220561 matches found
WordPress JS Help Desk plugin <= 3.0.9 - SQL Injection vulnerability
SQL Injection vulnerability discovered by sequenceX0 in WordPress Plugin JS Help Desk versions = 3.0.9...
CVE-2026-10611
An authentication bypass vulnerability exists in MISP when LDAP mixed authentication is enabled with OTP enforcement. In deployments configured with LdapAuth.mixedAuth=true and Security.requireotp=true, users authenticated through an authentication plugin, such as LDAP, may have their authenticat...
WordPress TrueBooker plugin <= 1.1.9 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Vincent Sevkli in WordPress Plugin TrueBooker versions = 1.1.9...
WordPress WP Time Slots Booking Form plugin <= 1.2.50 - SQL Injection vulnerability
SQL Injection vulnerability discovered by xwii in WordPress Plugin WP Time Slots Booking Form versions = 1.2.50...
CVE-2026-49782 WordPress Elementor Website Builder plugin <= 4.1.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Elementor Elementor Website Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Elementor Website Builder: from n/a through 4.1.0...
WordPress Amelia plugin <= 2.3 - Privilege Escalation vulnerability
Privilege Escalation vulnerability discovered by dodoh4t in WordPress Plugin Amelia versions = 2.3...
WordPress Elementor Website Builder plugin <= 4.1.0 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Bonds in WordPress Plugin Elementor Website Builder versions = 4.1.0...
CVE-2026-27351 WordPress Crew HRM plugin <= 1.2.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in Sekander Badsha Crew HRM allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Crew HRM: from n/a through 1.2.2...
WordPress Crew HRM plugin <= 1.2.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by benzdeus in WordPress Plugin Crew HRM versions = 1.2.2...
WordPress Progress Planner plugin <= 1.9.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by hongdo in WordPress Plugin Progress Planner versions = 1.9.0...
WordPress Visual Link Preview plugin <= 2.4.1 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Aliefis in WordPress Plugin Visual Link Preview versions = 2.4.1...
CVE-2026-10611
An authentication bypass vulnerability exists in MISP when LDAP mixed authentication is enabled with OTP enforcement. In deployments configured with LdapAuth.mixedAuth=true and Security.requireotp=true, users authenticated through an authentication plugin, such as LDAP, may have their authenticat...
CVE-2026-10611 OTP bypass via plugin-based LDAP authentication in MISP when LDAP mixed authentication is enabled
An authentication bypass vulnerability exists in MISP when LDAP mixed authentication is enabled with OTP enforcement. In deployments configured with LdapAuth.mixedAuth=true and Security.requireotp=true, users authenticated through an authentication plugin, such as LDAP, may have their authenticat...
CVE-2026-10611
CVE-2026-10611 affects MISP when LDAP mixed authentication is enabled (LdapAuth.mixedAuth=true) and OTP enforcement (Security.require_otp=true). The vulnerability arises because a user authenticated via a plugin (e.g., LDAP) can have a session established during the application beforeFilter phase...
CVE-2026-10611 OTP bypass via plugin-based LDAP authentication in MISP when LDAP mixed authentication is enabled
An authentication bypass vulnerability exists in MISP when LDAP mixed authentication is enabled with OTP enforcement. In deployments configured with LdapAuth.mixedAuth=true and Security.requireotp=true, users authenticated through an authentication plugin, such as LDAP, may have their authenticat...
EUVD-2026-33917
An authentication bypass vulnerability exists in MISP when LDAP mixed authentication is enabled with OTP enforcement. In deployments configured with LdapAuth.mixedAuth=true and Security.requireotp=true, users authenticated through an authentication plugin, such as LDAP, may have their authenticat...
CVE-2026-42685
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ahmad WP Job Portal allows Reflected XSS. This issue affects WP Job Portal: from n/a through 2.5.1...
CVE-2026-39551
Deserialization of Untrusted Data vulnerability in Elated-Themes Töbel allows Object Injection. This issue affects Töbel: from n/a through 1.8.1...
WordPress EmergencyWP – Dead Man's switch & legacy deliverance plugin <= 1.4.2 - Cross-Site Request Forgery to Plugin Settings Update vulnerability
Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by swat in WordPress Plugin EmergencyWP – Dead Man's switch & legacy deliverance versions = 1.4.2...
Exploit for CVE-2026-8206
CVE-2026-8206 - Kirki WordPress Plugin Mass Exploit !Python...