CVE-2026-3333

CVE-2026-3333 concerns the MinhNhut Link Gateway WordPress plugin. The vulnerability is a Stored Cross-Site Scripting issue in the plugin’s linkgate shortcode, present in all versions up to and including 3.6.1. The root cause is insufficient input sanitization and output escaping on user-supplied...

CVE-2026-3333 MinhNhut Link Gateway <= 3.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The MinhNhut Link Gateway plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'linkgate' shortcode in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2026-3333 MinhNhut Link Gateway <= 3.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The MinhNhut Link Gateway plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'linkgate' shortcode in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2026-1313 MimeTypes Link Icons <= 3.2.20 - Authenticated (Contributor+) Server-Side Request Forgery via Crafted Links in Post Content

The MimeTypes Link Icons plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.2.20. This is due to the plugin making outbound HTTP requests to user-controlled URLs without proper validation when the "Show file size" option is enabled. This make...

CVE-2026-1313

The MimeTypes Link Icons plugin for WordPress (vulnerable up to 3.2.20) is affected by a Server-Side Request Forgery. The root cause is outbound HTTP requests to user-controlled URLs made without proper validation when the “Show file size” option is enabled. Authenticated attackers with Contribut...

CVE-2026-1806

The Tour & Activity Operator Plugin for TourCMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'target' parameter of the tourcmsdoclink shortcode in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it possib...

CVE-2026-1806 Tour & Activity Operator Plugin for TourCMS <= 1.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Tour & Activity Operator Plugin for TourCMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'target' parameter of the tourcmsdoclink shortcode in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it possib...

CVE-2026-32733

creationtimestamp| type| source ---|---|--- 2026-03-21 03:05:30+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhk2djq3af2u 2026-03-27 04:20:01+00:00| seen| https://bsky.app/profile/nixpkgssecuritychanges.gerbet.me/post/3mhzbcbni6i2i...

CVE-2026-22737

creationtimestamp| type| source ---|---|--- 2026-03-21 03:00:04+00:00| seen| https://spring.io/security/cve-2026-22737 2026-03-21 03:34:17+00:00| seen| https://bsky.app/profile/cyber-news-fi.bsky.social/post/3mhk3wxvagj2a...

CVE-2026-32049

creationtimestamp| type| source ---|---|--- 2026-03-21 02:41:11+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhjyy2flk42y 2026-03-21 22:01:03+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhlzrziedd2c 2026-03-22 03:00:05+00:00| seen|...

CVE-2026-4302 WowOptin: Next-Gen Popup Maker <= 1.4.29 - Unauthenticated Server-Side Request Forgery via 'link' Parameter in REST API

The WowOptin: Next-Gen Popup Maker plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.4.29. This is due to the plugin exposing a publicly accessible REST API endpoint optn/v1/integration-action with a permissioncallback of returntrue that...

CVE-2026-2378

creationtimestamp| type| source ---|---|--- 2026-03-21 01:22:20+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mhjul2f6zi2h 2026-03-21 04:24:28+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mhk6qq3ivu2l 2026-06-08 01:07:07+00:00| seen|...

CVE-2026-33228

creationtimestamp| type| source ---|---|--- 2026-03-21 00:43:46+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhjsg2wts22n 2026-03-23 21:00:34+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhqxdpvch62s...

CVE-2026-33221

creationtimestamp| type| source ---|---|--- 2026-03-21 00:19:27+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhjr2lpsfu2k...

D-Link DHP-1320 安全漏洞

The D-Link DHP-1320 is a powerline wireless extender produced by D-Link Corporation. The D-Link DHP-1320 version 1.00WWB04 contains a security vulnerability. This vulnerability stems from a stack-based buffer overflow in the REDIRECTCOUNTDOWNPAGE function of the SOAP Handler component, which may...

WordPress plugin MimeTypes Link Icons 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

PT-2026-26849

The MinhNhut Link Gateway plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'linkgate' shortcode in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

PT-2026-26918

Name of the Vulnerable Software and Affected Versions D-Link DHP-1320 version 1.00WWB04 Description A flaw exists in the SOAP Handler component, specifically within the redirect count down page function, of the D-Link DHP-1320. This issue allows for a stack-based buffer overflow, which can be...

PT-2026-26945

D-Link DIR-513 boa formEasySetTimezone memory corruption CVE: CVE-2026-4555 PT-Identifier: PT-2026-26945 Vendor: D-link Product: DIR-513 CVSS: 8.7 Credits: LtzHust2 VulDB User Description: A weakness has been identified in D-Link DIR-513 1.10. The impacted element is the function...

WordPress plugin MinhNhut Link Gateway 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...