4 matches found
CVE-2026-4300 Robo Gallery <= 5.1.3 - Authenticated (Author+) Stored Cross-Site Scripting via 'Loading Label' Setting
The Robo Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Loading Label' setting in all versions up to, and including, 5.1.3. The plugin uses a custom |...| marker pattern in its fixJsFunction method to embed raw JavaScript function references within JSON-encoded...
CVE-2026-22597 Ghost has SSRF via External Media Inliner
Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF...
PT-2024-34191 · WordPress · Bold Page Builder
Name of the Vulnerable Software and Affected Versions: Bold Page Builder versions through 5.1.3 Description: The issue is related to missing authorization, allowing exploitation of incorrectly configured access control security levels. This could potentially lead to site compromise...
Out-of-bounds read vulnerability in multiple Apple products (CNVD-2019-02759)
Apple iOS is an operating system developed for mobile devices; watchOS is a smartwatch operating system. An out-of-bounds read vulnerability exists in the Core Media component in Apple iOS before 12.1.3, watchOS before 5.1.3, and macOS. An attacker can exploit the vulnerability to elevate...