CVE-2026-3601

The User Registration & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the embedformaction function in all versions up to, and including, 5.1.4. This makes it possible for authenticated attackers, with Contributor-level acce...

CVE-2026-3601 User Registration & Membership <= 5.1.4 - Missing Authorization to Authenticated (Contributor+) Limited Page Content Modification

The User Registration & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the embedformaction function in all versions up to, and including, 5.1.4. This makes it possible for authenticated attackers, with Contributor-level acce...

CVE-2026-3601 User Registration & Membership <= 5.1.4 - Missing Authorization to Authenticated (Contributor+) Limited Page Content Modification

The User Registration & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the embedformaction function in all versions up to, and including, 5.1.4. This makes it possible for authenticated attackers, with Contributor-level acce...

EUVD-2026-27213

The ElementsKit Elementor Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the LiveAction::reset function in all versions up to, and including, 3.8.2 The function is hooked to the WordPress init action and triggers when both post...

CVE-2026-4362

The ElementsKit Elementor Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the LiveAction::reset function in all versions up to, and including, 3.8.2 The function is hooked to the WordPress init action and triggers when both post...

CLSA-2026-1777946639 quagga: Fix of CVE-2018-5381

CVE-2018-5381: bgpd capability parser can enter an infinite loop on invalid OPEN messages whose Multi-Protocol capability has an unrecognized AFI/SAFI, causing a denial of service...

PT-2026-36971

The ElementsKit Elementor Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the Live Action::reset function in all versions up to, and including, 3.8.2 The function is hooked to the WordPress init action and triggers when both post...

CVE-2026-4024

The Royal Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wprupdateformactionmeta AJAX action in all versions up to, and including, 1.7.1056. The handler is registered on both wpajax and wpajaxnopriv hooks, maki...

CVE-2026-6963

The WP Mail Gateway plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wmgsaveproviderconfig AJAX action in all versions up to, and including, 1.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update...

CVE-2026-3143

The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxclicancel' function in all versions up to, and including, 1.17.1. This makes it possible for...

CVE-2025-14726

The Widgets for Social Photo Feed plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the '/trustindexfeedhookinstagram/troubleshooting' and '/trustindexfeedhookinstagram/submit-data' REST API endpoints in all versions up...

VulnCheck KEV: CVE-2025-15403

The RegistrationMagic plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.0.7.1. This is due to the 'addmenu' function is accessible via the 'rmuserexists' AJAX action and allows arbitrary updates to the 'adminorder' setting. This makes it possible f...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: PCI/AER: Avoid NULL pointer dereferencing in aerratelimit When the platform firmware provides error information to the OS, for example, via the ACPI APEI GHES mechanism, it may identify a device that does not advertise an AER...

Astra Linux – Vulnerability in evolution-data-server

In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client by dereferencing a NULL pointer, by sending an invalid e.g., minimal CAPABILITY line during a connection attempt. This issue is related to the imapxfreecapability and imapxconnecttoserver functions...

Astra Linux – Vulnerability in Linux, Linux 5.10

The decodedata function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 contains a slab out-of-bounds write vulnerability. Input from a process that has the CAPNETADMIN capability can lead to root access...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Wifi: mt76: mt7921: Resource leaks in mt7921checkoffloadcapability The coverage issue related to resource leaks was fixed. In this case, the variable “fw” goes out of scope, causing the storage it points to to be leaked. This iss...

Astra Linux – Vulnerability in Linux 5.10

In the kernel/bpf/hashtab.c file within the Linux kernel, up to version 5.13.8, there is an integer overflow and out-of-bounds write vulnerability when multiple elements are placed in a single bucket. NOTE: Exploitation may be impractical without the CAPSYSADMIN capability...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

Linux Kernel nftables: Vulnerability involving local privilege escalation after free operations; nftchainlookupbyid fails to check whether a chain is active, and CAPNETADMIN is present in any user or network namespace...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-6.1, Linux-5.15

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: Fixed handling of HCIEVIOCAPAREQUEST. If we receive HCIEVIOCAPAREQUEST while HCIOPREADREMOTEEXTFEATURES has not yet been responded to, assume that the remote supports SSP. Otherwise, this event should not be...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: media: rc: The bpf attach/detach operation requires write permission. source-iocs-preserved const=CAPNETADMIN...