10421 matches found
All Thrive Themes and Plugins - Unauthenticated Option Update
The Thrive Optimize WordPress plugin before 1.4.13.3, Thrive Comments WordPress plugin before 1.4.15.3, Thrive Headline Optimizer WordPress plugin before 1.3.7.3, Thrive Leads WordPress plugin before 2.3.9.4, Thrive Ultimatum WordPress plugin before 2.3.9.4, Thrive Quiz Builder WordPress plugin...
Custom Product Tabs for WooCommerce < 1.7.8 - Unauthenticated Toggle Content Setting Update
YIKES Inc. Custom Product Tabs for WooCommerce plugin \u003C= 1.7.7 contains a broken access control caused by improper permission checks in &yikes-the-content-toggle option update, letting attackers modify content without authorization. id: CVE-2022-28666 info: name: Custom Product Tabs for...
EUVD-2026-41448
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS Tigerpaw Technology Integration module allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-13936. This issue affects Fireware O...
EUVD-2026-41449
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS ConnectWise Technology Integration module allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-13937. This issue affects Firewar...
EUVD-2026-41450
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS Autotask Technology Integration module allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-13938. This issue affects Fireware O...
CVE-2026-13374
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS ConnectWise Technology Integration module allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-13937. This issue affects Firewar...
CVE-2026-13375
WatchGuard Fireware OS Autotask Technology Integration module is affected by CVE-2026-13375, a Stored XSS vulnerability. Affected versions are Fireware OS 12.4–12.12, 12.5–12.5.18, and 2025.1–2026.2. Attack vector is NETWORK with low attack complexity and high privileges required; user interactio...
CVE-2026-13375
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS Autotask Technology Integration module allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-13938. This issue affects Fireware O...
CVE-2026-13374
CVE-2026-13374 is a stored XSS vulnerability in WatchGuard Fireware OS (ConnectWise Technology Integration module). It affects Fireware OS versions 12.4–12.12, 12.5–12.5.18, and 2025.1–2026.2. The issue stems from improper neutralization of input during web page generation, allowing stored cross-...
CVE-2026-13374 WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in ConnectWise Technology Integration Configuration
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS ConnectWise Technology Integration module allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-13937. This issue affects Firewar...
CVE-2026-13373
WatchGuard Fireware OS Tigerpaw Technology Integration module is affected by CVE-2026-13373, exposing a Stored Cross-Site Scripting (XSS) vulnerability. The issue arises from improper neutralization of input during web page generation, enabling stored XSS in affected Fireware versions: 12.4–12.12...
GitLab CI Lint API - Server-Side Request Forgery
GitLab 10.5 and later contain a server-side request forgery caused by insecure handling of webhook requests, letting unauthenticated attackers exploit the server for arbitrary requests, exploit requires sending crafted webhook requests. id: CVE-2021-22175 info: name: GitLab CI Lint API -...
CVE-2026-11600
The Envo's Templates & Widgets for Elementor and WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing authorization check on the Envo Tabs and Off Canvas widget's template rendering in versions up to, and including, 1.4.26. The render method of the Tabs...
CVE-2026-58592
Vulnerability summary (CVE-2026-58592, Ladybird): A dangling-reference memory-safety flaw in Ladybird’s WebAssembly ESM integration loader. When a JavaScript function is imported into a WebAssembly module via the ESM path, WebAssemblyModule.cpp passes a stack-local Wasm::FunctionType by reference...
CVE-2026-13603
The payment integration pretix-oppwa provides support for the payment providers VR Payment, Hobex, and potentially others based on Oppwa's technology. The integration of Oppwa, following their official documentation, includes a step where the user is redirected from the payment provider back to o...
CVE-2026-13603
The payment integration pretix-oppwa provides support for the payment providers VR Payment, Hobex, and potentially others based on Oppwa's technology. The integration of Oppwa, following their official documentation, includes a step where the user is redirected from the payment provider back to o...
EUVD-2026-40958
The payment integration pretix-oppwa provides support for the payment providers VR Payment, Hobex, and potentially others based on Oppwa's technology. The integration of Oppwa, following their official documentation, includes a step where the user is redirected from the payment provider back to o...
CVE-2026-13228
The vulnerability CVE-2026-13228 affects the LatePoint – Calendar Booking Plugin for Appointments and Events (WordPress). An Insecure Direct Object Reference (IDOR) in OsOrdersController.create_or_update enables an authenticated Agent (low privileges) to specify an arbitrary order[customer_id] an...
CVE-2026-11387 SMS Alert <= 3.9.5 - Unauthenticated Privilege Escalation via Arbitrary Password Reset
The SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.9.5. This is due to the plugin not properly validating a user's identity prior to updati...
CVE-2026-11794 Advanced Form Integration < 2.1.1 - Unauthenticated Privilege Escalation via Breakdance Form Role Mapping
The Advanced Form Integration — Connect Forms to 200+ Apps WordPress plugin before 2.1.1 does not restrict the WordPress role assigned when it creates a user from a public form submission, allowing unauthenticated visitors to create an administrator account when an active integration maps the use...