773 matches found
PT-2026-50838
Name of the Vulnerable Software and Affected Versions Blocksy Companion versions prior to 2.1.46 Description The Blocksy Companion plugin for WordPress contains a Stored Cross-Site Scripting issue within the admin settings caused by insufficient input sanitization and output escaping. This allows...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Dom::sanitize function. An attacker can execute arbitrary JavaScript code in the context of other users by injecting malicious markup as children of unknown HTML/XML tags, which are not properly sanitize...
CVE-2026-12102 UsersWP <= 1.2.63 - Insecure Direct Object Reference to Authenticated (Editor+) Arbitrary User Avatar/Banner Reset via 'user_id' Parameter
The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.63 via the 'userid' parameter due to missing validation on a user controlled key...
WordPress UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin <= 1.2.63 - Insecure Direct Object Reference to Authenticated (Editor+) Arbitrary User Avatar/Banner Reset vulnerability
Insecure Direct Object Reference to Authenticated Editor+ Arbitrary User Avatar/Banner Reset vulnerability discovered by Pasindu Dilshan K4PXD - HACK KAP PVT LTD in WordPress Plugin UsersWP versions = 1.2.63...
PT-2026-50473
Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.05.1 Description The 'spreadsheet-fetch' endpoint, specifically within the axiosRequestMake function, improperly validated URLs. It accepted paths containing permitted extensions anywhere in the string and utilize...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the text/html content processing. An attacker can inject and execute arbitrary scripts in the context of the rendered page by supplying malicious HTML content files from untrusted sources. This is only...
CVE-2026-12089 WS Optimize – All-in-One Speed Booster & Cache Tools <= 3.3.19 - Authenticated (Editor+) Arbitrary File Read
The LWS Optimize – All-in-One Speed Booster & Cache Tools plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 3.3.19. This is due to the combinecurrentcss function trusting values harvested from page HTML and converting same-site URLs to absolute filesystem...
CVE-2026-12089
The vulnerability CVE-2026-12089 affects the WordPress plugin “LWS Optimize – All-in-One Speed Booster & Cache Tools” up to version 3.3.19. The root cause is in the combine_current_css() function, which trusts href values harvested from page HTML and converts same-site URLs to absolute filesyste...
CVE-2026-50223 Apache OFBiz: DataResource Low-Privileged Authenticated FreeMarker Template Injection Leads to Remote Code Execution
Improper Control of Generation of Code 'Code Injection' vulnerability in Apache OFBiz allows a low-privileged authenticated user with Content/DataResource editing privileges to perform template injection attacks that could lead to Remote Code Execution. This issue affects Apache OFBiz: before...
CVE-2026-45106
Weblate is a web based localization tool. Prior to version 2026.5, Weblate's live search preview renders unit source and context as HTML without escaping. Any contributor whose content reaches those fields stores HTML and CSS that runs inside the authenticated editor of every user who runs a...
CVE-2026-45106 Weblate: Stored HTML injection in editor search preview
Weblate is a web based localization tool. Prior to version 2026.5, Weblate's live search preview renders unit source and context as HTML without escaping. Any contributor whose content reaches those fields stores HTML and CSS that runs inside the authenticated editor of every user who runs a...
CVE-2026-45106
Weblate (web-based localization tool) is affected by a stored HTML injection/XSS in the live search preview prior to version 2026.5, where unit source and context are rendered without escaping, allowing HTML/CSS that runs in authenticated editors of other users performing a matching search. The i...
CVE-2026-47348
Editors with access to create or modify page content were able to include HTML markup in page titles that were stored in the search index without sanitization. When displayed in frontend search results via the Indexed Search plugin, these titles were rendered without proper output encoding,...
CVE-2026-8853 MW WP Form <= 5.1.3 - Authenticated (Editor+) Stored Cross-Site Scripting via 'memo' Parameter
The MW WP Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'memo' parameter in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above,...
CVE-2026-8853 MW WP Form <= 5.1.3 - Authenticated (Editor+) Stored Cross-Site Scripting via 'memo' Parameter
The MW WP Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'memo' parameter in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above,...
PT-2026-47741
Name of the Vulnerable Software and Affected Versions TYPO3 CMS versions 13.0.0 through 13.4.30 TYPO3 CMS versions 14.0.0 through 14.3.2 Description Editors with permissions to create or modify page content can include HTML markup in page titles. These titles are stored in the search index withou...
CVE-2026-7523
The Alba Board plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.1.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access...
CVE-2026-9851 Booking Package <= 1.7.16 - Authenticated (Editor+) Privilege Escalation via Account Takeover to updateUser AJAX Action
The Booking Package plugin for WordPress is vulnerable to Privilege Escalation via Account Takeover in versions up to, and including, 1.7.16. This is due to a missing capability check on the 'updateUser' branch of the packageappaction AJAX endpoint, where the handler only validates a nonce and th...
CVE-2026-3495
Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to escape some variables that could contain malicious content during error page composition which allows an attacker with access to edit some site configuration to execute some malicious code via injecting some JS as part of those...
CVE-2026-31018
In Dolibarr ERP & CRM = 22.0.4, PHP code detection and editing permission enforcement in the Website module is not applied consistently to all input parameters, allowing an authenticated user restricted to HTML/JavaScript editing to inject PHP code through unprotected inputs during website page...