224234 matches found
CVE-2026-10580
The CVE-2026-10580 entry describes an Authentication Bypass vulnerability in the Hippoo Mobile App for WooCommerce WordPress plugin (versions up to 1.9.4). A logic conflation in HippooPermissions::get_user_permissions() makes administrators and unauthenticated visitors share a null sentinel, whic...
EUVD-2026-34887
The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass leading to Administrator Account Takeover in all versions up to and including 1.9.4. This is due to a logic conflation in HippooPermissions::getuserpermissions, which returns the same null sentinel f...
CVE-2026-10580
The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass leading to Administrator Account Takeover in all versions up to and including 1.9.4. This is due to a logic conflation in HippooPermissions::getuserpermissions, which returns the same null sentinel f...
CVE-2026-10580 Hippoo Mobile App for WooCommerce <= 1.9.4 - Unauthenticated Authentication Bypass to Administrator Account Takeover via REST API
The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass leading to Administrator Account Takeover in all versions up to and including 1.9.4. This is due to a logic conflation in HippooPermissions::getuserpermissions, which returns the same null sentinel f...
CVE-2026-5415
The CVE-2026-5415 issue affects the WP Captcha PRO plugin for WordPress (
CVE-2026-5415 WP Captcha PRO <= 5.38 - Authenticated (Subscriber+) Authentication Bypass via Temporary Login Link
The WP Captcha PRO the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 5.38. This is due to the ajaxruntool AJAX handler relying solely on a nonce check...
EUVD-2026-34888
The WP Captcha PRO the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 5.38. This is due to the ajaxruntool AJAX handler relying solely on a nonce check...
CVE-2026-5415 WP Captcha PRO <= 5.38 - Authenticated (Subscriber+) Authentication Bypass via Temporary Login Link
The WP Captcha PRO the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 5.38. This is due to the ajaxruntool AJAX handler relying solely on a nonce check...
CVE-2026-5415
The WP Captcha PRO the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 5.38. This is due to the ajaxruntool AJAX handler relying solely on a nonce check...
CVE-2026-46390 HAX CMS has Unauthenticated Git Access via User-Controlled Key
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 2.0.0 and prior to version 26.0.0, the gitlist plugin is exposed to unauthenticated users, allowing unauthenticated browsing of git repositories and git history. Version 26.0.0 patches the issue...
CVE-2026-46390
HAX CMS (PHP/Node.js backends) is affected by an unauthenticated access issue in the gitlist plugin. From version 2.0.0 up to, but not including, 26.0.0, the gitlist plugin is exposed to unauthenticated users, enabling browsing of git repositories and git history without authentication. Version 2...
EUVD-2026-34881
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 2.0.0 and prior to version 26.0.0, the gitlist plugin is exposed to unauthenticated users, allowing unauthenticated browsing of git repositories and git history. Version 26.0.0 patches the issue...
CVE-2026-46390
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 2.0.0 and prior to version 26.0.0, the gitlist plugin is exposed to unauthenticated users, allowing unauthenticated browsing of git repositories and git history. Version 26.0.0 patches the issue...
CVE-2026-46390 HAX CMS has Unauthenticated Git Access via User-Controlled Key
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 2.0.0 and prior to version 26.0.0, the gitlist plugin is exposed to unauthenticated users, allowing unauthenticated browsing of git repositories and git history. Version 26.0.0 patches the issue...
GHSA-RVP5-9P55-F5RP NocoDB: Open Redirect via Hash Fragment in hashRedirect Plugin
Summary The client-side hashRedirect plugin called window.location.replace on a path extracted from the URL hash fragment after only checking hashPath.startsWith'/'. Protocol-relative URLs //attacker.com/… also satisfy that check, so a crafted link such as...
WordPress SEO Plugin by Squirrly SEO plugin <= 12.4.16 - Missing Authorization to Authenticated (Contributor+) Privileged Cloud API Operations vulnerability
Missing Authorization to Authenticated Contributor+ Privileged Cloud API Operations vulnerability discovered by Abi Wiranata in WordPress Plugin SEO Plugin by Squirrly SEO versions = 12.4.16...
WordPress Klamra Paycal for Aspaclaria plugin <= 1.1.4 - Insecure Direct Object Reference to Authenticated (Subscriber+) Sensitive Information Exposure vulnerability
Insecure Direct Object Reference to Authenticated Subscriber+ Sensitive Information Exposure vulnerability discovered by KEVIN LEE crattack - OPCIA in WordPress Plugin Klamra Paycal for Aspaclaria versions = 1.1.4...
WordPress Quick Playground plugin <= 1.3.4 - Authenticated (Administrator+) Arbitrary File Read vulnerability
Authenticated Administrator+ Arbitrary File Read vulnerability discovered by Pablo Santiago in WordPress Plugin Quick Playground versions = 1.3.4...
WordPress MDJM Event Management plugin <= 1.7.8.3 - Authenticated (Administrator+) Arbitrary File Upload vulnerability
Authenticated Administrator+ Arbitrary File Upload vulnerability discovered by Ryan Kozak in WordPress Plugin Mobile DJ Manager versions = 1.7.8.3...
WordPress LearnPress – Backup & Migration Tool plugin <= 4.1.4 - Authenticated (Administrator+) Path Traversal to Arbitrary File Read vulnerability
Authenticated Administrator+ Path Traversal to Arbitrary File Read vulnerability discovered by Wannes Verwimp in WordPress Plugin LearnPress Export Import versions = 4.1.4...