CVE-2026-1582

The WP All Export plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.14 via the export download endpoint. This is due to a PHP type juggling vulnerability in the security token comparison which uses loose comparison == instead of strict...

in opensourcepos/opensourcepos

Description The use == and != of might cause type juggling at the affected code if $row-hashversion == 1. Proof of Concept If the md5 sum of users password starts with 0e, then any input with md5 sum starting with 0e will result in true at statement $row-password == md5$password Impact This...

in hestiacp/hestiacp

✍️ Description $SESSION"token" is a csrf token which is a md5 hash generated based on system time. It has been discovered that $SESSION"token" compares with $GET"token" using comparison operator != in file index.php. This might cause unexpected behavior due to type juggling. It is possible to...