69 matches found
CVE-2026-12923
The Youtube Showcase plugin for WordPress is vulnerable to Arbitrary Function Call in versions up to and including 4.0.3. This is due to insufficient validation of the 'path' parameter in the emddeletefile AJAX handler in includes/common-functions.php. The user-supplied value is passed through...
CVE-2026-12923 Video Gallery <= 4.0.3 - Authenticated (Subscriber+) Arbitrary Function Call via 'path' Parameter
The Youtube Showcase plugin for WordPress is vulnerable to Arbitrary Function Call in versions up to and including 4.0.3. This is due to insufficient validation of the 'path' parameter in the emddeletefile AJAX handler in includes/common-functions.php. The user-supplied value is passed through...
EUVD-2026-40897
The Youtube Showcase plugin for WordPress is vulnerable to Arbitrary Function Call in versions up to and including 4.0.3. This is due to insufficient validation of the 'path' parameter in the emddeletefile AJAX handler in includes/common-functions.php. The user-supplied value is passed through...
Exploit for CVE-2026-7465
CVE-2026-7465 - Spectra Gutenberg Blocks isregistered $block...
Improper Access Control
Fission is vulnerable to improper access control. The vulnerability is due to the router automatically registering internal function routes without validating associated HTTPTrigger restrictions, which allows an attacker to invoke arbitrary functions directly by guessing the function name and...
The vulnerability of the CREATE TYPE command in the PostgreSQL database management system allows attackers to execute arbitrary SQL functions.
The vulnerability of the CREATE TYPE command in the PostgreSQL database management system is related to the lack of authentication. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL functions remotely...
CVE-2026-4038
The Aimogen Pro plugin for WordPress is vulnerable to Arbitrary Function Call that can lead to privilege escalation due to a missing capability check on the 'aiomaticcallaifunctionrealtime' function in all versions up to, and including, 2.7.5. This makes it possible for unauthenticated attackers ...
WordPress Aimogen Pro plugin <= 2.7.5 - Unauthenticated Privilege Escalation via Arbitrary Function Call vulnerability
Unauthenticated Privilege Escalation via Arbitrary Function Call vulnerability discovered by Hung Nguyen yoriss - VN in WordPress Plugin Aimogen Pro versions = 2.7.5...
EUVD-2026-13522
The Aimogen Pro plugin for WordPress is vulnerable to Arbitrary Function Call that can lead to privilege escalation due to a missing capability check on the 'aiomaticcallaifunctionrealtime' function in all versions up to, and including, 2.7.5. This makes it possible for unauthenticated attackers ...
CVE-2026-4038
The Aimogen Pro plugin for WordPress is vulnerable to Arbitrary Function Call that can lead to privilege escalation due to a missing capability check on the 'aiomaticcallaifunctionrealtime' function in all versions up to, and including, 2.7.5. This makes it possible for unauthenticated attackers ...
CVE-2026-4038 Aimogen Pro <= 2.7.5 - Unauthenticated Privilege Escalation via Arbitrary Function Call
The Aimogen Pro plugin for WordPress is vulnerable to Arbitrary Function Call that can lead to privilege escalation due to a missing capability check on the 'aiomaticcallaifunctionrealtime' function in all versions up to, and including, 2.7.5. This makes it possible for unauthenticated attackers ...
CVE-2026-4038 Aimogen Pro <= 2.7.5 - Unauthenticated Privilege Escalation via Arbitrary Function Call
The Aimogen Pro plugin for WordPress is vulnerable to Arbitrary Function Call that can lead to privilege escalation due to a missing capability check on the 'aiomaticcallaifunctionrealtime' function in all versions up to, and including, 2.7.5. This makes it possible for unauthenticated attackers ...
CVE-2026-4038
The CVE concerns the Aimogen Pro plugin for WordPress, where a missing capability check in the aiomatic_call_ai_function_realtime function allows an unauthenticated attacker to perform Arbitrary Function Calls. Affected versions are all up to and including 2.7.5. The exploitation enables calling ...
CVE-2026-4038
The Aimogen Pro plugin for WordPress is vulnerable to Arbitrary Function Call that can lead to privilege escalation due to a missing capability check on the 'aiomaticcallaifunctionrealtime' function in all versions up to, and including, 2.7.5. This makes it possible for unauthenticated attackers ...
PT-2026-26553
Name of the Vulnerable Software and Affected Versions Aimogen Pro versions up to 2.7.5 Description The Aimogen Pro plugin for WordPress is susceptible to an Arbitrary Function Call, potentially leading to privilege escalation. This is due to a missing capability check within the aiomatic call ai...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection inadequate recursive validation of PostgreSQL array and row expressions in the validateNode function. An attacker can execute arbitrary SQL functions and achieve code execution on the database server by crafting malicious...
WordPress Inpersttion For Theme plugin <= 1.0 - Authenticated (Contributor+) Arbitrary Function Call vulnerability
Authenticated Contributor+ Arbitrary Function Call vulnerability discovered by Peter Thaleikis in WordPress Plugin Inpersttion For Theme versions = 1.0...
CVE-2025-65960
Contao is an Open Source CMS. From version 4.0.0 to before 4.13.57, before 5.3.42, and before 5.6.5, back end users with precise control over the contents of template closures can execute arbitrary PHP functions that do not have required parameters. This issue has been patched in versions 4.13.57...
Insufficient Type Distinction
Overview contao/core-bundle is an Open Source PHP Content Management System for people who want a professional website that is easy to maintain. Affected versions of this package are vulnerable to Insufficient Type Distinction in the Template::once method. Backend users with sufficient privileges...
CVE-2025-9321
The WPCasa plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 1.4.1. This is due to insufficient input validation and restriction on the 'apirequests' function. This makes it possible for unauthenticated attackers to call arbitrary functions and execute cod...