CVE-2026-42574 apko dirFS has a symlink-following path traversal that allows multiple entry points to escape the build root

apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before version 1.2.5, a crafted .apk could install a TypeSymlink tar entry whose target pointed outside the build root, and a subsequent directory-creation or file-write entry in the same o...

WordPress Magical Addons For Elementor Plugin <= 1.2.4 is vulnerable to Sensitive Data Exposure

Software Magical Addons For Elementor Type Plugin Vulnerable versions = 1.2.4 Fixed in 1.2.5 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-10352 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7aa4ffe94751 Credits Ankit Patel...

WordPress Serious Slider Plugin <= 1.2.4 is vulnerable to Cross Site Scripting (XSS)

Software Serious Slider Type Plugin Vulnerable versions = 1.2.4 Fixed in 1.2.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35762 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 57f1f13032c5 Credits Steven Julian Required privilege Editor...

WordPress Paid Memberships Pro Plugin <= 1.2.4 is vulnerable to Cross Site Scripting (XSS)

Software Paid Memberships Pro Type Plugin Vulnerable versions = 1.2.4 Fixed in 1.2.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 77be0838d452 Credits WordFence Required privilege...