CVE-2026-27044 WordPress Total Poll Lite plugin <= 4.12.0 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in TotalSuite Total Poll Lite totalpoll-lite allows Remote Code Inclusion.This issue affects Total Poll Lite: from n/a through = 4.12.0...

CVE-2026-25447 WordPress Widget Wrangler plugin <= 2.3.9 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Jonathan Daggerhart Widget Wrangler widget-wrangler allows Code Injection.This issue affects Widget Wrangler: from n/a through = 2.3.9...

CVE-2026-25447 WordPress Widget Wrangler plugin <= 2.3.9 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Jonathan Daggerhart Widget Wrangler widget-wrangler allows Code Injection.This issue affects Widget Wrangler: from n/a through = 2.3.9...

CVE-2026-25447

CVE-2026-25447 describes an Unauthenticated remote code execution vector in the WordPress plugin Widget Wrangler (

CVE-2026-25366

CVE-2026-25366 concerns WordPress plugin Themeisle Woody ad snippets insert-php (vulnerable:

CVE-2026-25366 WordPress Woody ad snippets plugin <= 2.7.1 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Themeisle Woody ad snippets insert-php allows Code Injection.This issue affects Woody ad snippets: from n/a through = 2.7.1...

CVE-2026-25366 WordPress Woody ad snippets plugin <= 2.7.1 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Themeisle Woody ad snippets insert-php allows Code Injection.This issue affects Woody ad snippets: from n/a through = 2.7.1...

CVE-2026-25001 WordPress Post Snippets plugin <= 4.0.12 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Saad Iqbal Post Snippets post-snippets allows Remote Code Inclusion.This issue affects Post Snippets: from n/a through = 4.0.12...

CVE-2026-25001

CVE-2026-25001 is a confirmed vulnerability in the WordPress plugin Post Snippets (formerly Post Snippets – Custom WordPress Code Snippets Customizer) affecting versions up to 4.0.12. The Wordfence entry characterizes the issue as a Remote Code Execution vulnerability requiring authenticated acce...

CVE-2026-25001 WordPress Post Snippets plugin <= 4.0.12 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Saad Iqbal Post Snippets post-snippets allows Remote Code Inclusion.This issue affects Post Snippets: from n/a through = 4.0.12...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-33017link is external Langflow Code Injection Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses...

PT-2026-27964

Name of the Vulnerable Software and Affected Versions Total Poll Lite versions through 4.12.0 Description A code injection issue exists in Total Poll Lite, allowing for remote code inclusion. The issue is due to improper control of code generation. Recommendations Update Total Poll Lite to a...

PT-2026-27948

Name of the Vulnerable Software and Affected Versions Widget Wrangler versions prior to 2.3.9 Description A code injection issue exists in Jonathan Daggerhart Widget Wrangler. The issue involves improper control of code generation. This allows for code injection. Recommendations Update Widget...

PT-2026-27924

Name of the Vulnerable Software and Affected Versions Woody ad snippets versions through 2.7.1 Description A code injection issue exists in Themeisle Woody ad snippets insert-php. The issue involves improper control of code generation, potentially allowing for code injection. The vulnerable...

PT-2026-27879

Name of the Vulnerable Software and Affected Versions Post Snippets versions through 4.0.12 Description A code injection issue exists in Post Snippets that could allow for remote code inclusion. The issue is due to improper control of code generation. Recommendations Update Post Snippets to a...

n8n 代码注入漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 2.14.1, 2.13.3, and 1.123.26 contained a code injection vulnerability. This vulnerability stemmed from insufficient SQL pattern restrictions in the Merge node, which could lead to remote code...

WordPress plugin Widget Wrangler 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

Mageia: Security Advisory (MGASA-2026-0062)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WordPress plugin Woody ad snippets 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...

WordPress plugin Nelio AB Testing 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...