SUSE CVE-2026-24044

Element Server Suite Community Edition ESS Community deploys a Matrix stack using the provided Helm charts and Kubernetes distribution. The ESS Community Helm Chart secrets initialization hook using matrix-tools container before 0.5.7 is using an insecure Matrix server key generation method,...

CVE-2026-24044

Element Server Suite Community Edition ESS Community deploys a Matrix stack using the provided Helm charts and Kubernetes distribution. The ESS Community Helm Chart secrets initialization hook using matrix-tools container before 0.5.7 is using an insecure Matrix server key generation method,...

CVE-2026-24044 ESS Community Helm Chart has a weak server key generation method

Element Server Suite Community Edition ESS Community deploys a Matrix stack using the provided Helm charts and Kubernetes distribution. The ESS Community Helm Chart secrets initialization hook using matrix-tools container before 0.5.7 is using an insecure Matrix server key generation method,...

CVE-2025-14173 Perfit WooCommerce <= 1.0.1 - Missing Authorization to Unauthenticated Arbitrary Plugin Settings Deletion

The Perfit WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.1. This is due to missing authorization checks on the logout function called via the actions function hooked to admininit. This makes it possible for unauthenticated...

CVE-2025-10750

The PowerBI Embed Reports plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 1.2.0. This is due to missing capability checks and authentication verification on the 'testUser' endpoint accessible via the moepbradminobserver function hooked ...

CVE-2025-10750

The CVE CVE-2025-10750 concerns the WordPress PowerBI Embed Reports plugin (

CVE-2025-10746

The Integrate Dynamics 365 CRM plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.9. This is due to missing capability checks and nonce verification on functions hooked to 'init'. This makes it possible for unauthenticated attackers to deactivate t...

CVE-2025-10746 Integrate Dynamics 365 CRM <= 1.0.9 - Missing Authorization

The Integrate Dynamics 365 CRM plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.9. This is due to missing capability checks and nonce verification on functions hooked to 'init'. This makes it possible for unauthenticated attackers to deactivate t...

WordPress plugin LadiApp 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

Woocommerce Support System <= 1.2.1 - Missing Authorization

Description The Woocommerce Support System plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to missing capability checks on several functions hook via 'init', 'admininit', and AJAX actions in versions up to, and including, 1.2.1. This makes it possible...

CVE-2022-2987

The Ldap WP Login / Active Directory Integration WordPress plugin before 3.0.2 does not have any authorisation and CSRF checks when updating it's settings which are hooked to the init action, allowing unauthenticated attackers to update them. Attackers could set their own LDAP server to be used t...

CVE-2021-25032

The CVE concerns the WordPress plugins PublishPress Capabilities and PublishPress Capabilities Pro (versions before 2.3.1). The issue stems from missing authorization and CSRF checks when updating plugin settings via the init hook, and failure to validate that updated options belong to the plugin...

VulnCheck KEV: CVE-2021-25032

The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPress Capabilities Pro WordPress plugin before 2.3.1 does not have authorisation and CSRF checks when updating the plugin's settings via the init hook, and does not ensure that the options to be updated belong to the plugin. As a...

ListingPro < 2.6.1 - Unauthenticated Sensitive Data Disclosure (Usernames, Emails etc)

Unauthenticated users could gain access to sensitive data, such as usernames, full names, email addresses and in some case phone numbers by sending a request to /wp-admin/index.php?download-lp-users=yes which is registered to the init hook...