9649 matches found
FreeBSD Security Advisory - FreeBSD-SA-26:28.capsicum
FreeBSD Security Advisory - sigqueue2 was marked as permitted in capability mode with the introduction of Capsicum in 2011, but the implementation of kernsigqueue did not include a capability mode check restricting signal delivery to the calling process's own PID...
Siemens SINEC INS 安全漏洞
Siemens SINEC INS is a software developed by Siemens, a German company, that provides central services for network infrastructure. Versions of Siemens SINEC INS prior to S1.0 SP2 Update 6 contained security vulnerabilities. These vulnerabilities stemmed from the system containing binary files...
CVE-2026-9594
The WP Maps plugin for WordPress (affected versions up to 4.9.4) is vulnerable to a Stored Cross-Site Scripting (XSS) via the location_messages parameter due to insufficient input sanitization and output escaping. The vulnerability requires authenticated access at administrator level or higher, w...
CVE-2026-7624 SEO Plugin by Squirrly SEO <= 12.4.16 - Missing Authorization to Authenticated (Contributor+) Privileged Cloud API Operations
The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 12.4.16. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...
WordPress plugin Booking Package 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...
PT-2026-47143
Name of the Vulnerable Software and Affected Versions WP Maps – Google Maps,OpenStreetMap,Mapbox,Store Locator,Listing,Directory & Filters versions prior to 4.9.5 Description The plugin is subject to Stored Cross-Site Scripting XSS, a flaw where malicious scripts are permanently stored on the...
CVE-2026-1631
The Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4 is vulnerable to unauthorized modification of the Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4's license key due to a missing capability check on the...
CVE-2025-12714
The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the updatesiteeditorhomepage function in all versions up to, and including, 1.0.271. This makes it possible for unauthenticated attackers to...
CVE-2025-14033
The ilGhera Support System for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getticketcontentcallback' function in all versions up to, and including, 1.3.0. This makes it possible for unauthenticated attackers to view any...
CVE-2025-9988
The Broadstreet plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the createadvertiser AJAX action in all versions up to, and including, 1.53.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create...
CVE-2026-7249
The Location Weather plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the splwupdateblockoptions and lwpcleanweathertransients functions in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with...
CVE-2026-3279
The Enable jQuery Migrate Helper plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the downgradejqueryversion function in all versions up to, and including, 1.4.1. This is due to the function only verifying a nonce without checking user...
CVE-2026-3208
The Mercado Pago payments for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'mppiximage' WooCommerce API endpoint in all versions up to, and including, 8.7.11. This makes it possible for unauthenticated attackers to retrieve...
CVE-2026-3426
The RTMKit Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the savewidget and resetallwidgets functions in all versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with Author-lev...
CVE-2026-3897
The Livemesh Addons for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the labbadminajax AJAX action in all versions up to, and including, 3.9.2 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce but doe...
CVE-2026-3829
The WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'wplebasicgetrequests' function in all versions up to, and including, 7.8.5.10. This makes...
CVE-2026-5693
The Smart Appointment & Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and a nonce validation logic flaw in the saabcancelbooking function in all versions up to, and including, 1.0.8. The nonce check uses && AND instead of || OR,...
CVE-2026-1930
The Emailchef plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pageoptionsajaxdisconnect function in all versions up to, and including, 3.5.1. This makes it possible for authenticated attackers, with Subscriber-level access and above...
CVE-2026-1314
The 3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sendpostpagesjson function in all versions up to, and including, 1.16.17. This makes it possible for unauthenticat...
CVE-2026-1263
The Webling plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.9.0 due to insufficient input sanitization, insufficient output escaping, and missing capabilities checks in the 'weblingadminsaveform' and 'weblingadminsavememberlist' functions...