PT-2026-44015

Name of the Vulnerable Software and Affected Versions Jenkins Credentials Binding Plugin versions 720.v3f6decef43ea and earlier Description Insufficient sanitization of file names for file and zip file credentials allows attackers who can provide credentials to a job to write files to arbitrary...

PT-2026-43526

The Listen Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'listen' shortcode in versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user supplied attributes src, start, end in the listenEmbedJS function,...

PT-2026-43633

The rexCrawler plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

PT-2026-43497

Name of the Vulnerable Software and Affected Versions Old Posts Highlighter versions prior to 1.0.4 Description The Old Posts Highlighter plugin for WordPress is susceptible to Cross-Site Request Forgery, a type of attack where an unauthorized user tricks a victim into performing actions they did...

PT-2026-44018

Name of the Vulnerable Software and Affected Versions Jenkins GitHub Integration Plugin versions prior to 0.7.4 Description A cross-site request forgery CSRF flaw allows attackers to trigger a build for a pull request. CSRF is a type of attack that tricks a victim into submitting a malicious...

PT-2026-44013

Name of the Vulnerable Software and Affected Versions Jenkins Email Extension Plugin versions prior to 1933.v45cec755423f Description The plugin allows inlining images as base64 in email content by setting the data-inline attribute. Because there are no restrictions on the image URLs that can be...

PT-2026-43638

Missing Authorization vulnerability in Strategy11 Team AWP Classifieds another-wordpress-classifieds-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AWP Classifieds: from n/a through = 4.4.5...

PT-2026-43544

The Gutenverse plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 3.4.6 due to insufficient input sanitization and output escaping. Specifically, the render content method in class-search-result-title.php outputs the...

PT-2026-43511

The Islamic Database plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'islamicDB-roqya' shortcode in versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user-supplied 'width' and 'height' shortcode attributes within th...

PT-2026-43518

The Team Master – A Modern WordPress Team Showcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

PT-2026-43501

The GNTT Post Title Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in version 1.0 via the title-ticker-slide, title-ticker-fade, and title-ticker-typing shortcodes. This is due to insufficient input sanitization and output escaping on shortcode attributes notably border,...

PT-2026-43540

Name of the Vulnerable Software and Affected Versions Query Shortcode versions prior to 0.2.2 Description The Query Shortcode plugin for WordPress contains a Local File Inclusion issue within the shortcode function. Authenticated attackers with contributor-level access or higher can exploit this ...

PT-2026-43507

Name of the Vulnerable Software and Affected Versions Firebase Support & Chat Management plugin for WordPress versions prior to 3.1.2 Description An issue allows authenticated attackers with Subscriber-level access or higher to escalate privileges and achieve full account takeover. The firebase...

PT-2026-43505

The Genzel breadcrumbs plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the options page function. This makes it possible for unauthenticated attackers to update the plugin's...

PT-2026-43549

The Livemesh Addons for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the labb admin ajax AJAX action in all versions up to, and including, 3.9.2 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce but...

PT-2026-43634

Name of the Vulnerable Software and Affected Versions myLinksDump versions prior to 1.7 Description The myLinksDump plugin for WordPress contains a Stored Cross-Site Scripting issue caused by insufficient input sanitization and output escaping. This allows authenticated attackers with...

PT-2026-43538

Name of the Vulnerable Software and Affected Versions Login with NEAR plugin for WordPress versions prior to 0.3.4 Description The plugin contains an authentication bypass flaw within the ajaxLoginWithNear function. This function is registered as a wp ajax nopriv action, making it accessible to...

PT-2026-44124

The Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the send test email function in all versions up to, and including, 3.4.7. This makes it possible for authenticat...

PT-2026-43520

The Animate Your Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'animation-set' shortcode in versions up to, and including, 1.0.0. This is due to insufficient input sanitization and output escaping on user supplied attributes in the shortcode args to ht...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Vim vulnerabilities (USN-8304-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8304-1 advisory. Joshua Rogers discovered that Vim incorrectly handled certain URL schemes...