CVE-2026-8938

The auto making JSON-LD plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the amJLcertification function. This makes it possible for unauthenticated attackers to update the plugin's...

WordPress plugin Magic Import Document Extractor 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2023-1342

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the ucssconnect function. This makes it possible for unauthenticated attackers to connect the si...

Versions of *ring* prior to 0.17 are unmaintained.

ring 0.16.20 was released over 4 years ago and isn't maintained, tested, etc. Additionally, the project's general policy is to only patch the latest release, which is 0.17.12 now. It will be difficult for anybody to backport future fixes to versions earlier than 0.17.10 due to license changes...