93342 matches found
CVE-2024-10938
The OVRI Payment plugin for WordPress contains malicious .htaccess files in version 1.7.0. The files contain directives to prevent the execution of certain scripts while allowing execution of known malicious PHP files. If moved outside of the plugin's directory, they may interfere with the proper...
CVE-2026-2471
The WP Mail Logging plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.15.0 via deserialization of untrusted input from the email log message field. This is due to the BaseModel class constructor calling maybeunserialize on all properties retrieved...
CVE-2026-2471 WP Mail Logging <= 1.15.0 - Unauthenticated PHP Object Injection via Email Log Message Field
The WP Mail Logging plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.15.0 via deserialization of untrusted input from the email log message field. This is due to the BaseModel class constructor calling maybeunserialize on all properties retrieved...
CVE-2026-2471 WP Mail Logging <= 1.15.0 - Unauthenticated PHP Object Injection via Email Log Message Field
The WP Mail Logging plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.15.0 via deserialization of untrusted input from the email log message field. This is due to the BaseModel class constructor calling maybeunserialize on all properties retrieved...
CVE-2026-2471
The WP Mail Logging plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.15.0 via deserialization of untrusted input from the email log message field. This is due to the BaseModel class constructor calling maybeunserialize on all properties retrieved...
CVE-2026-1542
The Super Stage WP WordPress plugin through 1.0.1 unserializes user input via REQUEST, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...
CVE-2026-1542
The Super Stage WP WordPress plugin through 1.0.1 unserializes user input via REQUEST, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...
CVE-2026-1542 Super Stage WP <= 1.0.1 - Unauthenticated PHP Object Injection
The Super Stage WP WordPress plugin through 1.0.1 unserializes user input via REQUEST, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...
CVE-2026-1542 Super Stage WP <= 1.0.1 - Unauthenticated PHP Object Injection
The Super Stage WP WordPress plugin through 1.0.1 unserializes user input via REQUEST, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...
CVE-2026-1542
The CVE-2026-1542 entry concerns the WordPress plugin Simple Stage WP (Super Stage WP) versions up to 1.0.1. The vulnerability arises from unserializing user input via REQUEST, enabling unauthenticated PHP Object Injection when a suitable gadget is present on the blog. Affected component: WordPre...
PT-2026-22463
The Super Stage WP WordPress plugin through 1.0.1 unserializes user input via REQUEST, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...
WordPress plugin WP Mail Logging 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...
PT-2026-22464
Name of the Vulnerable Software and Affected Versions WP Mail Logging versions prior to 1.15.1 Description The WP Mail Logging plugin for WordPress is susceptible to PHP Object Injection in versions up to and including 1.15.0. This occurs due to the deserialization of untrusted input from the ema...
CVE-2026-28411
WeGIA Web Manager prior to version 3.6.5 is vulnerable to an authentication bypass via unsafe use of extract($_REQUEST). The issue allows an unauthenticated attacker to overwrite local variables across multiple PHP scripts, enabling unauthorized access to administrative and protected areas. remed...
CVE-2026-27836
phpMyFAQ prior to v4.0.18 is vulnerable due to the WebAuthn prepare endpoint (/api/webauthn/prepare), which creates new active user accounts without authentication, CSRF protection, captcha, or config checks. This allows unauthenticated attackers to create unlimited user accounts even when regist...
CVE-2019-25492 Homey BNB V4 SQL Injection via getcmsdata.php
Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'pt' parameter. Attackers can send GET requests to the admin/getcmsdata.php endpoint with malicious 'pt' values to extract sensitive database...
EUVD-2024-55454
The OVRI Payment plugin for WordPress contains malicious .htaccess files in version 1.7.0. The files contain directives to prevent the execution of certain scripts while allowing execution of known malicious PHP files. If moved outside of the plugin's directory, they may interfere with the proper...
CVE-2024-10938 OVRI Payment 1.7.0 - Malicious .htaccess directive
The OVRI Payment plugin for WordPress contains malicious .htaccess files in version 1.7.0. The files contain directives to prevent the execution of certain scripts while allowing execution of known malicious PHP files. If moved outside of the plugin's directory, they may interfere with the proper...
CVE-2024-10938
The CVE-2024-10938 entry concerns the OVRI Payment WordPress plugin (v1.7.0). The connected documents describe malicious ".htaccess" files included with the plugin that contain directives intended to block execution of certain scripts while permitting execution of selected malicious PHP files. If...
Linux Distros Unpatched Vulnerability : CVE-2026-27590
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's FastCGI path splitting logic computes the split index on a...