CVE-2026-33004

Jenkins LoadNinja Plugin 2.1 and earlier does not mask LoadNinja API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

WordPress WishList Member X plugin <= 3.29.0 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Jarno Vos jrn5151 in WordPress Plugin WishList Member X versions = 3.29.0...

WordPress LearnPress – Sepay Payment plugin <= 4.0.0 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by Arif Shaikh in WordPress Plugin LearnPress Sepay Payment versions = 4.0.0...

CVE-2026-2461 Missing authorization check allows unauthorized modification of other users' comments on a board

Mattermost Plugins versions =11.3 11.0.3 11.2.2 10.10.11.0 fail to implement authorisation checks on comment block modifications, which allows an authorised attacker with editor permission to modify comments created by other board members. Mattermost Advisory ID: MMSA-2025-00559...

WordPress Elated Listing plugin <= 1.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Elated Listing versions = 1.4...

Mattermost Plugins 安全漏洞

Mattermost Plugins is a plugin provided by the American company Mattermost, offering powerful feature extensions and tight integration with servers and network/desktop applications. Versions of Mattermost Plugins 2.0.3.0 and earlier contain security vulnerabilities. These vulnerabilities stem fro...

CVE-2026-32421 WordPress Post Timeline plugin <= 2.4.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Agile Logix Post Timeline post-timeline allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Timeline: from n/a through = 2.4.1...

CVE-2026-32360 WordPress Rich Showcase for Google Reviews plugin <= 6.9.4.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in richplugins Rich Showcase for Google Reviews widget-google-reviews allows Stored XSS.This issue affects Rich Showcase for Google Reviews: from n/a through = 6.9.4.3...

WordPress ExactMetrics plugin 7.1.0-9.0.2 - Authenticated (Custom) Improper Privilege Management to Role Privilege Escalation via Settings Update vulnerability

Authenticated Custom Improper Privilege Management to Role Privilege Escalation via Settings Update vulnerability discovered by Ali Sünbül in WordPress Plugin ExactMetrics versions 7.1.0-9.0.2...

WordPress plugin Hammas Calendar 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-23846

The LotekMedia Popup Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level...

CVE-2026-28059

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Dermatology Clinic dermatology-clinic allows PHP Local File Inclusion.This issue affects Dermatology Clinic: from n/a through = 1.4.3...

CVE-2026-28037

CVE-2026-28037 is a reflected XSS vulnerability in the WordPress EventON plugin (versions up to 4.9.12). The issue arises from improper neutralization of input during web page generation, enabling an attacker-controlled input to be reflected back to the user’s browser. The CVSS vector in the init...

WordPress plugin Apollo 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

WordPress plugin Wanderland 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

WordPress Medilazar Core plugin < 1.4.7 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Medilazar Core versions 1.4.7...

WordPress Post Timeline plugin <= 2.4.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Alexis Lafontaine in WordPress Plugin Post Timeline versions = 2.4.1...

PT-2026-21887

Name of the Vulnerable Software and Affected Versions WPGSI: Spreadsheet Integration plugin for WordPress versions through 3.8.3 Description The WPGSI: Spreadsheet Integration plugin for WordPress is susceptible to unauthorized modification and data loss. This is due to the absence of proper...

WordPress plugin FreightCo 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

WordPress Advance Block Extend plugin <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via TitleColor Block Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via TitleColor Block Attribute vulnerability discovered by WordFence in WordPress Plugin Advance Block Extend versions = 1.0.4...