222938 matches found
WordPress plugin Independent Analytics 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-44218
The PDF Embedder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.9.3 via the enqueue block assets. This makes it possible for authenticated attackers, with contributor-level access and above, to extract configuration data. License key...
poc-ccweb-unauth-rce
CVE — pqhaz3925/ccweb Unauthenticated RCE via Claude Code Cont...
CVE-2026-4888 Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder <= 3.4.7 - Missing Authorization to Authenticated (Subscriber+) Email Sending
The Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the sendtestemail function in all versions up to, and including, 3.4.7. This makes it possible for authenticated...
CLSA-2026-1779912818 Fix CVE(s): CVE-2026-42307
SECURITY UPDATE: OS command injection in the netrw plugin via crafted sftp:// or file:// URLs - debian/patches/CVE-2026-42307.patch: OS command injection in the netrw plugin via crafted sftp:// or file:// URLs - CVE-2026-42307...
WordPress Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin <= 1.8.40 - Authenticated (Contributor+) SQL Injection vulnerability
Authenticated Contributor+ SQL Injection vulnerability discovered by Or Benit - MadSec in WordPress Plugin Photo Gallery by 10Web versions = 1.8.40...
WordPress Visualizer: Tables and Charts Manager for WordPress plugin <= 3.11.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Chart Creation and Modification vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Chart Creation and Modification vulnerability discovered by davidfdzmorilla in WordPress Plugin Visualizer versions = 3.11.14...
WordPress Equalize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 compliance plugin <= 1.42.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Accessibility Issue Modification vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Accessibility Issue Modification vulnerability discovered by w1zard in WordPress Plugin Accessibility Checker by Equalize Digital versions = 1.42.0...
WordPress PDF Embedder plugin <= 4.9.3 - Authenticated (Contributor+) Information Exposure vulnerability
Authenticated Contributor+ Information Exposure vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin PDF Embedder versions = 4.9.3...
WordPress PeachPay — Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net, NMI) plugin <= 1.120.46 - Cross-Site Request Forgery to Stripe Unlink vulnerability
Cross-Site Request Forgery to Stripe Unlink vulnerability discovered by Benedictus Jovan aillesiM in WordPress Plugin PeachPay Payments versions = 1.120.46...
CVE-2026-45061
Budibase is an open-source low-code platform. Prior to 3.35.10, the Plugin URL upload endpoint POST /api/plugin validates the submitted URL with a single substring check: url.includes".tar.gz". Any URL containing .tar.gz anywhere in the string — in the path, query string, or fragment — passes thi...
WordPress WP Contact Form 7 DB Handler plugin <= 3.0 - Cross-Site Request Forgery to Arbitrary File Deletion vulnerability
Cross-Site Request Forgery to Arbitrary File Deletion vulnerability discovered by ? in WordPress Plugin WP Contact Form 7 DB Handler versions = 3.0...
WordPress Geo Mashup plugin <= 1.13.19 - Missing Authorization to Unauthenticated Plugin Settings Disclosure vulnerability
Missing Authorization to Unauthenticated Plugin Settings Disclosure vulnerability discovered by t0ann9uy3n in WordPress Plugin Geo Mashup versions = 1.13.19...
WordPress SMTP2GO for WordPress – Email Made Easy plugin <= 1.16.0 - Missing Authorization to Authenticated (Subscriber+) Log Read/Truncate vulnerability
Missing Authorization to Authenticated Subscriber+ Log Read/Truncate vulnerability discovered by darkmode in WordPress Plugin SMTP2GO versions = 1.16.0...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data from LDAP referrals. An attacker can execute arbitrary code or perform unauthorized actions by supplying crafted LDAP referral data. Details Serialization is a process of converting an object into a...
Open Redirect
Overview Affected versions of this package are vulnerable to Open Redirect in the authentication process. An attacker can redirect authentication requests to arbitrary LDAP servers by manipulating referral responses. Remediation Upgrade org.jenkins-ci.plugins:ldap to version 807.809.vd3a4e5e4ec98...
Missing Authorization
Overview org.jenkins-ci.plugins:job-import-plugin is a package that imports jobs from another Jenkins instance. Affected versions of this package are vulnerable to Missing Authorization via the HTTP endpoint. An attacker can enumerate credential IDs by sending crafted requests if they have...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the form validation method. An attacker can connect to an arbitrary URL by leveraging Overall/Read permission. Remediation Upgrade com.rapid7:jenkinsci-appspider-plugin to version 1.0.18 or higher. References -...
Open Redirect
Overview org.jenkins-ci.plugins:bitbucket-oauth is a Jenkins Plugin that supports authentication via Bitbucket OAuth. Affected versions of this package are vulnerable to Open Redirect via the redirect URL parameter after authentication. An attacker can redirect users to malicious sites by craftin...
WordPress Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin <= 3.6.7 - Cross-Site Request Forgery to Payment Account Hijacking vulnerability
Cross-Site Request Forgery to Payment Account Hijacking vulnerability discovered by type5afe in WordPress Plugin Easy Digital Downloads versions = 3.6.7...