CVE-2026-5737 Independent Analytics <= 2.14.9 - Unauthenticated Server-Side Request Forgery via Tracking Route

The Independent Analytics plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.14.9. This is due to a public tracking route at /wp-json/iawp/search that accepts attacker-controlled referrerurl values when the signature matches, combined with a...

CVE-2026-5737 Independent Analytics <= 2.14.9 - Unauthenticated Server-Side Request Forgery via Tracking Route

The Independent Analytics plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.14.9. This is due to a public tracking route at /wp-json/iawp/search that accepts attacker-controlled referrerurl values when the signature matches, combined with a...

EUVD-2026-32702

The Independent Analytics plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.14.9. This is due to a public tracking route at /wp-json/iawp/search that accepts attacker-controlled referrerurl values when the signature matches, combined with a...

WordPress Advanced IP Blocker plugin <= 8.10.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Peng Zhou in WordPress Plugin Advanced IP Blocker versions = 8.10.7...

EUVD-2026-32678

The Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the sendtestemail function in all versions up to, and including, 3.4.7. This makes it possible for authenticated...

CVE-2026-4888

The Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the sendtestemail function in all versions up to, and including, 3.4.7. This makes it possible for authenticated...

Portainer 安全漏洞

Portainer is a lightweight user management interface developed by Portainer Foundation for managing Docker environments and Docker hosts. Vulnerabilities exist in versions of Portainer Community Edition from 2.33.0 to 2.33.8, as well as in versions prior to 2.39.2 and 2.41.0. These vulnerabilitie...

PT-2026-44178

The Independent Analytics plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.14.9. This is due to a public tracking route at /wp-json/iawp/search that accepts attacker-controlled referrer url values when the signature matches, combined with a...

PT-2026-44552

Name of the Vulnerable Software and Affected Versions AnythingLLM versions prior to 1.13.0 Description The filesystem-search-files agent skill passes an LLM-controlled pattern parameter to ripgrep as a positional argument without a -- end-of-options separator. Because ripgrep parses any argument...

PT-2026-44215

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to unauthenticated privilege escalation in versions up to and including 3.29.2. This is due to insecure form submission handling that accepts arbitrary form definitions from user input instead of securely loading them from the...

WordPress plugin Equalize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 compliance 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress plugin 3D Viewer – 3D Model Viewer – Augmented Reality – Virtual Try On 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...

WordPress plugin WP Contact Form 7 DB Handler 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

WordPress plugin LiveSmart Video Chat Live Video Chat 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

PT-2026-44496

Music Player Daemon MPD before version 0.24.11 contains a server-side request forgery vulnerability in CurlInputPlugin where CURLOPT FOLLOWLOCATION is set without CURLOPT REDIR PROTOCOLS STR, allowing unauthenticated attackers to bypass the http/https scheme restriction by causing a malicious HTT...

PT-2026-44206

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'append where sql' parameter in all versions up to, and including, 1.6.11.8 due to insufficient escaping on the user supplied parameter and...

PT-2026-44220

The Equalize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 compliance plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.42.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This mak...

WordPress plugin Advanced Custom Fields: Extended 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

PT-2026-44191

The LiveSmart Video Chat Live Video Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'livesmart widget' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

WordPress plugin FOX – Currency Switcher Professional for WooCommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...