMail version 16.3.6989.16341. It sends a crafted multipart upload request to the /api/upload endpoint, leveraging a path traversal condition in the contextData GUID to determine whether the target...

PT-2026-20581

Name of the Vulnerable Software and Affected Versions Printful Integration for WooCommerce versions up to and including 2.2.11 Description The Printful Integration for WooCommerce plugin for WordPress is susceptible to Server-Side Request Forgery via the advanced size chart REST API endpoint...

WordPress plugin Breeze - WordPress Cache Plugin 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Skill Scanner 安全漏洞

Skill Scanner is an open-source security scanner developed by Cisco AI Defense. Versions of Skill Scanner 1.0.1 and earlier contain security vulnerabilities. These vulnerabilities stem from incorrect binding of the API server to multiple interfaces, which may lead to denial-of-service attacks or...