GHSA-CQMH-PCGR-Q42F @axonflow/openclaw fix introduces plugin cache and credential-file permission hardening

Summary Two related permission defects in this AxonFlow plugin allowed registration credentials and cache state to be readable by other local users on hosts where the calling user's home directory was at the conventional 0755 mode. Affected versions Versions 1.3.2 and below. Impact 1. Cache and...

@frontmcp/adapters (>=1.0.0 <=1.0.3), @frontmcp/plugin-approval (>=1.0.0 <=1.0.3) +7 more potentially affected by CVE-2026-39885 via @frontmcp/sdk (>=1.0.0-beta.1 <=1.0.3)

@frontmcp/sdk NPM version =1.0.0-beta.1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.0.1, =1.0.0, =1.0.0, =0.0.1, =1.0.3 Source cves: CVE-2026-39885 Source advisory: SNYK:JS-FRONTMCPSDK-16423474...

CVE-2023-1333

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the clearpagecache function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delet...