CVE-2026-7523 Alba Board <= 2.1.3 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Disclosure via 'card_id' Parameter

The Alba Board plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.1.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access...

CVE-2006-3474

Multiple SQL injection vulnerabilities in Belchior Foundry vCard PRO allow remote attackers to execute arbitrary SQL commands via the 1 catid parameter to a gbrowse.php, 2 cardid parameter to b rating.php and c create.php, and the 3 eventid parameter to d search.php...

CVE-2006-2810

Multiple cross-site scripting XSS vulnerabilities in Belchior Foundry vCard 2.9 allow remote attackers to inject arbitrary web script or HTML via the page parameter in 1 toprated.php and 2 newcards.php. NOTE: the cardid vector is already covered by CVE-2006-1230...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Belchior Foundry vCard 2.9 allow remote attackers to inject arbitrary web script or HTML via the page parameter in 1 toprated.php and 2 newcards.php. NOTE: the cardid vector is already covered by CVE-2006-1230...

CVE-2006-2810

Multiple cross-site scripting XSS vulnerabilities in Belchior Foundry vCard 2.9 allow remote attackers to inject arbitrary web script or HTML via the page parameter in 1 toprated.php and 2 newcards.php. NOTE: the cardid vector is already covered by CVE-2006-1230...

CVE-2006-1230

Multiple cross-site scripting XSS vulnerabilities in create.php in vCard 2.x allow remote attackers to inject arbitrary web script or HTML via the 1 cardid, 2 uploaded, 3 cardfontsize, or 4 cardcolor parameter. NOTE: the cardid vector was later reported to affect vCard 2.9, and the uploaded vecto...