CVE-2026-5509 Arbitrary Command Injection via Browser Developer Console in TP-Link Archer BE450 and BE7200

An authenticated command injection vulnerability exists in the Archer BE450 v1 and BE7200 v1 router that allows an administrator to execute arbitrary system commands through the web management interface. After successfully authenticating to the admin interface, an attacker can leverage the...

Like Button Rating < 2.6.45 - Arbitrary e-mail Sending

The plugin allows any logged-in user, such as subscriber, to send arbitrary e-mails to any recipient, with any subject and body As a subscriber, run the below command in the web developer console of the browser fetch"/wp-admin/admin-ajax.php?action=likebtntestvotenotification", "headers":...