7745 matches found
CVE-2026-4986 WPForms Lite < 1.10.0.5 – Unauthenticated PayPal Webhook Forgery
The WPForms WordPress plugin before 1.10.0.5 does not verify the authenticity of incoming PayPal webhook events before processing them, allowing unauthenticated attackers to forge webhook payloads and manipulate the payment state of arbitrary transactions...
CVE-2026-4986
The CVE-2026-4986 entry concerns the WPForms WordPress plugin (pre-1.10.0.5). The issue is that incoming PayPal webhook events are not validated for authenticity before processing, enabling unauthenticated attackers to forge webhook payloads and manipulate the payment state of arbitrary transacti...
USN-8406-1 libnet-cidr-lite-perl vulnerabilities
Dave Rolsky discovered that Net::CIDR::Lite did not properly handle extraneous zero characters at the beginning of an IP address string. A remote attacker could possibly use this issue to bypass access controls that are based on IP addresses. This issue only affected Ubuntu 16.04 LTS and Ubuntu...
USN-8406-1: Net::CIDR::Lite vulnerabilities
Dave Rolsky discovered that Net::CIDR::Lite did not properly handle extraneous zero characters at the beginning of an IP address string. A remote attacker could possibly use this issue to bypass access controls that are based on IP addresses. This issue only affected Ubuntu 16.04 LTS and Ubuntu...
CVE-2026-3011
CVE-2026-3011 - Recipe Card Blocks Lite (WordPress) Vulnerability: Stored Cross-Site Scripting in the Recipe Card Blocks Lite plugin for WordPress, affecting all versions up to 3.4.13. Affected component: WPZOOM Recipe Card Blocks Lite plugin for WordPress (block-based recipe card feature). Root ...
EUVD-2026-35049
The Recipe Card Blocks Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the recipe block's 'summary' and 'notes' attributes in all versions up to, and including, 3.4.13. This is due to the 'WPZOOMHelpers::deserializeblockattributes' method converting unicode-encoded...
CVE-2026-3011 Recipe Card Blocks Lite <= 3.4.13 - Authenticated (Author+) Stored Cross-Site Scripting via 'summary' and 'notes'
The Recipe Card Blocks Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the recipe block's 'summary' and 'notes' attributes in all versions up to, and including, 3.4.13. This is due to the 'WPZOOMHelpers::deserializeblockattributes' method converting unicode-encoded...
PT-2026-47275
The Recipe Card Blocks Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the recipe block's 'summary' and 'notes' attributes in all versions up to, and including, 3.4.13. This is due to the 'WPZOOM Helpers::deserialize block attributes' method converting unicode-encoded...
WordPress plugin Recipe Card Blocks Lite 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
SUSE SLED15 / SLES15 Security Update : perl-Net-CIDR-Lite (SUSE-SU-2026:2113-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2113-1 advisory. This update for perl-Net-CIDR-Lite fixes the following issues - CVE-2026-45190: improper validation of trailin...
WordPress Recipe Card Blocks Lite plugin <= 3.4.13 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability
Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by ? in WordPress Plugin Recipe Card Blocks for Gutenberg & Elementor versions = 3.4.13...
CVE-2026-45191
A flaw was found in Net::CIDR::Lite. This vulnerability allows an attacker to bypass IP Access Control Lists ACLs by providing specially crafted CIDR Classless Inter-Domain Routing mask values. The component incorrectly processes mask forms containing extraneous zero characters, such as "/00" or...
CVE-2026-32648
Anviz CX2 Lite and CX7 are vulnerable to unauthenticated access that discloses debug configuration details e.g., SSH/RTTY status, assisting attackers in reconnaissance against the device...
CVE-2026-5361
The Envira Gallery Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API in versions up to and including 1.12.4. This is due to insufficient input sanitization in the updategallerydata function and improper output escaping in the galleryinit function. The...
CVE-2026-5243
The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to stored cross-site scripting via the menuhoverclick parameter of the Navigation Menu Lite widget in all versions up to, and including, 6.4.11 due to...
CVE-2026-49053
Missing Authorization vulnerability in Wpmet ElementsKit Elementor addons Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ElementsKit Elementor addons Lite: from n/a through 3.9.6...
CVE-2026-49052
Missing Authorization vulnerability in Wpmet ElementsKit Elementor addons Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ElementsKit Elementor addons Lite: from n/a through 3.9.6...
CVE-2026-33569
Anviz CX2 Lite and CX7 administrative sessions occur over HTTP, enabling on‑path attackers to sniff credentials and session data, which can be used to compromise the device...
CVE-2026-20172
A vulnerability in the Lite Agent feature of Cisco Enterprise Chat and Email ECE could allow an authenticated, remote attacker to conduct browser-based attacks. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Agent. This...
CVE-2026-4852
The Image Source Control Lite – Show Image Credits and Captions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Image Source' attachment field in all versions up to, and including, 3.9.1 due to insufficient input sanitization and output escaping. This makes it possible...