Fedora 43 : perl-Catalyst-Plugin-Authentication (2026-af4f5feae8)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-af4f5feae8 advisory. Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks since these versions use Perl's built-in eq comparison...

PT-2026-45744

An authentication bypass vulnerability exists in MISP when LDAP mixed authentication is enabled with OTP enforcement. In deployments configured with LdapAuth.mixedAuth=true and Security.require otp=true, users authenticated through an authentication plugin, such as LDAP, may have their...

PT-2026-45888

Name of the Vulnerable Software and Affected Versions EmergencyWP – Dead Man's switch & legacy deliverance versions prior to 1.4.3 Description The plugin is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation in the form settings ui function. This allows...

PT-2026-45715

Name of the Vulnerable Software and Affected Versions Remove NoFollow Commenter URL versions prior to 1.1 Description The plugin is subject to Cross-Site Request Forgery due to missing or incorrect nonce validation in the gmz comment settings save function. This allows unauthenticated attackers t...

PT-2026-45713

The Laiser Tag plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on the addOptionsPageFields function. This makes it possible for unauthenticated attackers to update the plugin's...

PT-2026-45699

Name of the Vulnerable Software and Affected Versions rognone versions prior to 0.6.3 Description The rognone plugin for WordPress is subject to Reflected Cross-Site Scripting, a flaw where an application includes untrusted data in a web page without proper validation or escaping. This occurs due...

PT-2026-45709

The Remove meta boxes per user role plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.01. This is due to missing or incorrect nonce validation on the 'remove-meta-boxes-per-user-role' page. This makes it possible for unauthenticated attackers...

PT-2026-45707

The Easy Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'add to cart' shortcode in all versions up to and including 1.8. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. Specifically, the ectp add to cart...

VulnCheck KEV: CVE-2026-7465

The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.19.25. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server...

Fedora 44 : perl-Catalyst-Plugin-Authentication (2026-26666575ae)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-26666575ae advisory. Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks since these versions use Perl's built-in eq comparison...

PT-2026-45726

Name of the Vulnerable Software and Affected Versions Tiled Gallery Carousel Without JetPack versions prior to 3.2 Description The plugin is subject to stored cross-site scripting due to insufficient input sanitization and output escaping. Authenticated attackers with contributor level access or...

PT-2026-45687

The Auto Image Attributes From Filename With Bulk Updater Add Alt Text, Image Title For Image SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the attachment metadata in all versions up to, and including, 4.9 due to insufficient input sanitization and output escaping. Thi...

PT-2026-45730

Name of the Vulnerable Software and Affected Versions Axiomthemes Crafti versions prior to 1.13 Description Improper control of filename for include/require statements in PHP programs allows for Local File Inclusion. This occurs when the application fails to properly validate the file paths used ...

PT-2026-45712

The Tectite Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on the admin init function. This makes it possible for unauthenticated attackers to modify the plugin's settings,...

📄 WordPress OrderConvo 13.5 Path Traversal

Proof of concept exploit that demonstrates a path traversal vulnerability in WordPress OrderConvo plugin version 13.5. Exploit Title: WordPress OrderConvo 14 - Path Traversal Date: 05-31-2026 Exploit Author: Diamorphine Vendor Homepage: https://www.najeebmedia.com/ Software Link:...

CVE-2026-9048

The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 7.0.0 - 7.0.14, via the 'slider.get.full' AJAX Action. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including raw social...

CVE-2026-9050

The Slider Revolution plugin for WordPress in versions 6.0.0-6.7.55 and 7.0.0-7.0.14 is vulnerable to unauthorized modification of data. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

CVE-2026-9050 Slider Revolution 6.0.0-6.7.55 and 7.0.0-7.0.14 - Missing Authorization to Authenticated (Contributor+) Arbitrary Plugin Deactivation

The Slider Revolution plugin for WordPress in versions 6.0.0-6.7.55 and 7.0.0-7.0.14 is vulnerable to unauthorized modification of data. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

CVE-2026-9050

The CVE-2026-9050 entry concerns the Slider Revolution WordPress plugin. Affected versions are 6.0.0–6.7.55 and 7.0.0–7.0.14. The root cause is improper verification of user authorization, allowing authenticated attackers with Contributor-level access or higher to perform actions they should not ...

CVE-2026-9050 Slider Revolution 6.0.0-6.7.55 and 7.0.0-7.0.14 - Missing Authorization to Authenticated (Contributor+) Arbitrary Plugin Deactivation

The Slider Revolution plugin for WordPress in versions 6.0.0-6.7.55 and 7.0.0-7.0.14 is vulnerable to unauthorized modification of data. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...