WordPress iControlWP plugin <= 5.5.3 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Jarno Vos jrn5151 in WordPress Plugin iControlWP versions = 5.5.3...

EUVD-2026-19578

The SQL Chart Builder WordPress plugin before 2.3.8 does not properly escape user input as it is concatened to SQL queries, making it possible for attackers to conduct SQL Injection attacks against the dynamic filter functionality...

CVE-2026-3524

Mattermost Plugin Legal Hold versions =1.1.4 fail to halt request processing after a failed authorization check in ServeHTTP which allows an authenticated attacker to access, create, download, and delete legal hold data via crafted API requests to the plugin's endpoints. Mattermost Advisory ID:...

WordPress Bricksforge plugin <= 3.1.8.4 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by luc in WordPress Plugin Bricksforge versions = 3.1.8.4...

WordPress Webmention plugin <= 5.6.2 - Unauthenticated Blind Server-Side Request Forgery vulnerability

Unauthenticated Blind Server-Side Request Forgery vulnerability discovered by Duong Quang Hao in WordPress Plugin Webmention versions = 5.6.2...

WordPress plugin Webmention 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

Important: grafana-pcp security update

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fixes: net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 For...

CVE-2026-34887 WordPress Kubio AI Page Builder plugin <= 2.7.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Extend Themes Kubio AI Page Builder allows Stored XSS.This issue affects Kubio AI Page Builder: from n/a through 2.7.0...

CVE-2026-33997

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may incorrectly accept a...

WordPress plugin Auto Post Scheduler 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress Elementor Website Builder plugin <= 3.35.7 - Incorrect Authorization to Authenticated (Contributor+) Sensitive Information Exposure via Elementor Template vulnerability

Incorrect Authorization to Authenticated Contributor+ Sensitive Information Exposure via Elementor Template vulnerability discovered by shark3y in WordPress Plugin Elementor Website Builder versions = 3.35.7...

CVE-2026-33529

Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. Prior to version 3.3.2, an authenticated path traversal vulnerability in the configuration import endpoint allows an authenticated user to write arbitrary files outside the config directory, which can lead to RCE by creating a...

CVE-2026-33529

Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. Prior to version 3.3.2, an authenticated path traversal vulnerability in the configuration import endpoint allows an authenticated user to write arbitrary files outside the config directory, which can lead to RCE by creating a...

CVE-2026-33529 Zoraxy: Authenticated Path Traversal in Config Import leads to RCE

Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. Prior to version 3.3.2, an authenticated path traversal vulnerability in the configuration import endpoint allows an authenticated user to write arbitrary files outside the config directory, which can lead to RCE by creating a...

WordPress plugin Simple Download Counter 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Zoraxy: Authenticated Path Traversal in Config Import leads to RCE

Authenticated Path Traversal to RCE via Configuration Import Summary An authenticated path traversal vulnerability in the configuration import endpoint allows an authenticated user to write arbitrary files outside the config directory, which can lead to RCE by creating a plugin. Details The...

CVE-2026-32495 WordPress WP Terms Popup plugin <= 2.10.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Link Software LLC WP Terms Popup wp-terms-popup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Terms Popup: from n/a through = 2.10.0...

CVE-2026-25397

The CVE-2026-25397 entry concerns the WordPress File Uploader for WooCommerce plugin (versions up to 1.0.4) and describes a Path Traversal vulnerability. The root cause is insufficient sanitization of user-supplied input, specifically allowing sequences like '.../...//' to escape the webroot. Aff...

CVE-2026-25365

CVE-2026-25365 describes a Missing Authorization vulnerability in the Kargo Takip WordPress plugin affecting versions &lt; 0.2.4. Public sources flag Missing Authorization for Kargo Takip (

CVE-2026-25344 WordPress Review Schema plugin <= 2.2.6 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RadiusTheme Review Schema review-schema allows Retrieve Embedded Sensitive Data.This issue affects Review Schema: from n/a through = 2.2.6...