16 matches found
CVE-2026-3504
The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.1 via the '/dokan/v1/stores/id/reviews' REST API endpoint. This is due to the 'preparereviewsforresponse' method...
CVE-2026-3504 Dokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 4.3.1 - Unauthenticated Information Disclosure in Store Reviews REST API Endpoint
The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.1 via the '/dokan/v1/stores/id/reviews' REST API endpoint. This is due to the 'preparereviewsforresponse' method...
CVE-2026-28815
A remote attacker can supply a short X-Wing HPKE encapsulated key and trigger an out-of-bounds read in the C decapsulation path, potentially causing a crash or memory disclosure depending on runtime protections. This issue is fixed in swift-crypto version 4.3.1...
CVE-2026-25019
Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Atarim: from n/a through = 4.3.1...
WordPress Atarim plugin <= 4.3.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Atarim versions = 4.3.1...
CVE-2026-24596
Cross-Site Request Forgery CSRF vulnerability in marynixie Related Posts Thumbnails Plugin for WordPress related-posts-thumbnails allows Cross Site Request Forgery.This issue affects Related Posts Thumbnails Plugin for WordPress: from n/a through = 4.3.1...
CVE-2026-24596
CVE-2026-24596 is a CSRF vulnerability in the WordPress plugin Related Posts Thumbnails (versions up to 4.3.1). The issue allows Cross-Site Request Forgery, affecting the Related Posts Thumbnails Plugin for WordPress from an unspecified early version to 4.3.1. The CVE entry provides a CVSS v3.1 b...
EUVD-2025-203497
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the statistic function in all versions up to, and including, 4.3.1. This makes it possible for unauthenticated attackers to view the plugin's orders...
CVE-2025-14387
The CVE-2025-14387 entry concerns the LearnPress – WordPress LMS Plugin (WordPress) with versions up to 4.3.1. The vulnerability is a Stored Cross-Site Scripting flaw caused by insufficient input sanitization and output escaping. It can be exploited by authenticated attackers with Subscriber-leve...
WordPress ekommart theme < 4.3.1 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme ekommart versions 4.3.1...
CVE-2025-62369 Xibo CMS: Remote Code Execution through module templates
Xibo is an open source digital signage platform with a web content management system CMS. Versions 4.3.0 and below contain a Remote Code Execution vulnerability in the CMS Developer menu's Module Templating functionality, allowing authenticated users with "System - Add/Edit custom modules and...
PT-2025-5745
Name of the Vulnerable Software and Affected Versions: Mobile Security Framework MobSF versions prior to 4.3.1 Description: The issue concerns a stored cross-site scripting XSS vulnerability in the iOS Dynamic Analyzer functionality of the Mobile Security Framework MobSF. According to Apple's...
Crestron AirMedia 安全漏洞
Crestron AirMedia is Crestron's unlimited sharing platform for laptops, PCs, smartphones or tablets. A security vulnerability exists in Crestron AirMedia Windows Application version 4.3.1.39. An attacker could exploit the vulnerability to temporarily store a file structure and change it during a...
UBUNTU-CVE-2020-14196
In PowerDNS Recursor versions up to and including 4.3.1, 4.2.2 and 4.1.16, the ACL restricting access to the internal web server is not properly enforced...
LCDS LAquis SCADA Input Validation Error Vulnerability
LCDS LAquis SCADA is a SCADA Data Acquisition and Supervisory Control system from the Brazilian company LCDS. The system is mainly used for data acquisition and process control of equipment with communication technology. An input validation error vulnerability exists in LCDS LAquis SCADA version...
Broadcom CA API Developer Portal Information Disclosure Vulnerability
Broadcom CA API Developer Portal is an API developer portal product of Broadcom's complete API lifecycle management solution, which provides API release control, API performance monitoring and other functions. An information disclosure vulnerability exists in Broadcom CA API Developer Portal...