PT-2026-44210

The PeachPay — Payments & Express Checkout for WooCommerce supports Stripe, PayPal, Square, Authorize.net, NMI plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.120.46. This is due to missing or incorrect nonce validation on the peachpay stri...

WordPress plugin PDF Embedder 信息泄露漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

WordPress plugin WP Contact Form 7 DB Handler 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

WordPress plugin User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

Linux Distros Unpatched Vulnerability : CVE-2026-44899

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the Image directive plugin validates the :width: and :height: options with a reg...

Music Player Daemon 安全漏洞

Music Player Daemon is an open-source music playback daemon. Versions of Music Player Daemon prior to 0.24.11 contained a security vulnerability. This vulnerability stemmed from a server-side request forgeing issue in CurlInputPlugin. When the CURLOPTFOLLOWLOCATION option was set, the...

PT-2026-44190

Name of the Vulnerable Software and Affected Versions Crawlomatic Multipage Scraper Post Generator versions prior to 2.7.3 Description The plugin allows authenticated attackers with author-level access and above to execute arbitrary code on the server. This occurs within the filter content functi...

PT-2026-44496

Music Player Daemon MPD before version 0.24.11 contains a server-side request forgery vulnerability in CurlInputPlugin where CURLOPT FOLLOWLOCATION is set without CURLOPT REDIR PROTOCOLS STR, allowing unauthenticated attackers to bypass the http/https scheme restriction by causing a malicious HTT...

TinyMCE 跨站脚本漏洞

TinyMCE is an open-source rich text editor developed by Tiny Technologies in the United States. Versions of TinyMCE prior to 5.11.1, 7.9.3, and 8.5.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from a storage-type XSS vulnerability in the media plugin. Attackers cou...

PT-2026-44180

The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.16 via the action get event data due to missing validation on a user controlled key. This makes it possible for authenticated attackers,...

PT-2026-44191

The LiveSmart Video Chat Live Video Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'livesmart widget' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

PT-2026-44178

The Independent Analytics plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.14.9. This is due to a public tracking route at /wp-json/iawp/search that accepts attacker-controlled referrer url values when the signature matches, combined with a...

WordPress plugin SMTP2GO for WordPress – Email Made Easy 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

PT-2026-44580

Name of the Vulnerable Software and Affected Versions Advanced Custom Fields: Extended versions prior to 0.9.2.6 Description The plugin is subject to privilege escalation through a validation bypass. The after validate save post function trusts the acf post id POST parameter without authenticatio...

PT-2026-44202

The SMTP2GO for WordPress – Email Made Easy plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.16.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers,...

PT-2026-44198

The a3 Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.7.6 This is due to a regex bug in the filter videos method that breaks HTML attribute quoting when processing crafted elements, combined with unescaped output in the...

WordPress plugin HT Contact Form 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

Tigera Calico 安全漏洞

Tigera Calico is an open-source network security solution developed by the American company Tigera, designed for container, virtual machine, and host workloads. Tigera Calico has a security vulnerability, which stems from the Azure IPAM plugin recording unencrypted configuration mappings in logs...

WordPress plugin 3D Viewer – 3D Model Viewer – Augmented Reality – Virtual Try On 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...

WordPress plugin Advanced Custom Fields: Extended 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...