CVE-2026-8976

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.1.7. This is due to the plugin not properly verifying that a user is authorized to perform an action...

CVE-2026-8976

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.1.7. This is due to the plugin not properly verifying that a user is authorized to perform an action...

CVE-2026-8976 RSS Aggregator by Feedzy <= 5.1.7 - Missing Authorization to Authenticated (Contributor+) Import Job Creation, Execution, Purge, Log Clearing, and Information Disclosure via Multiple AJAX Sub-Actions

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.1.7. This is due to the plugin not properly verifying that a user is authorized to perform an action...

CVE-2026-9234 JTL-Connector for WooCommerce <= 2.4.1 - Missing Authorization to Authenticated (Subscriber+) Settings Modification via Multiple Functions

The JTL-Connector for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.4.1. This is due to missing capability checks and nonce verification on the adminpostsettingssavewoo-jtl-connector action handled by JtlConnectorAdmin::save and on the...

CVE-2025-20194

A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an authenticated, low-privileged, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this...

CVE-2025-20194

A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an authenticated, low-privileged, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this...

CVE-2024-4475

The WP Logs Book WordPress plugin (versions &lt;= 1.0.1) contains a CSRF vulnerability in the log-clearing action, allowing an authenticated attacker to trigger log clearing via CSRF requests. PoCs describe an HTML form-based trigger requiring admin interaction. Several sources corroborate the is...

WordPress plugin MailPress 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress MailPress plugin 7.2.1 and earlier versions have a cross-site request forgery vulnerability...

KillShot - Information Gathering Tool

A Penetration Testing Framework, Information gathering tool & Website Vulnerability Scanner Why KillShot ? You Can use this tool to Spider your website and get important information and gather information automaticaly using whatweb-host-traceroute-dig-fierce-wafw00f or to Identify the cms and to...

Credential disclosure in LXCA log files - Lenovo Support US

No description provided...

Dahua DVR Auth Bypass Scanner

Scans for Dahua-based DVRs and then grabs settings. Optionally resets a user's password and clears the device logs This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule %qDahua DVR Auth Bypass Scanner...

Zoom X4 / X5 SQL Injection / Authentication Bypass Vulnerabilities

Zoom X4 and X5 modems suffers from authentication bypass and remote SQL injection vulnerabilities. Vulnerable Products - Zoom X4 ADSL Modem and Router running Nucleus/4.3 UPnP/1.0Virata-EmWeb/R620 Server All GS Firmware versions Zoom X5 ADSL Modem and Router running Nucleus/4.3...

Zoom X4/X5 ADSL Modem and Router -Unauthenticated Remote Root Command Execution

Vulnerable Products - Zoom X4 ADSL Modem and Router running Nucleus/4.3 UPnP/1.0Virata-EmWeb/R620 Server All GS Firmware versions Zoom X5 ADSL Modem and Router running Nucleus/4.3 UPnP/1.0Virata-EmWeb/R620 Server All GS Firmware versions Note: A similar vulnerability was reported several years ag...

eXtreme Message Board 1.9.11 Cross Site Request Forgery

Date: Thu 15 Jul 2010 12:08:07 PM EEST Vendor: http://www.xmbforum.com/ Download: http://www.xmbforum.com/download/XMB-1.9.11.09.zip --- -= CSRF PoC 1 - Change Admin Password =- -= Method 1 - editprofile.php =- eXtreme Message Board 1.9.11 Multiple CSRF Vulnerabilities - Change Admin Password -=...