Code-Projects for Plugin 缓冲区错误漏洞

Code-Projects for Plugin is an open-source plugin developed by Code-Projects. Version 4.1.2cu.5137 of Code-Projects for Plugin contains a buffer error vulnerability. This vulnerability stems from the operation of the setWiFiMultipleConfig function in the file /cgi-bin/cstecgi.cgi, specifically...

Operation-West-Wild-2.0

Operation West Wild 2.0 – Penetration Testing Report 📌 Ove...

GHSA-P334-GFHQ-C7W6 Jenkins Script Security Plugin: Missing permission checks allow enumeration of pending and approved classpaths

Jenkins Script Security Plugin versions 1399.ve6a66547f6e1 and earlier do not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate pending and approved Script Security classpaths. Script Security Plugin 1402.v94c9ce464861 requires...

WordPress Classified Listing plugin <= 5.3.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by endy in WordPress Plugin Classified Listing versions = 5.3.8...

WordPress Contest Gallery plugin <= 28.1.7 - Other Vulnerability Type vulnerability

Other Vulnerability Type vulnerability discovered by endy in WordPress Plugin Contest Gallery versions = 28.1.7...

WordPress JoomSport plugin <= 5.7.7 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin JoomSport versions = 5.7.7...

CVE-2026-42525

Jenkins Microsoft Entra ID previously Azure AD Plugin 666.v6060de32f87d and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks...

CVE-2026-42648 WordPress Spectra plugin <= 2.19.22 - Broken Access Control vulnerability

Missing Authorization vulnerability in Brainstorm Force Spectra ultimate-addons-for-gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through = 2.19.22...

PT-2026-35916

A missing permission check in Jenkins GitHub Branch Source Plugin 1967.vdea d580c1a b a and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL with attacker-specified GitHub App credentials...

CVE-2026-6551

The Timeline Blocks for Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titleTag' attribute of the timeline-blocks/tb-timeline-blocks block in all versions up to, and including, 1.1.10 due to insufficient input sanitization and output escaping on user supplied...

CVE-2026-41463 ProjeQtor < 12.4.4 ZipSlip Path Traversal via uploadPlugin.php

ProjeQtor versions 7.0 through 12.4.3 contain a ZipSlip path traversal vulnerability in the plugin upload functionality that allows authenticated attackers with upload permissions to write files outside the intended extraction directory by crafting ZIP archives with directory traversal sequences...

WordPress Plugin TheGem Theme Elements for Elementor 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

PT-2026-35424

https://t.co/5LsebxfRXc CVE-2026-39491 jupiterx-core CVSS Score 6.4 WordPress plugin vulnerability cybersecurity wordpressfirewall wordpresssecurity hacking wpsecurity atomicedge...

EUVD-2026-25405

The Taqnix plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to a missing nonce verification in the taqnixdeletemyaccount function, where the checkajaxreferer call is explicitly commented out on line 883. This makes it possib...

CVE-2026-5347 WP Books Gallery <= 4.8.0 - Missing Authorization to Unauthenticated Settings Update via 'permalink_structure' Parameter

The HM Books Gallery plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.8.0. This is due to the absence of capability checks and nonce verification in the admininit hook that handles the permalink settings update at line 205-209 of wp-books-gallery.php...

CVE-2026-5364 Drag and Drop File Upload for Contact Form 7 <= 1.1.3 - Unauthenticated Arbitrary File Upload via sanitize_file_name Bypass

The Drag and Drop File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions up to, and including, 1.1.3. This is due to the plugin extracting the file extension before sanitization occurs and allowing the file type parameter to be controlled by the...

WordPress plugin HubSpot All-In-One Marketing - Forms, Popups, Live Chat 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-3361

The WP Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpsladdress' post meta value in versions up to, and including, 2.2.261 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2026-1923

The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.3.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress plugin HT Mega Addons for Elementor 信息泄露漏洞

WordPress is a blog platform developed using the PHP language by the WordPress Foundation. This platform allows users to create personal blogs on servers based on PHP and MySQL. WordPress Plugins are application plugins developed by the WordPress Foundation. The WordPress plugin HT Mega Addons fo...