CVE-2026-1369

The Conditional CAPTCHA WordPress plugin through 4.0.0 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue...

CVE-2026-1369

The Conditional CAPTCHA WordPress plugin through 4.0.0 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue...

CVE-2026-1369

The Conditional CAPTCHA WordPress plugin through 4.0.0 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue...

CVE-2026-1369

The CVE-2026-1369 entry concerns the Conditional CAPTCHA WordPress plugin (versions up to 4.0.0). The vulnerability arises because a parameter is not validated before the plugin redirects the user to its value, causing an Open Redirect. Affected component: the plugin’s redirect logic; root cause:...

CVE-2026-1369 Conditional CAPTCHA <= 4.0.0 - Open Redirect

The Conditional CAPTCHA WordPress plugin through 4.0.0 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue...

CVE-2026-1369 Conditional CAPTCHA <= 4.0.0 - Open Redirect

The Conditional CAPTCHA WordPress plugin through 4.0.0 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue...

WordPress plugin Conditional CAPTCHA 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. There are...

PT-2026-21418

The Conditional CAPTCHA WordPress plugin through 4.0.0 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue...

CVE-2025-6460

The Display During Conditional Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘message’ parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2026-2296

The Product Addons for Woocommerce – Product Options with Custom Fields plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 3.1.0. This is due to insufficient input validation of the 'operator' field in conditional logic rules within the evalConditions...

WordPress Product Addons for Woocommerce - Product Options with Custom Fields plugin <= 3.1.0 - Authenticated (Shop Manager+) Code Injection via Conditional Logic 'operator' Parameter vulnerability

WordPress Product Addons for Woocommerce - Product Options with Custom Fields plugin = 3.1.0 - Authenticated Shop Manager+ Code Injection via Conditional Logic 'operator' Parameter vulnerability discovered by Phap Nguyen Anh - FIS in WordPress Plugin Product Addons for Woocommerce versions = 3.1....

CVE-2026-2296

The Product Addons for Woocommerce – Product Options with Custom Fields plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 3.1.0. This is due to insufficient input validation of the 'operator' field in conditional logic rules within the evalConditions...

CVE-2026-2296 Product Addons for Woocommerce – Product Options with Custom Fields <= 3.1.0 - Authenticated (Shop Manager+) Code Injection via Conditional Logic 'operator' Parameter

The Product Addons for Woocommerce – Product Options with Custom Fields plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 3.1.0. This is due to insufficient input validation of the 'operator' field in conditional logic rules within the evalConditions...

CVE-2026-2296

CVE-2026-2296 affects the WordPress plugin Product Addons for Woocommerce – Product Options with Custom Fields (all versions up to 3.1.0). The root cause is insufficient validation of the 'operator' field in conditional logic rules, where unsanitized input is passed to PHP eval() inside evalCondi...

CVE-2026-2296

The Product Addons for Woocommerce – Product Options with Custom Fields plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 3.1.0. This is due to insufficient input validation of the 'operator' field in conditional logic rules within the evalConditions...

CVE-2025-6460

The Display During Conditional Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘message’ parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-6460

CVE-2025-6460 relates to the WordPress plugin Display During Conditional Shortcode. The vulnerability is a stored cross-site scripting (XSS) via the message parameter in all versions up to and including 1.2, enabling authenticated users with Contributor+ privileges to inject scripts that execute ...

CVE-2025-6460 Display During Conditional Shortcode <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via message Parameter

The Display During Conditional Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘message’ parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress Display During Conditional Shortcode plugin <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via message Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via message Parameter vulnerability discovered by Gilang - DJ in WordPress Plugin Display During Conditional Shortcode versions = 1.2...

Cryptographic Choreographies

We present CryptoChoreo, a choreography language for the specification of cryptographic protocols. Choreographies can be regarded as an extension of Alice-and-Bob notation, providing an intuitive high-level view of the protocol as a whole rather than specifying each protocol role in isolation. Th...