CVE-2026-9815

The MagicForm WordPress plugin through 0.1.3 does not properly validate the type of files uploaded through an unauthenticated AJAX action when a form's per-field extension allowlist is left empty, allowing unauthenticated attackers to upload PHP files and execute arbitrary code on the server...

MINI-7J45-2X6V-CQF7

Bulletin has no description...

MINI-GCVW-XXX7-F4V7

Bulletin has no description...

MINI-WQJQ-HGW3-X4G7

Bulletin has no description...

MINI-CQC2-4V7C-FQ4H

Bulletin has no description...

MINI-JMXQ-V77F-66G3

Bulletin has no description...

MINI-XF46-X4G3-M8H4

Bulletin has no description...

MINI-5WCV-5GCR-RWCP

Bulletin has no description...

MINI-3PXX-W276-3PH7

Bulletin has no description...

MINI-3W5Q-2V44-XPF4

Bulletin has no description...

MINI-WW56-8RJ8-RQXW

Bulletin has no description...

MINI-72FX-H2G4-MJ4W

Bulletin has no description...

MINI-934X-5GRX-WRQ5

Bulletin has no description...

MINI-6CMR-JJHP-9XJX

Bulletin has no description...

MINI-5R3C-WRWQ-M7H7

Bulletin has no description...

MINI-J8VQ-J869-FHJM

Bulletin has no description...

MINI-62RW-2CGM-R7M9

Bulletin has no description...

MINI-RW7W-HHQ5-CPVQ

Bulletin has no description...

CVE-2026-9860

The Offload, AI & Optimize with Cloudflare Images plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.10.2 via the 'account-id' parameter parameter. This is due to insufficient privilege enforcement on the cfimagesdosetup AJAX handler, which require...

EUVD-2026-37854

Cotonti 1.0.0 master branch, commit f43f1fc3 is vulnerable to Cross-Site Request Forgery in the administration rights handler. In system/admin/admin.rights.php, the rights update action 'a=update' modifies group access rights including via cotauthaddgroup without calling cotcheckxg to validate th...