CVE-2026-44671

creationtimestamp| type| source ---|---|--- 2026-05-15 01:31:44+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlu6qj5yry2p 2026-05-15 02:34:31+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mlucaql6we2o 2026-05-15 03:57:12+00:00| seen|...

WordPress NextScripts: Social Networks Auto-Poster plugin <= 4.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'nxs_fbembed' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'nxsfbembed' Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin NextScripts versions = 4.4.6...

CVE-2026-2446

creationtimestamp| type| source ---|---|--- 2026-03-07 12:01:37+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mghrrb2tem2f 2026-03-07 12:01:55+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mghrrrj6rn2k...

CVE-2025-67956

Missing Authorization vulnerability in wpeverest User Registration user-registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through = 4.4.6...

CVE-2025-67956

Missing Authorization vulnerability in wpeverest User Registration user-registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through = 4.4.6...

CVE-2025-13367

CVE-2025-13367 affects the WordPress plugin “User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin” (aka user-registration). The issue is a Stored Cross-Site Scripting (XSS) vulnerability via multiple shortcode ...

EUVD-2025-202073

Missing Authorization vulnerability in ThimPress Sailing sailing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sailing: from n/a through 4.4.6...

CVE-2025-67573 WordPress Sailing theme < 4.4.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in ThimPress Sailing sailing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sailing: from n/a through 4.4.6...

PT-2025-49902

Name of the Vulnerable Software and Affected Versions ThimPress Sailing versions prior to 4.4.6 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Remote File Inclusion issue. This allows for PHP Local File Inclusion...

PT-2025-49947

CVE-2025-67573 Missing Authorization vulnerability in ThimPress Sailing sailing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sailing: f… https://t.co/eXmV92DVC8...

CVE-2025-44608

creationtimestamp| type| source ---|---|--- 2025-06-25 17:33:33+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/41875 2025-06-25 21:00:04+00:00| published-proof-of-concept| Telegram/INbhvu6suw58y9HrUal3GQ-Sx3WcR9t4iYviK9OyeuUsQE...

CVE-2024-11024

The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.4.6. This is due to the plugin not properly validating a user's password reset code prior to updating their password. This makes it possibl...

WordPress AppPresser plugin <= 4.4.6 - Unauthenticated Privilege Escalation via Password Reset vulnerability

Unauthenticated Privilege Escalation via Password Reset vulnerability discovered by shaman0x01 in WordPress Plugin AppPresser versions = 4.4.6...

WordPress plugin Online Booking & Scheduling Calendar for WordPress by vcita 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

VulnCheck KEV: CVE-2024-37418

Unrestricted Upload of File with Dangerous Type vulnerability in andymoyle Church Admin church-admin.This issue affects Church Admin: from n/a through = 4.4.6...

ESP-IDF 安全漏洞

ESP-IDF is an open source development framework for Espressif SoCs supported on Windows, Linux and macOS by Espressif Systems. ESP-IDF has a security vulnerability that stems from the presence of a TOCTOU vulnerability. The vulnerability allows an attacker with physical access to the device's fla...

CVE-2023-7071

The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table of Contents block in all versions up to, and including, 4.4.6 due to insufficient input sanitization and output escaping. This makes it possib...

PT-2023-6733 · Best Practical +2 · Request Tracker +2

Name of the Vulnerable Software and Affected Versions: Best Practical Request Tracker RT versions 4.4.6 and earlier Best Practical Request Tracker RT versions 5.0.4 and earlier Description: The issue allows Information Disclosure via fake or spoofed RT email headers in an email message or a...

PT-2023-24211 · Craft · Craft

Name of the Vulnerable Software and Affected Versions: Craft versions prior to 4.4.6 Description: The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. An older issue fixed the XSS in label HTML but did not address it when...

PT-2023-14636 · Perfsonar · Perfsonar

Name of the Vulnerable Software and Affected Versions: perfSONAR versions prior to 4.4.6 Description: The issue inadvertently supports the parse option for a file:// URL. Recommendations: For versions prior to 4.4.6, update to version 4.4.6 or later to resolve the issue...