WordPress plugin Riaxe Product Customizer 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

CVE-2026-34771 Electron: Use-after-free in WebContents fullscreen, pointer-lock, and keyboard-lock permission callbacks

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, apps that register an asynchronous session.setPermissionRequestHandler may be vulnerable to a use-after-free when handling fullscree...

GHSA-8337-3P73-46F4 Electron: Use-after-free in WebContents fullscreen, pointer-lock, and keyboard-lock permission callbacks

Impact Apps that register an asynchronous session.setPermissionRequestHandler may be vulnerable to a use-after-free when handling fullscreen, pointer-lock, or keyboard-lock permission requests. If the requesting frame navigates or the window closes while the permission handler is pending, invokin...

EUVD-2026-18941

Electron: Use-after-free in WebContents fullscreen, pointer-lock, and keyboard-lock permission callbacks...

WordPress plugin Gravity SMTP 信息泄露漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

Featured Image from URL <= 2.7.7 - Missing Access Controls on REST routes

The REST routes are missing permission callbacks, allowing unauthenticated/unauthorised users to call them. PoC Affected endpoints: - wp-json/featured-image-from-url/v2/enablefakeapi - wp-json/featured-image-from-url/v2/disablefakeapi - wp-json/featured-image-from-url/v2/nonefakeapi -...